The Study Of Unknown Internet Worm IDS Based On Artificial Immune System

In the modern society, the increasing dependence on Internet highlights the importance of protecting computer and network against malware attacks. Internet worms, which propagate using vulnerability in the operating system as one kind of malwares, propagate actively and metamorphose frequently and independent of host. Those characteristics cause more dangerous than virus.It is a important topic in in academic circles that detecting internet worm immediately and accurately. However there has implemented some anti-virus systems and intrusion detection systems,most anti-virus systems and intrusion detection systems detect worms by building features database which based on the known worms. Therefore they respond slowly to new type or metabolic worms and have high mismatching ratio, and it still causes damage to computer systems and networks.The study of the IDS which responds to the unknown internet worm in time and adapts with the changing and distributed internet environment has great significance to computer security.That is the purpose of this thesis.At present,on detection technologies the IDS includes feature detection and anomaly detection.The feature detection uses existing intrusion features to create database and judges intrusions by pattern matching.But it could not detect novel internet worm.The anomaly detection defines normal actions and regards against normal actions as intrusion.But this technology educes wrong judgements easily. On the system implementation, the research on the intelligent and distributed intrusion detection system have achieved considerable results in Purdue University, the University of California at Davis, Los Alamos National Laboratory, Columbia University, the University of New Mexico,and other institutions.Domestic intrusion detection system study is relatively backward, and the intrusion detection technology in the initial stages.It is noteworthy to study the intrusion detection system based on the biological immune system mechanism.It has great significance to promote network security resarch and especially to provide an important basis for intrusion detection technology. The primary means that organisms resist external intrusion and safeguard their own security and stability is dependence on the defense system and immune capabilities. Computer system defending Internet worms is marvelous similar with biological defense system against external intrusion.In this paper, I study the unknown internet worm intrusion detection system based on artificial immune system, design a detection system model which could detect unknown internet worm by using a new immune theory - Dangerous Theory and adopting DCA immune algorithm, and fully describe the functional modules design and implementation.The paper first introduces the definition of internet worms and their functional properties and propagating mechanism. Subsequently it introduces the characteristics of the biologic immune system and its mechanism, describes the Danger Theory detail and explains the DCA algorithm which is Julie Greensmith et al designed.A worm resorts to scanning to spread, so detecting scan invasion can achieve the purpose of discovering and defensing unknown network worm. Based on this, in the last part of this paper we design a port-scanning detection system model.We resort to the modularization ideas to design the system model functions and use the object-oriented language C++ to program. The model is mainly composed by the data collection module, data pre-processing module, data processing module and data analysis module. There is used the improved DCA algorithm in the data preprocessing, data processing and data analysis modules.We abstract eight signals, which are processed by the DCA algorithm, from the scan characteristics.The detection model has low false negative rate and false positive rate, has the ability to detect unknown worms, and has good robust features, which can play great role with the existing intrusion detection technology.During the internship in the Shandong CNC OMC project, the tasks of designing and programming on system security managements and the system running security environment configuration are helpful to complete this paper.