A Study On Danger Detection Based Immune Intrusion Detection Technology

With the increasing popularity of the Internet and the spread of Internet viruses and hackers, Internet security problems have become increasingly prominent. Intrusion detection technology is a research hotspot in the area of computer security. The intrusion detection technology based on the principle of immune is a new research direction, and it provides a more proactive security protection mechanism. Some problems are found in the in-depth study of its development, such as the demarcation between "self" and "nonself" is too obvious, which may lead to the mistaken identification, and the real-time pattern recognition will also bring down the computer performance.The emergence of danger theory brought some inspiration to address these problems. The object recognition of danger theory is"danger", and it is more reasonable to recognize"danger"than"nonself". Based on dividing danger levels, it could pose a soft border a between"danger"and"security", and thus, it could reduce false identification. How to detect dangers is the key problem that should settled when danger theory is applied into intrusion detection. From the perspective of computer systems parameters, dangers could be detected through extracting the parameters and computing. It is planed to use a tool of describing the uncertainty– Cloud Model, to map between the seriate quantitative system parameters and danger level which is a qualitative concept. According to a priori detection rules, Cloud rules generator could be used to handle seriate system parameters for different concepts in order to produce danger signals of different levels.Correlated algorithms are presented. On the basis of the danger detection, some improvement is made to the traditional immune based intrusion detection technology, and a danger detection is added before the "self/nonself" recognition, and then the "self/non-self" recognition will be activated by dangerous signals so that the problem of great system spending which is caused by a large number of matching task would be avoided, detection efficiency could be promoted and false identification rate would be reduced, especially the False Positive rate.On the basis of discussion of related technologies and algorithms, a danger detection based layered intrusion detection model is designed, combined with multi-agent technology. The system simulates negative selection, cloning variability, memory cells and the basic principle of and mechanisms from biological immune system. Intrusion detection tasks will be assigned to six agents, such as monitor agent, generator agent, antigen brought agent, detector agent, decider agent, response agent, and communicator agent. Through the information sharing between agents and cooperating with each other, dangerous intrusion action could be recognized.