Research On An Intrusion Detection System Based On Immune Principle

With the rapid development of Internet, network security becomes more and more important. Compared with the firewall technology with static and filtrating tactics, the intrusion detection is one kind of network security technology which is dynamic and with the core of data analyzing and handing. The intrusion detection technology is collecting and analyzing enormous key information among computer network systems in order to examine whether there exists the violating security-tactics behavior among network systems.Computers protect themselves to avoid being attacked, as is very similar with the biological immune system. This kind of immune system provides important basis for studying computers security. In fact, artificial immune system is one system which handles huge data .It has distribution, adaptability, robust and so on characteristics. However, our present computer security system doesn't have these characteristics. Thus, it is a key research to study intrusion detection system based on immune principle.This article advances a kind of intrusion detection system based on immune principle. In this system, two parts of assignments are finished. One part is advancing antibody structure in immune algorithm, the other one is using protocol analysis technology and raising a kind of artificial immune intrusion detection system that is based on classification.It is because of enormous data and variety attacking types, we must think about how to make antibody structure reflect network data's characteristics. In past research, antibody structure only included protocol, Ip address and port, thus, some attacks pointing to applied layers couldn't be found. At the mean time, experimental data in past research were artificial data, which was added few normal data in plenty of attacking data, then they verified their models, thus, the results had no persuasion. In antibody structure, besides variety protocol, Ip address, port, the author still adds some data with applied layer. Finally, she uses real network data in the experiment.Artificial immune intrusion detection system is as the same as natural immune system, its main task is to differentiate self from nonself. Self means normal network system behavior, while nonself means abnormal behavior. Intrusion detection system based on network is differentiate self from nonself among huge network data. Protocol analysis technology can decode data and can examine theirs principles, thus it can discover attacks correctly. It is the reason that protocol analysis technology and immune principle are applied in intrusion detection system in this article. The intrusion detection system is mainly composed of memory cell model, mature cell model and immature cell model. Using protocol analysis handles data. It can improve the defects of past systems.Biological immune system is still developing and the research of computer immune system is in the initial stages, therefore, the model this article advances needs to be improved. How to introduce more immune principles and how to improve detectable rate of system are the future researching.