Research Of Dynamic Intrusion Detection System Based On Biologic Immunity

In recent years, the intrusion detection based on biological immunity has become a key research area in network intrusion detection system.It's prominent characteristic is to apply natural immune mechanism for intrusion detecting.At present,the immune system have the characteristic of biological diversity,adaptability,robustness and so on,which can meet the actual needs of the network intrusion detection technology.However, there are some limitations exist in traditional immunity of intrusion detection modehselfset can't be changed once it was defined,but the network running state is dynamic, thus if self-set can't be timely amended as the network running,it will lead to increase error rate;the detector will be long-standing once generate, finally the saturation point will reach, then the new detector will not be able to produce and thus new intrusion can not be detected.But in real organisms,antibody is a certain cycle,and their survival status will change over time,so the traditional static detector can't be simulated as antibody,the "immune" accuracy can't be achieve. An improved dynamic model was introduce for the above areasion.Firstly,the self-set was amended in the process of antigen test which attain the dynamic changes of self defintion,and the new self-set was used in the next process of auto-antibodies tolerance.so the the dynamic nature of tolerance was realized.Secondly,the the life cycle concept was introduced.memery detector,mature detector,and immature detector have certain life cycle, and they can run into other based on the state of network environment. Immature detector transforms into mature detector after negative selection or death; mature detector which match sufficient antigen in the life cycle would transform into memery detectoror death;memory detector that match antigen less than adequate number will be demoted to mature detector.In other words,the status of detection is dynamic.Finally,a comparative analysis of dynamic model and traditional model was did with a experiment simulation, and the reslute shows that the dynamic model has better detection performance.