Study On Detector Generation Based On Artificial Immune System

In recent years, the network intrusion detection based on artificial immune system has become a key topic in network intrusion detection research. It is quite similar between the biological immune system (BIS) and computer intrusion detection system. The former protects living organisms from threats of various pathogens such as bacteria and viruses, while the latter helps the computer system to safeguard against outer intrusion. Both of them are trying to maintain the system stability in a constantly changing environment. Inspired by the similarity, immune-based intrusion detection methods are proposed to make the protected system can differentiate illegal behavior as nonself and legitimate behavior as self through imitating the working principle of the BIS.The target of Intrusion Detection System (IDS) based on immune system is to make relatively limited detectors (antibody) to identify relatively unlimited external intrusions (antigen). So detector generation is the crucial step which affects the entire performance and efficiency of IDS. Therefore, this dissertation is especially dedicated to the studies on detector generation.Firstly, this dissertation introduces the concept and classification, and main methods of intrusion detection, then analyzes the disadvantages and potential development in future for intrusion detection.Secondly, basic immunological mechanism and artificial immune system(AIS) necessary for this dissertation are reviewed. The r-contiguous bits(rcb) matching rule used for negative selection algorithm(NSA) and the clonal selection algorithm are analyzed. Based on the analysis, the improvement of the two algorithms is proposed. Thirdly, to reduce the dependence of matching threshold on experience, r-variable algorithm is presented. Detectors can obtain different matching threshold through by r-variable algorithm. To enhance the r-variable algorithm, clonal selection algorithm is introduced. Furthermore, a selection strategy combined both fitness and concentration is presented to improve the clonal selection algorithm.Fourthly, a novel detector generation algorithm based on negative selection named VRGA(Variable R Genetic Algorithm) is proposed. VRGA combines both the clonal selection strategy and r-variable algorithm.Finally, to prove the performance of VRGA, two groups of experiments are performed. One is based on Wisconsin breast cancer data, and focuses on VRGA behaviors under different values of three parameters in VRGA: matching threshold(r), distance threshold (ε) and the adjustment factor (α). Another is based on KDD Cup 1999 data, and is carried out to compare the performance of VRGA and NSA. The results show that VRGA makes a good detection rate and brings self-adaptability to matching threshold.