The Research Of Intrusion Detection System Based On Machine Learning And Artificial Immune Theory

Intrusion detection technology emerged in the last 20 years, which is an active security technology to protect computers against the attacks on network, it also can test the network without affecting the network performance, thus providing real-time protect for internal or external attacks and misuse operation.This paper firstly introduces the need for intrusion detection system, the kinds of intrusion detection system and the design of the model, which includes intrusion detection system's general processes and its function, and also points out the common problems and weaknesses of existing intrusion detection system.Then, we sum up in the second chapter reviewing the applications of artificial immune algorithm in computer security and the development of immune-based methods in network security and intrusion detection system field in recent years, also the work of immune-based intrusion detection system in recent years is summarized.In chapter III we introduce the negative selection algorithm based on artificial immune system, which takes the self-nonself recognition principle. In this chapter we list the five most commonly used kinds of sequences of system calls of the current test model, and introduce short time-series analysis method to test the sequence of system calls, finally we adopted a series of experiments to verify the effectiveness of the short time-series analysis method based on the negative selection algorithm.Chapter IV introduces the machine learning method used in the intrusion detection system. Taken in this chapter, two different kinds of classifiers are combined, and combining the two quite different classifiers can have a better robustness. Experiment results show that taking a weighted combination of the two classifiers can do better than the performance of a single classifier, and the invasion of behavior can be easily identified, making the method in this chapter maintain a high detection rate and also a low false alarm rate.Finally, chapter V gives the demonstration of the system, and our intrusion detection systems takes client /server architecture. The intrusion detection system mainly detects the data under the Linux operating system produced by the process of system call sequence and the use of process resources. The software is developed under Linux environment, and we use Vmware, a kind of virtual machine software, to install Linux operating system in Windows to realize the intrusion detection system. Experiments show that the system is successful to detect the invading virus.