| With the rapid development of Internet, information security has been agreat strategic problem to national security. At present, computer hackers aremoredanger toinformationsecurity, so intrusion detectionhas beenimportantsubjectinthisfield.The intrusion detection technique based on artificial immune theory is anew research area. Network security can be considered as immunity of acomputer,because the mechanism of network intrusion is similar as that ofbiological viruses in essence.Biological immune system shows its nearlyperfect immune function for computer immunity,we hope that based onbiological immune principles,a robust and powerful computer immune systemcan be built up .In this paper, we take the above mentioned as a background,biological immuneprinciples as abasis,thefineanddeepresearchworkon thesubject named Network Intrusion Detection based on Biological Immunity isstudied.At the beginning,the Network Intrusion Detection System(NIDS) andArtificial Immune System (AIS) is introduced briefly , then deifined thenormal network data stream (self)in NIDS based on biological immunity,asone of the main algorithms in AIS , negative selection algorithm isdiscussed.Indicated the sixty-four-dollar question and disadvantage of thetraditionalalgorithm.Inordertoreducethenumberofholeswhichisinevitablein negative selection algorithm , an algorithm of improved negative selectionalgorithm is put forward, also improving the efficiency of generating maturedetectors from immature detectors in Intrusion Detection System based onArtificalImmuneSystem.Firstly, starting with building up a computer immune system, from theviewpoint of control, we studied the mechanisms of computer immunity inadvance. In NIDS based on Artifical Immune System,Self-Nonselfidentification is the cheif assignment of IDS ,to protect self (normalbehaviors)anddeletenonself(intrusionbehaviors).Negativeselectionalgorithmis basic algorithm,the general process is to define self sets,generate mature detectors,detect intrusion.After self tolerance,mature detectors can't match selfpatterns.This approach can detect unknown intrusion behavior,also detectorsare distributed and self-organized.A detector only detected some intrusionpatterns,all intrusion patterns are detected bya complete detectors set.Becauseof the distribution structure and particularity of detector's function,the systemshow robust,flexibility and expansibility.The model of NIDS based onArtifical Immune System is in theory, it's necessary to design a distributedIntrusionDetectionSystembasedonArtifical ImmuneSystem.There are two parts in main bodyof the paper.First part:Definition of thenormal network data stream (self) for NIDS based on biologicalimmunity.Current IDS based on Self-Nonself theory has a disadvantage:thedescription of self/nonself is static and rarely change.But in fact,onehand,self/nonself can't be defined accurately;the other hand,they alwaysinterchange.Therefore,it needs to modify self/nonself sets at any moment.forexample,normal network behavors will be abnormal tomorrow;v.v.Staticself/nonself description model can't suffice need of the network monitor inreal network environment and has less flexibility.The dynamic model fit thereal network.It collect only a small part of self behavors in time,but self maycoverselfspaceinenoughtime.Secondly,A design of negative selection algorithm.Based on exhaustivealgorithm,anewalgorithmispresentedasdetectorsgeneratingmethodinthenegative selection model,was used to overcome redundancies. To increaseantibody generating speed in Artificial ImmuneSystem, presents an improvednegative selection algorithm in Intrusion Detection System based on theArtifical Immune System.A new approach to define the fitness function isproposed.The fitness function is a relational function of the detector's affinityfunction. The basic theory of niching genetic algorithm root in that life-formalways live with congener during evolution.In genetic algorithm, individualevolve is in a specifical environment.In last period of evolution,nichinggenetic algorithm avoid that individual with high fitness value increase largenumbers of offsprings. Negative selection algorithm with niching strategy cangenerate diversity and generality of detector sets.These algorithms synthesizethe basic principles of biological immunity, modify the flaws of previous algorithms at a difeernt angle respectively,decrease the number of initialantibodies population,increase the eficiency of detection and reduce theexcessiveoccupancyofsystem resources simultaneity.At thesametime,we setforth and analyze some detail problems for example,the definition of the sizeof initial antibodies population and the influence factors, the representation of"self"and "nonself"space,the complexity analysis of the algorithms,and etc.Includingitsdesign,performanceanalysisandexperiment.Bothmathematicalanalysis and experiment show that the algorithm runs in time linearlywith thesize of the detector set.The new algorithm can possibly generate a morepowerful detector set than exhaustive algorithm. Based on artificial immunetheory, this paper designs the negative selection algorithms on the parallelcomputersystems bydividingthe task intomultiplesub-tasks,parallel solvingthe multiple sub-tasks and combining the sub-solutions into the final result.The analysis result shows that the parallel algorithms obtain linear speedup.The experimental results showed that the algorithm not only retains thediversityof population but also increases the generatingefficiencyofdetector,computationaltimecanbereduced,andthenumberofholesdeclinequickly.The content of this paper is involved with the inosculation of biologicalimmune theory and computer science. Therefore, it is a novel subject. Fromthe viewpoint of development,the remarkable advantage of the NetworkIntrusion Detection based on Biological Immunity is that it is able to findunknown intrusions, so the immune detection must be a progressive trend inthefutureinthefieldofintrusiondetectionsystem. |
PDF Full Text Request