| With the rapid development of network technology, network security is becoming more and more worrying and Network intrusion detection is very important to it. Now, the artifical immune technology is a rising project of solving computer network security problem. Many scholars are in the ascendant of the artifical immune technology overseas. The article is engaged in a branch of network security field (intrusion detection) from the development of network security nowadays. We do some research on a new type dynamic clonal selection based on artifical immume technology, and construct the intrusion detection model based on the artificial immune mechanism. The article is started with biology immunology, load the history of immunology, the biology immune syste's buildup, immune identify, immune responsion, immune endurance, immune memory and other functions.Then we introduce the theory about immune mechanism and characteristic.The characteristics are study and recongnize and distributed and diversity.The artifical immune system origined from the biology immunology. We also introduce the history of artificial immune system.Via analyse the basal theory and arithmetic,negative selective arithmetic,clonal selection. Especially clonal selection in artifical immunology, we point out the ideology of clonal selection is that the cell that can identify the antigen will clone and reproduce. The characteristic of clonal selection are the high frequency and body edit and affinity maturation.Through the construction from the analogy of the mapping relations between human immune systems and computer immune system, we can construct the intrusion detection system based on the immune mechanism. The clonal selection arithmetic in artifical immune system has its flaws: the environment that be detected faced the problem are different everyday. The clonal selection must be in a relative still environment. So we put forward the dynamic clonal selection arithmetic. It can be used in variable environment. It simulate the function of immune system memory,study and clone. The article describe the basal theory about dynamic clonal selection. The idea that apply in intrusion detection is, in intrusion detection system, we regard the normal behavior and communications that are inspect in network environment as self, the abnormal behavior and communications that are inspect in network environment as nonself, and all the self and nonself mapping the binary string concourse with the length of L. The self concourse are that normal binary string. The detector concourse which are the binary string with the length of L are produced by negative selection. In the intrusion detection system, the detectors simulate the function of lymphocyte in immune system. Lymphocyte's activation in human immune system depend on affinity threshold mechanism. So we introduce the detector's affinity threshold mechanism into our model. Every detector is random produced and maintain immaturity within the time of T. The time is called tolerance period. In the tolerance period, the detector which is identified will die, else it will turn to the mature detector. The mature detector will detect nonself and its active threshold exceed a given threshold, then it will turn to memorial detector. And the detectors will distribute the whole network.During the period we use r sequence matching rules to calculate the two strings's affinity. Every detector will cumulate affinity with a arithmometer. To activate a detector, it must match A strings at least, the A is called active threshold. The best matching detector will turn to the memorial detector. The memorial detector will replicate itself and spread the neighboring node in the network. Lymphocyte's cooperating stimulation in biology immune system will destroy the lymphocyte which react with itslf. When the lymphocyte combine the antigen outside its affinity threshold reach the value, it will produce signal I, signal II is produced by T lymphocyte. Within the period, if the lymphocyte receive signal I only, the lymphocyte will die. Signal II is farther affirm that if the lymphocyte detect the antigen outside or not. In the network intrusion detection model, we build a security administrator to provide the cooperating stimulation signal. When the detector's matching threshold reach the value, the detector send a signal to the security administrator. If the security administrator confirm the detector detect a true nonself, it will send back a confirm signal in Ts. The time Ts is called delayed time. The time's aim is to give the security administrator enough response time. We build up a intrusion detection model based on dynamic clonal selection arithmetic. In the model we define coding mode, some parameters which affect the model,they are threshold,affinity,TP,FP. The model contain three modules: immature module, mature module and memorial module. We improve the model,add control variation and improved affinity arithmetic.We use vc6.0 to fulfill the function of the model and analyse the parameters which are effect the model. Through the contrast function testing and analysis, we confirm that the intrusion detection model based on immune mechanism make good use of dynamic clonal selection in artifical immune. The ability and accuracy of the model detecting antigen are improved. The system adaptability and distribution are also improved. Through the improved system we conclude that the control variation ,the offspring of the antibody will remaind and the second response's efficiency will improved rapidly.The impoved system,TP will ascend and FP will descend.At last, we summarize the article. Because the article's character and defect, we put forward the next work plan.We connect the module of intrusion detection system with other security products,in order to improve the whole network's security. |
PDF Full Text Request