Immunology-based Intrusion Detection Technology

With the rapid extension of internet and wide application of Internet, network security, especially network intrusion, has become ever serious. Therefore, it is quite necessary for us to thoroughly analyze problems in network security, such as intrusion attack, to study intrusion detection technology, and also to develop effective network intrusion detection systems (NIDS). Our research work is valuable and important for the development and application of network information systems. Because the problem faced in computer system is similar with immune system:immune system protect body from the harm from antigen and the computer security system protect computer form intrusion,thus, it is more significant to put the methods and principles of biology immune into the fields of computer safety system.Through the research of current intrusion detection systems and biological immune system, an immunity based network intrusion detection model is discussed and analyzed in full detail from the view of robustness, extensibility, scalability, adaptability and efficiency. Thus the model indicates ways in which we can improve our existing intrusion detection systems. That is applying biological principles, architectures, and algorithms extracted from IS to the design and implement of intrusion detection systems.First,we researched basic theories of immunology, through it,we can refine principles and characteristics of immunology ,we also could summarize some detector generation algorithm and regulations of matching that is applicable in IDS.Through comparion, we use the negetive selection algorithm and r-contiguous matching rule. Second, we put forward a framework model of detector,base on research of immunology theoretics,This framework model is good at simulation with B cell,Th cell and Ts cell in biology immune system so that realized the designing target of this system.Last,we put forward a topology model of the enterprise security ,combined with the principle of immunology,we designed a model system of IDS, This system is built on the open source IDS snort, for its powerful capability to manage plug-in, we could plug immune detecion module into Snort by Preprocessor,realize the model of IDS base on immunology. This model not only can check abuse detection but also anomaly detection。...