Research Of Intrusion Detection Model Based On Rough Set And Artificial Immune

Intrusion Detection is a major security protection technology. However the existing intrusion detection is inadequate in detecting unknown intrusion and can only detect known intrusion. Intrusion Detection based on Rough Set and Artificial Immune System uses the rough set attribute reduction theory and refers to the biological immune mechanism. It can compensate for the inadequacy of the existing intrusion detection, and adapt to the current complicated and changeful network environment better. So it has great research and practical value.First of all, the concepts and theories related to intrusion detection are studied, and some common methods of Intrusion Detection and their classification are summarized.Secondly, an Intrusion Detection Model is proposed based on the study to Rough Set theory and Artificial Immune System. In the paper, the structure and composition of the model are analyzed and the key technology of the model is discussed in depth. The model introduces self and non-self concept of Artificial Immune and applies two detectors to Intrusion Detection. The known intrusion is detected by misuse detection and the unknown intrusion is detected by anomaly detection. The decision table which is called by the system is structured by Rough Set theory. The attributes of the table are reduced and redundant information is removed. Extract the rules from the decision table and structure the self-rule base and non-self-rule base, then it can identify more normal behavior and abnormal behavior in the case of smaller scale rule base. The applying of related Artificial Immune principle and algorithm in producing SELF and NOSELF detectors allows the intrusion detection have better dynamic adaptability.Finally, the intrusion detection model is emulated and tested based on rough sets and artificial immune by making use of normal and abnormal system call data of Forest etc. The result indicates that the model can identify normal and abnormal behavior more accurately. It can reduce the false alarm rate and improve the detection rate. So the Intrusion Detection model is practical.