Research On Active Response Mechanisms Based On Immune Principle

With the rapid development in the computer networking technology, network intrusion technology is making steady progress. The advance in complexity, automation and intelligence of invasion means are increasingly jeopardizing networking security, and, therefore, imposes great challenges on improving capability in responding to network intrusion, Since traditional passive response mode is difficult to meet the rapidly increasing requirements in networking security, active response mode becomes a popular research topic. In this thesis, we have studied the active response mechanism in the Active Response Model and Active Response Strategy, and designed Active Response Mode based on the Immune Principle. Based on the Immune algorithm, we have also proposed an optimal strategy selection algorithm for the Active Response mode.This theis first discussed the immunity detection, immune response and immune feedback mechanisms in biologic immune systems, and then analyzed principles and methods in active response. Based on the analysis, we designed an active response mode based on immunity principles. The model effectively integrates the functions of intrusion detection and active response. The model is able to detect intrusion collaboratively and accurately using B and T detectors, develop Active Response Strategy promptly, adjust the Active Response Strategy dynamically, and respond to attacks timely, especially to repeated similar attacks. The model is timely, self-adaptable, legitimate and valid.The existing mechanisms in selecting active response strategies only take into account the response cost from the defenders'point of view, not consider the impact of the attackers. This thesis investigated the issue from both attackers'and defenders' perspectives based on the Game Model, constructed a Game Model taking into account both attackers and defenders, and evaluated the benefits and costs of both attackers and defenders. Based on the above analysis, this thesis then developed a double population based immune co-evolutionary algorithm to select the strategies for both attackers and defenders, aiming to maximize benefits and minimize costs for both attackers and defenders. This thesis finally conducted experiments to evaluate the effectiveness of the proposed algorithm and the rationality in the strategy selection. The experimental results show that the proposed algorithm is effective and stable, and the strategy is valid and feasible.