A Study Of Intrusion Detection Model And Agorithm Based On Immune Mechanaism

People pay more attention to the network security. Researchers have made a great deal of useful discussion on how to detect the abnormal of the system in networks. Because biology immune system has the similar ability as intrusion detection system, and can accomplish the task of abnormity detection and protecting the organism to work in gear, it is valuable in theory to some extent and important in practice significance for the researchers to apply the biology immune theory on intrusion detection and the design higher performance intrusion detection system. It makes the immune-based intrusion detection a key research area in intrusion detection system, exploring natural immunological theories, mechanisms and principles for detecting and reacting to intrusions.Firstly, network security and the development of intrusion detection at home and aboard are introduced. After reviews of the biological immune system and immunological material necessary for this dissertation, positive and negative selection approaches are compared, by both theoretical analyses and experiments. It comes to the conclusion that negative approach can achieve better results at low cost. As great amount of packets pass through networks, negative selection approach is more feasible for intrusion detection.Comprehensive formalization and new analysis of the negative selection model are developed. In allusion to the low detection rates of negative selection compared with positive selection, Mahalanobis distance is introduced. It is used to improve negative selection in order to increase the detection rates. Theory analysis is given and then experiments are proved it.An immune-based intrusion detection system prototype is designed and implemented, and the referential realizing idea of data collection, character extraction, mode construction, detecting intrusion, reporting and responding, system optimizing are expounded. Our intrusion detection system is tested with data sets generated by a realistic context, and the experimental results disclaim its effectiveness in detection of network attacks as supposed.