| In recent years, immune-based intrusion on detection technology has become a key research field in intrusion detection system. Its prominent character is that it can explore natural immune logical theories, mechanisms and principles for detection and reacting to intrusions. Network security can be considered as immunity of a computer, because the mechanism of network intrusion is similar as that of biological viruses in essence. Biological immune system shows its nearly perfect immune function for computer immunity, we hope that based on biological immune principles, a robust and powerful computer immune system can be built up .In this paper, we take the above mentioned as a background, biological immune principles as a basis, the fine and deep research work on the subject named Network Intrusion Detection based on Biological Immunity is studied.The primary work of this paper show as follows:Firstly, since the model lack of self-adaptive to the self dynamic changes in the network intrusion detection model based on the immunity, its lead to high rates of false positives and false negative. In order to improves the self-adaptive of the network intrusion detection model under the dynamic environment and make the model can work well under the changeable environment, on the basis of studying the working mechanism of artificial immune system completely, a new model of self-adaptive network intrusion detection was presented .The IDS takes network packets as detecting data resource and has the advantages of detecting unknown intrusion; in addition, a new method to generate and evolve of detectors is put forward that can update automatically to keep synchronization with self. Secondly, with the ever increasing deployment and usage of gigabit networks, the flow of network data packets grows quickly and often leads to a large number of data packets have not time to be analyzed. That is to say, at present, the IDS (Intrusion Detection System) is unable to requirements of long-term capturing the packet and trend analysis. To alleviate the aforementioned problem, at the data collection phase, we have implement an adaptive sampling scheme that intelligently samples incoming network data to reduce the volume of traffic sampled, while maintaining the intrinsic characteristics of the network traffic. The adaptive sampling algorithms dynamically adjust the sampling rate based on the observed sampled data.Thirdly, in the adaptive evolutionary negative selection algorithms and a real coding Immunity Clone Selection Programming based on Chaos, an adaptive mutation operator is deeply researched which the random or determine variation is instead of by adaptive. According to clone selection principles, the seized data packets were pretreated and those attributes of the data were used normalization real number coded .The chaos principle and the Prior Knowledge of antigen well applied which were used to generate high affinity candidate set of detectors. According to the detector affinity, different mutation operator and evolve strategy were used to evolve detector set. Experiments did on the intrusion detection data, results show that this algorithm not only decreases the false negatives rate with maintaining a high detection rate, but also increases the evolving efficiency of detector. |
PDF Full Text Request