Study On Detector Optimization In Clonal Selection Algorithm

Intrusion detection technology, information encryption technology, virus defending technology and firewall technology have become bodyguards and protected network security. Intrusion detection system (IDS) can detect the resource of the system and network in real time, find intruder, and prevent the legal user's mistake operation on the resources. Intrusion detection system has expanded the concept of security protection and remedied deficiency of traditional security tactics.Intrusion detection technology can be classified into two main branches: misuse detection and anomaly detection. Misuse detection approaches attempt to model attacks on a system as specific patterns, and then systematically scan the system for occurrences of these patterns. Anomaly detection approaches attempt to establish each user's normal activity profile, and to flag deviations from the established profile as possible intrusion attempts. Nowadays misuse detection approaches have been successfully used into practice, while anomaly detection approaches which are still on the research and development phases are one of the focuses of intrusion detection.The intrusion detecting technology based on immune principle is an anomaly detection technology, and clonal selection algorithm is the core arithmetic of immune detecting technology. It is the optimization of detectors.Through analyzing static clonal selection algorithm, this thesis proposes a multilayer dynamic clonal selection algorithm. By adding new self or nonself to meet system need dynamically, and standing a clonal selection additionally in the system after adding new self or nonself, some detectors arriving to threshold can be activated, others are to die or wait to be activated. At the same time, the updating detector section of clonal selection algorithm is optimized. Comparing child detector with parent detectors together to decide whether the child detector can replace one parent detector and which parent detector can be replaced. This improvement can reduce the overlapping of detectors, so it can improve the detecting performances of system.Finally, an intrusion detection model is built based on the improved clonal selection algorithm. The kddcup99 acquiring from Lincoln laboratory of MIT is used as experiment data. By analyzing the results of experiment, we can conclude that detecting rate of the system increases and false positive rate drops as the increasing of detectors generation.