Dynamic Clonal Selection Algorithm Based On Artificial Immune Mechanism

With the rapid development of network technology, network security isbecoming more and more worrying and Network intrusion detection is veryimportant to it. Now, the artifical immune technology is a rising project ofsolving computer network security problem. Many scholars are in theascendant of the artifical immune technology overseas. The article is engagedin a branch of network security field (intrusion detection) from thedevelopment of network security nowadays. We do some research on a newtype dynamic clonal selection based on artifical immume technology, andconstruct the intrusion detection model based on the artificial immunemechanism. The article is started with human immunology, introduce thetheory about human immune mechanism and characteristic. The artificalimmune system origined from the human immunology. Via analyse the basaltheory and arithmetic, especially clonal selection in artifical immunology, wepoint out the ideology of clonal selection is that the cell that can identify theantigen will reproduce. Through the construction from the analogy of themapping relations between human immune systems and computer immunesystem, we can construct the intrusion detection system based on the immunemechanism. The clonal selection arithmetic in artifical immune system has itsflaws: the environment that be detected faced the problem are differenteveryday. The clonal selection must be in a relative still environment. So weput forward the dynamic clonal selection arithmetic. It can be used invariable environment. It simulate the function of immune system. The articledescribe the basal theory about dynamic clonal selection. The idea that applyin intrusion detection is, in intrusion detection system, we regard the normalbehavior and communications that are inspect in network environment as self,the abnormal behavior and communications that are inspect in networkenvironment as nonself, and all the self and nonself mapping the binary stringconcourse with the length of L. The self concourse are that normal binarystring. The detector concourse which are the binary string with the length ofL are produced by negative selection. In the intrusion detection system, thedetectors simulate the function of lymphocyte in immune system.Lymphocyte's activation in human immune system depend on affinitythreshold mechanism. So we introduce the detector's affinity thresholdmechanism into our model. Every detector is random produced and maintainimmaturity within the time of T. The time is called tolerance period. In thetolerance period, the detector which is identified will die, else it will turn tothe mature detector. The mature detector will detect nonself and its activethreshold exceed a given threshold, then it will turn to memorial detector.During the period we use r sequence matching rules to calculate the twostrings's affinity. Every detector will cumulate affinity with a arithmometer.To activate a detector, it must match A strings at least, the A is called activethreshold. The best matching detector will turn to the memorial detector. Thememorial detector will replicate itself and spread the neighboring node in thenetwork. Lymphocyte's cooperating stimulation in human immune systemwill destroy the lymphocyte which react with itslf. When the lymphocytecombine the antigen outside its affinity threshold reach the value, it willproduce signal I, signal II is produced by T lymphocyte. Within the period, ifthe lymphocyte receive signal I only, the lymphocyte will die. Signal II isfarther affirm that if the lymphocyte detect the antigen outside or not. In thenetwork intrusion detection model, we build a security administrator toprovide the cooperating stimulation signal. When the detector's matchingthreshold reach the value, the detector send a signal to the securityadministrator. If the security administrator confirm the detector detect a truenonself, it will send back a confirm signal in Ts. The time Ts is calleddelayed time. The time's aim is to give the security administrator enoughresponse time. We build up a intrusion detection model based on dynamicclonal selection arithmetic. In the model we define coding mode, someparameters which affect the model. The model contain three modules:immature module, mature module and memorial module. We use vc6.0 tofulfill the function of the model and analyse the parameters which are effectthe model. Through the function testing and analysis, we confirm that theintrusion detection model based on immune mechanism make good use ofdynamic clonal selection in artifical immune. The ability and accuracy of themodel detecting antigen are improved. The system adaptability anddistribution are also improved. At last, we summarize the article. Wedescribe the article's character and defect, then we put forward the next workplan.