The Research Of An Intrusion Detection System Based On Tolerance Invasion Technology

The network could provide many convenience conditions for the people on the one hand, but on the other hand, as a result of the openness of Internet, the network also has brought many security questions. At present, the network security technology mainly includes the firewall technology and the intrusion detection technology. The firewall technology is one kind of static safety technologies, and can't defend the invasion of internal network. Many intrusion detection systems can't be able to discriminate each kind of invasion, so it's unable to take the corresponding processing measure. And intrusion detection system can't guard against all invasions which are day by day renews. So, it's necessary to research more effective intrusion detection systems.At first, the paper proposed an intrusion detection algorithm fused on immune algorithm and RBF network, is called IRIDS algorithm. It can not only differentiate"Self"and the"NonSelf"network data, but also can distinguish four kinds of invasions:DoS,R2L,U2R,probing. But,every IDS can not found all of invasions, so it exits the false alarm flaw and missing alarm flaw. The IRIDS also exits the problems. the paper has introduced an IDS based on the tolerance invasion technology for letting all normal data to the system, and when encounters the unknown attack, the system can restore to the original condition or the degradation provides the primary service, or letting the system stop in the safe way. The IDS not only apply the IRIDS algorithm, but also adopt tolerance invasion technology. After testing this system, the test result indicated the system has ability of tolerance invasion.Works of the paper mainly manifest two aspects as follows: First, According to the intrusion detection system principle, an intrusion detection algorithm, which is called"IRIDS", based on immune algorithm and RBF network is designed. Through the test, IRIDS algorithm can have the high examination rate and the low rate of false alarm and the rate of missing report in the quite short time, and it can discriminate the four kinds of known invasion. Second, analyzing the insufficiency of IDS, the paper proposed an IDS model based on IRIDS algorithm and tolerance invasion technology. Through the test, the test result indicated that the IDS isn't only discriminate the four kinds of known invasion, but also when system is invaded by unknown attack, tolerance invasion module of the IDS can restore the system to a certain extent, or causes the system degradation to provide the service.