Immune Principle-based Enterprise Network Intrusion Detection Technology

With the procedure speeding up of the enterprise informationization in our country, the security problem of the enterprise network has been increasingly serious. Intrusion Detection System (IDS) is beening an important component of the enterprise network security system. Yet most of the traditional IDS is using rule-based feature detection, there are bottleneck problems in the invasion of the rule acquisition and update. Furthermore, it is lack of effectiveness, adaptability and scalability. Aiming at this problem, IDS based on the principle of immune is studied by the author, through simulating biological immune system features and functionality, the author builds network intrusion detection system (NIDS) model, and mainly analyzes some key technologies such as detectors generation, optimization and reconstruction etc.Firstly, the author analyzed the principle and mechanism of the immune system. And the definition, description and coding of "Self/Nonself" sets are confirmed based on the similarity analysis of the immune system and IDS. Through analysis on the existing detectors generation algorithm, a candidate (initial) detectors generation algorithm is improved based on Forrest's Negative Selection Algorithm. The experiments show that the algorithm enhances improved the production efficiency of the detectors. Based on previous researches, the pattern string matching rules and memory detectors optimization strategy are also studied by the author, to adapt to the network environment in dynamic change, a detector reconstruction algorithm is improved, which is proved that it can improve secondary reaction speed and maintaining detector sets dynamic equilibrium.Secondly, the author analyses the common NIDS and immune-based NIDS model. After Kim's model improvements, a preliminary enterprise network intrusion detection system model based on the principle of immune is initially constructed. Also the physical and logic structure of the system are designed according to actual application environment of the enterprise network of LG Dawn Company.Finally, the partial algorithm tests are made, and analyzed the experimenting results. The author summarized the main work of the paper and the problems of this research and pointed out the further focus and the direction in the future work.