The Application And Research Of Intrusion Detection Technique Based On Immune Algorithm And Fuzzy Theory

The intrusion detection system which acts as the pivotal technique in current network security has been playing an important role in various fields. As is well known to all,the immune system is similar to the intrusion detection system in many aspects. So the intrusion detection system which bases on the immunology has become the research hotspot.Summarize the pivotal techniques in intrusion detection system,research the immune theory and various immune algorithms,analyse the fuzzy theory,and sum up the application of immunology and existent problems. Some problems cannot be ignored,such as that it is so difficult to obtain the pure data sets to define self modes,and the traditional detection rules neglect the fuzzy boundary of normals and abnormals,and using the traditional negative selection algorithm results in the complex calculation and lower efficiency when generating the detections and matching with the modes. Aimming at these flaws,it is presented a new intrusion detection mode——an analyzing mode based on the immunology and fuzzy knowledges.Before the network data stream entering the detections,use fuzzy c-means clustering technique to pretreat the data and obtain the pure self modes with which to train detections. And then throw them away. This method can reduce the next matching work. And the next step is that using immune detection modes to monitor the data sets which include lots of abnormals. The importance of fuzzy detection rules will be emphasized,and its expression method will be deeply researched. And it is presented to use the good searching performance of immune algorithm to generate fuzzy-detectors. Finally,the experiments prove that using the presented detection method has a powerful advantage in obtaining pure training data,and it could reduce the detectors and data's matching computation enormously,so the load of system has been eased greatly. And the generated fuzzy rules express the self and nonself very compactly. It could cover more abnormals with less detection modes. And the fuzzy rules could reduce the frangibility of detectors greatly. On all accounts,the presented method have a better detection effect.