| With the development of the computer and network technology, we must face the more serious computer security problem when we use network for their advantage. Though the traditional technology and production of computer security can protect the information system in a way, they can not detect the attack event on their own initiative because of their limitation and passivity. Therefore, the intrusion detection technology which is a new kind of active security technology for network is becoming one of the focuses of the research in the information security field.For the defense mechanisms of the human immune system is similar with the process of recognizing abnormal data from much normal data in intrusion detection system, the research about intrusion detection system which is based on the mechanism of human immunity gradually becomes the foreland subject in the field of intrusion detection. The most important character of the intrusion detection system is that it could overcome some drawbacks of the traditional intrusion detection system through the model and algorithm based on the biology immunity mechanism.This paper has a detailed introduction of the intrusion detection technology firstly, and then it indicates the characters and drawbacks of the current intrusion detection system. Furthermore, analyzing systematically the former study, it puts forward a new kind of dynamic intrusion detection model based on the artificial immunity mechanism. And this model can settle down some problems in the current intrusion detection system.This model picks up the character of the network via the feature extraction module, and then it forms the description of the initial "self set. It can dynamically update the "self" set through the continuously updating mechanism of the "self set. In this way, it could overcome some drawbacks of the static "self set in the traditional intrusion detection based on human immunity. So, it is possible to adapt to the change of network environment.This model optimizes the mature detector by the second stimulation of the abnormal character, and then it designs the used algorithm. In this case, it can reduce the number of detectors under ensuring the "non-self set covered in effect, so it settles down the problem of the limited speed of the detectors due to a large number of detectors in the traditional model.This paper analyzes comparatively the characters of the network data in detail. It describes the "self set and the attack characters through the simple network characters. In this way, it needs not to blindly extract the whole protocol data unit and the field in protocol which is little of relation with the attack by the traditional detection method. Finally it makes the speed of intrusion detection system faster.At last, this paper proves the availability of the model in this experiment... |
PDF Full Text Request