Research On Dynamic Detection Model Based On Immunological Theory

The main goal of intrusion detection system is to detect unauthorized use, misuse and abuse of computer systems by both system insiders and external intruders. The unique function of intrusion detection system makes it play an irreplaceable role in network security system. Intrusion detection system has a lot of similarities with the biological immune system, and it makes the immune system offer a natural research template for intrusion detection. Especially the immune system demonstrates good characteristics in information processing, such as distribution, variety, adaptability, memory ability, fault-tolerant ability, dynamic stability etc., and these characteristics are just what we expected to get in the intrusion detection system. When traditional method can not solve network security problem completely, drawing lessons from the biological immunological theory have already caused the great attention of computer security researchers, they believe immune principle help to overcome problem present intrusion detection system faced.Because the algorithm of detector generating is a key algorithm in the intrusion detection system based on immunological theory, starting with negative selection algorithm, the paper deeply analyses the reasons of failure to report and overlapping of detectors. The paper presents an algorithm of detector generating with adjustable threshold of matching. By analysis of experiment, the new algorithm can be proved to reduce the number of holes and raise the rate of detection.By analyzing the characteristic of immunocyte's circulation and movement in the organism, on basis of traditional models and lifecycle of detectors, the paper presents an innovative dynamic intrusion detection immune system model. The mathematic description model of the dynamic self, dynamic immune tolerance and immune memory is established, and a memory detector dynamic demotion mechanism based on the least recently used algorithm is provided. The experiment results show that the proposed intrusion detection model has a better adaptability and validity than the traditional method.