The Self Region Optimization And Detector Generation Of IDS Based On Immunity

The IDS (Intrusion detection system) is a significant part of network security, which can deal with the problem properly that traditional firewall technique can not. It has a lot of similarities with the biological immune system, such as distribution, variety, adaptability, memory ability, fault-tolerant ability, dynamic stability etc., so it makes the immune system offer a natural research template for intrusion detection. IDS based on immune theory has the important significance for the development of computer network and security technology.The detection performance of intrusion detection system is mainly decided by detector coverage to non-self space, while the negative selection algorithm is mainly adopted by generation of system detector. On account of different types of network intrusion, there are two kinds of detector: Binary and Real-value.For the Binary detector, the deficiencies of the current detector generating algorithms with single affinity matching are discussed, and to solve the low quality of detectors, an improved detector generating algorithm using mix-matching rules is proposed: hamming whole matching and R-contiguous matching in each segment, named MMNS (Mix-matching Negative Selection). And the algorithm is analyzed as well. These experiments show that, the algorithm model can high efficiently generate the needed detectors, evidently enhance the IDS's performance.As to the Real-valued detector, theoretical analysis and experiment results demonstrate that,in a relatively stable time period, the network traffic in unit time is in accordance with the probability distribution. Moreover, owing to the selves coming from the real network, there are surely many improper selves and the self region has a problem of high overlapping coefficient which to reduce the efficiency of detector generating. So, this dissertation optimizes the self region with the probability theory, and then generates detectors using the improved NSA. Experiments show that the effect of self region optimized is prominent, and the generated detectors'detection performances highly efficient.