The Research Of Immunity Based Intrusion Detection System

Recently, there are more and more attacks to the information systems. Because of the inherent defects, the existing intrusion detection technologies are inefficient to deal with this condition. They show weak self-adaption and poor detection efficiency, etc.. Aiming at solving these shortcomings, the thesis researches key technologies on the intrusion detection and the principle on immune mechanism. By applying the immune theory to the intrusion detection system, we achieve an immunity based intrusion detection system.Firstly, this thesis introduces the principle on intrusion detection and indicates the limitation and the development trend of the exiting IDS. Secondly, the biological foundation, the principle and the feature of the artificial immune system are expounded. Two main immune system algorithms, namely, the negative selection algorithm and the clonal selection algorithm are analyzed in detail. Then, by analyzing the existing detector generation algorithms, the thesis advances a novel detector generation algorithm-- MAMA. This new algorithm makes the match of the feature field in perfect accord with reality with avoiding inefficiency because of a long r. Finally, we design an immunity based on the intrusion detection system with above-mentioned technology.This thesis presents a kind of encoding method of intrusion detection model based on artificial immune system in order to improve the speed of generating detectors and running detectors because the length of encoding is short. In addition, gene recombination method instead of the method of randomly generating candidate detectors is used. Accordingly, the useful detectors are generated efficiently. We apply the high frequency connection mode to filter network data packets by analyzing the deficiency of the Dynamics which makes the detection performance decrease because of a large number of co-stimulation. Finally, we implement the IBIDS with the dataset kddcup99 as data source. Experiment results and algorithm analysis show that the IBIDS can detect the unknown attack behavior more efficiently and has a good correct detection rate with a very low misdetection rate.