Research And Design On Intrusion Detection System Based On Artificial Immune Theory

Breaking into computer systems through the network has become the main threaten to the network security. Compared to traditional intrusion methods, network intrusion eliminates the limits of time and location, and has lots of intrusion ways that are difficult to detect. How to detect the intrusions has become a key issue of the network security field. In recent years, immune-based intrusion detection has become a key research area in intrusion detection system, exploring natural immunological theories, mechanisms and principles for detecting and reacting to intrusions.Based on the analyzing of current implement ways of IDS (Intrusion Detection System), the design consideration and the architecture of a distributed intrusion detection system, AIIDS (Artificial Immune Intrusion Detection System), is presented. In order to overcome the defects of general IDSs, such as lack of extensibility and transplantability, AIIDS employs artificial immune theory and adopts agent-based architecture.To use the artificial immune theory is an important issue during the implement of AIIDS. By analyzing of the essential conception of artificial immunology, many artificial immune principles are adopted during the design and development of AIIDS. Especially, the artificial immune theory is not only employed as an algorithm just like in the existing artificial-immune-based systems, but also combined with the system architecture. To make the AIIDS run as a real immune system effectively, three types of running mode of the IDS are proposed.Furthermore, to improve the expansibility and transplantability of the system, AIIDS is implemented as a JADE based multi-agent system and employs Java to develop. Except the embed analyses of JADE, Petri net and MVC (Model-View-Control) design mode are adopted to solve the problems in JADE such as the lack supports to the concurrent messages and the graphical interface.Finally, Based on the artificial immune theory and the characteristic of multi-agent system, the architecture of AIIDS is investigated deeply. The function and demand of the different part of architecture is analyzed. Through the experiments, the proper parameters are selected and the key point during the design and implement is pointed out. By using the intrusion detection data set from Lincoln laboratory to test, the result disclaim that AIIDS can detect the network attacks effectively, easy to manipulate and expand without difficulty. The expected goals are achieved.