Study On Memory Detector Based On Artificial Immune System

With the rapid development of computer technologies and network technologies, the computer and network intrusion problems become more and more serious. In order to protect the system resources, an active defense mechanism different from firewall and anti-virus software need to be established to detect the intrusion. Intrusion detection system is a series of active defense measures which will be capable of monitoring the dynamic behaviors of network or computer system and determining whether an intrusion exists. Because of the deficiencies in traditional intrusion detection methods, how to actively defense and effectively suppress the illegal behavior in computer or network becomes an urgent problem to be resolved in the computer security.In the nature, the immune system successfully protects the organisms from foreign pathogens infection. It's a highly evolved biological system which is specific, capable of self-learning, diverse, adaptive, dynamic and self-organizable. The features and mechanisms of the immune system are also very helpful to the establishment of the new generation of intrusion detection system. This paper will give a deep research to the evolving mechanism of the biological immune system, design an effective model and algorithm which oriented to intrusion detection system, and then establish an intrusion detection system based on the artificial immune. Generally, the research includes:To solve the self dynamic change in intrusion detection system, the problems of self definition are discussed, an identified self definition is proposed, the self representation is analyzed, and the self set determination method based on binary is proposed. Aimming at the low detection rate and high false-positive rate of mature detectors, a generated evolution algorithm of memory detectors is proposed based on immune memory theory. In the research, the detectors are classified based on the reference of immune antibody repertoire. A dynamic eliminated demotion is performed on the memory detectors based on the reference of replacement algorithm in cache. The hypermutation operator and genetic operator is used to vary the memory detectors. The series of moves have improved the detection rate and lowered the false positive rate.Aimming at the existing disadvantages of intrusion detection model based on the artificial immune, a dynamic multi-level intrusion detection model mainly with memory detectors is established. In this model the Co-stimulatory signal is added to the process of detectors'evolution and detection. The automatic update function of self, the negative selection algorithm of immune detectors and the dynamical change mechanism are used. The experimental results proved that the detector self-learning function, the self-adaptability and dynamic function is implemented in the detector set mainly with memory detectors, the detection rate of intrusion detection system is improved, and the false positive rate is also reduced.