Immune Network And Its Application Research In Network Security Audit

With the rapid development of network technology, the network security has become the focus of the society. In a unit network, the internal staff can get more system permissions than external personnel and the illegal operations are hard to be found. Therefore an internal network audit becomes an important way to protect the computer security. A computer-security system should protect a machine or a group of machines from invaders, which is similar with human immune system from harmful microbe violations. It has become a front subject in the computer security research for using artificial immunity mechanism to solve the problems of network security.Now most commercial security audit products which adopt simple pattern matching technology can only detect known attacking patterns. However, security audit system based on immune principle can detect not only the known attacking patterns but also the unknown ones more rapidly using incomplete information. The main content of this paper as follows:(1)The paper first introduces the principle of immune system and characteristics of biological immune system. Through the immunological study on the process of biological immune, it has extracted some principles and biological immunology. With the analysis of biological characteristic, immune algorithm and immune model in the artificial immunity, we regard the normal behavior mode and communication mode among the local host computers and network systems monitored as "self" and unusual behavior mode as "nonself". Thus a network security model based on artificial immunity mechanism is set up.(2)In the basis of introducing the basic concepts of artificial immune system, we research the negative selection model which is widely used in artificial immune system. Our research focuses on the detectors generating algorithm. Based on exhaustive algorithm, an improved algorithm is presented as detectors generating method in the negative selection model. The model generates mature detector by improved algorithm and develops memory detectors by utilizing memory mechanism. The model can optimize memory detector in a time cycle and actualizes effectively the dynamic state renewal of the detector, so it will be adaptive and light load. It is proved by experiences that this method can generate detectors more quickly and effectively and the generated detector set is with higher positive detection rate.(3)The paper uses API Hook techniques to acquire audit data on Windows and the technology of API-substituted is brought forward to auditing the user's behaviors. It puts forward a solution of network security audit based on immune network and builds a system model and scheme of the main function module. The purpose of network security audit is to monitor the whole network and running status of applications in real time, to detect the suspicious or dangerous behaviors in time, to give alarms and take measures to obstruct those behaviors, and to take records of the electronic evidence for preventing the repudiation.