| In recent years, the security questions of the network are outstanding with the development of computer network technology. The intrusion detection systems, as the important part of information security safeguard systems have attracted many experts'attention. The researching of intrusion detection systems has become one of the hot research topics in information security field. The operating mechanism of intrusion detection systems is naturally similar to the human immune system. The theory that the immune system can protect body from invasion provides a new method to investigate the intellectualized intrusion detection systems. Utilizing the artificial immunity mechanism to solve the shortcoming of the intrusion detection systems has become a front subject in the field of information security research.Firstly, definition, structure, classification and common used methods of intrusion detection are introduced in this thesis. The thesis then introduces related definitions and theories of artificial immunity and mainly analyses the similarity between artificial immunity and intrusion detection. Then this thesis introduces the definitions, models and algorithms of intrusion detection system based on artificial immunity.Because the algorithm of detector generating is a key algorithm in the intrusion detection system based on immunological theory, based on analysis and comparisons of common used intrusion detection methods, we find that current detector generation algorithms have low generation efficiency, holes and redundancy detectors, more or less. Via analysing the problems of holes and overlapping detectors, we introduce the concept and algorithm of variable length detector. Then we construct a new detector called variable detector via combining the multi-level negative selection detector and variable length detector.Secondly, the low-level (binary) detector which the traditional network intrusion detection systems adopt, prevents the extraction of meaningful domain knowledge, and can not cover Nonself space perfectly. In this thesis, the methods of constructing binary self set and generating valid detector are improved. Real-valued negative selection algorithms are studied in this thesis. The real-valued detectors are added into the hybrid detector congregation to detect abnormal behavior of both packets and sessions at detection stage.Finally, we operate experiments on variable detector and hybrid detector. Preliminary results demonstrate that the approach enhance the negative selection algorithm in efficiency, reduce the number of holes, raise the rate of detection and without significant increase in complexity. |
PDF Full Text Request