Research Of Intruding Detection Based On DCA And NSA Algorithm

Most of the traditional artificial immune system are based on self-nonself model for intruding detection, however self-nonself model has its innate shortcomings, for example the self aggregation will be much too large. Recently,danger theory is proposed which can welly overcome shortcomings of the SNS theory. Danger theory consider that immune system is not response to nonself antigen but to the antigens which do injure to the organism, so it needn't a lot of taining in advance, which can reduce the scale of response. Meanwhile, it will not response to the nonself but not harmful antigen, which can reduce the false alarm rate. At the same time it responses to the prior self but harmful antigen, which can reduce the missing report rate. In danger theory, it emphasizes professional antigen presentation cells─dendritic cells, which gather signals and present antigen to for recognition, inspired by this working mechanism, DCA algorithm is brought forward.However,danger theory doesn't deny SNS theory's rightness, but supplement the traditional theory. Danger theory emphasizes the importance of antigen presentation cells, especially for the dendritic cells. Although SNS theory has its restrictions, it can recognize most of intruding data, because mostly intruding data has the characteristic of nonself to some degree, and has difference to normal data, so the NSA algorithm inspired by SNS theory can effectively recognize intruding data.This paper combines SNS and danger theory together, and designs a new DCA-NSA model. The new model can dynamicly update normal aggregation by using the confirmed result. For the confirmed safe antigen, if the NSA module considers it as non-self, which shows that NSA falsely considers the self data as nonself, resulting false alarm, so the new model add the confirmed normal data to the slef aggregation. For the confirmed intruding data, if NSA module considers it as self, which shows that self aggregation contains nonself, it needs deleting the nonself , so it ensures the completeness of slef aggregation.The new nodel adopts DCA and NSA double detecting method, which combines the advantages of the two, so it can more effectively detect intruding data, and ensures high detecting rate and low false alarm rate.