The Research Of Intrusion Detection Technique Based On Artificial Immune System

Intrusion detection based on artificial immune is a focus in intrusion detection research field recently. It realizes detection and reaction to intrusion behaviors by principles,rules and mechanisms in biological immune system. It also has similarity with immune system in essence. Intrusion detection distinguishes normal and abnormal behavior patterns and takes actions to prevent intrusion behaviors while immune system is in charge of recognizing"self"and"nonself"of organism and clears harmful cells. Based on negative selection algorithm proposed in immunology, this topic develops further research in intrusion detection research field.Compared to other intrusion detection techniques, although negative selection algorithm has lots of advantages, it also has defects. Firstly, the database and scale of data processing used by it are too huge to have good space-time efficiency. So this algorithm can't rapidly find intrusion behaviors and its practical application is seriously hindered in intrusion detection field. This paper introduces a data structure, Bloom Filter, which can change storage,enquire and modification mode of basic negative selection algorithm data, reduce scale of data processing and improve enquire speed. This data structure effectively enhances practicality of negative selection algorithm. Secondly, the description of"self"and"nonself"in the system is static and seldom varies after definition. In concrete applications, on the one hand,"self"and"nonself"can't be exactly defined; on the other hand, they always change roles and need timely revision along with time. So description model of static"self"and"nonself"can't meet the need of network monitor in real network surrounding and lacks good adapt ability. In view of these problems, this paper realizes an intrusion detection algorithm with immune secondary response according to autologous set dynamic variable ideology. A dynamic self which has small scale and is easy to program process is proposed to replace huge ego set in original algorithms. Although quantity and range of data in unit time is small in dynamic ego set, this set can still be rapidly processed by programs and cover the whole self space in a relatively long detecting procedure in the end.Contrast experiments prove that negative selection algorithm proposed in this paper can rapidly and accurately detect known and unknown patterns of intrusion behaviors. This algorithm accords well with requirement of intrusion detection technique.