Research And Design Of Network Intrusion Detection Model Based On Artificial Immune

In recent years, the network intrusion detection based on artificial immune system has become a key research area in network intrusion detection system. Its prominent character is that exploring natural immune logical theories, mechanisms and principles for detecting intrusions. At present, the majority of commercialized network intrusion detection products just adopt the simple template match technique, which can be only adapted for some simple attack modes with a high misrepresentation rate and can't adapt to dynamically changing environments. Whereas, the natural immune system has many better features, such as its variety, self-adaptability, tolerance, auto-reply, etc. It can satisfy the network intrusion detection system's needs well. Therefore, using artificial immune theory for network intrusion detection system can improve the security of computer network and detect unknown attack modes, which other systems can't achieve. This paper constructs a novel network intrusion detection model, which is come from the principle of artificial immune systems and the improved dynamic clonal selection algorithm.Firstly, arisen background, definition and functions of intrusion detection are introduced in this paper. Some intrusion detection methods, which are often used, are analyzed and compared. And then this paper mainly analyzes the dynamic clonal selection algorithm's basic principles, virtues and drawbacks.Secondly, via the cooperation of the lifecycle and the three types of antibody, which are immature antibody, mature antibody, and memory antibody, the network intrusion detection system is able to adapt to dynamically changing environments, and it can detect some unknown attack modes.Thirdly, many researches adopt RCMF matching rule, which leads to many detection holes and much lower efficiency. Aimed at these drawbacks, this paper adopts the constraint-based detectors, any-r intervals matching rule, and split-detector method, which can reduce a number of detection holes, achieve the better detecting rates, and a faster running speed.Fourthly, most IP packets are normal. If they need to be detected by large number of antibody detectors, the accessing time of normal IP packets will be slow down. For this reason, the self-pattern class is proposed. A few of self-pattern classes can accelerate the accessing of the normal IP packets. In addition, via the self-pattern class, most of self-antigens are filtered and amend the self-antigen set dynamically in detection process. Compared with other intrusion detection models, which need to cost a mass of time to negative selection due to the much greater self-antigen set, this novel system can accelerate the speed of self-tolerance and adapt to dynamically changing environments.Finally, using the data sets of KDD CUP99, this paper simulates a dynamically changing network environment. In experiments, we do some comparisons between the improved model proposed by this paper and the original dynamic clonal selection algorithm. The experiment results show that the proposed model can achieve a faster running speed, the better detecting rates, and adapt to dynamically changing environments.