| Network intrusion detection methods based on artificial immune principles have become more and more popular in the field of network security research. With the features of distributed, self-organized, light-weighted and multi-layered protection which are not supported by traditional network intrusion detection systems, intelligent intrusion detection methods inspired by biological immune principles have the ability of detecting intrusion behaviors more effectively.A novel network intrusion detection system model, which adopts the theories of innate immunity, adaptive immunity and multi-agent systems, is proposed in this dissertation based on the research of the information processing mechanisms within the biological immune systems and the work of former researchers. This dissertation analyzes the features and functions of the main modules of the system model, such as evidence-based detector, behavior-based detector, knowledge-based detector, feature extractor and response agents, and designs and implements the core algorithms of the most important modules.The evidence-based detection module is implemented with the theories of innate immunity and artificial tissue. It is quite different from traditional artificial immune systems-based applications that are constructed with the concepts of adaptive immunity. The evidence-based detector is the first level of shield that protects the hosts and networks against network intrusion behaviors. It can detect and response to the intrusion evidence actively when the host or network being protected has already suffered from a successful attack. The evidence-based detector has the ability of stopping the current intrusion, preventing the same intrusion behavior from appearing again, and collecting normal network traffic data sets for future use.The behavior-based detection module is implemented with the theories of adaptive immunity. An immune network-based detection algorithm is proposed in this dissertation which is different from traditional intelligent intrusion detection algorithms based on negative selection and clonal selection principles. The behavior-based detection module can perform both supervised and unsupervised learning and detection of the network intrusions. The experiment results show that the method proposed in this dissertation is effective at detection ability, as well as the time and space complexity.A detector filtering algorithm based on negative selection principle is proposed at the last part of the dissertation. Negative selection algorithm has been proved unsuitable for the detector generating because of the inherent complexity problem. Regarding it as the detector filtering algorithm, other than the detector generating algorithm seems to be reasonable because it can filter the invalid detectors to control the false positive rate under some pre-defined level without introducing the scalability problem of the algorithm to a great extent. |
PDF Full Text Request