| The HIS (human immune system) can protecte human body by identifying and removing viruses, bacteria and other potential threats effectly even without any priknowlegge of them. In recent years, immune based network security techniques have been widely studied. However, the excisting immune based techniques still have high false negative rate and false positive rate, and poor realtime performance, when applied to intrusion detection. In order to achieve higher accuracy and real time performance, this thesis designed an agent model for intrusion tolerant IP network inspired by the immune cell mode whose surface have a variety of receptors to detect intrusions and receiving signals.The main contributions of this thesis are as follows.a) In this thesis the development of the network agent is described for intrusion-tolerance IP network. This is a novel immune inspired intrusion detection method using an abstract model of immune cell as archetype. And the architecture, functions and implementation of the agent were described in detail. The analysis indicated that the agent is an effective measure for any detection scenario with the advantages as distributed, robust, scalable, collaborated and security.b) Considering the excisting intrusion detection system is difficult to detect an unknown pattern exactly, the definition and rough set theory based mathematical model of gray space were presented. The agent training algorithm was described followed by. And then a new intrusion detection method based on gray space was designed. The analyses and validation using KDDCUP 99 shows that the intrusion detection method is good for both known and unknown patterns with simple classification rules, short detection time and high detection accuracy.c) To take the advantages of collaborated immune, the communication mechanism, group decision workflow and agent antibody transmission method were presented. And security technologies including data encryption, integrity verification and user authentication were brought in to ensure the security of agent communication. A propagation model was modeled for agent in a worm's network by borrowing the methods from epidemiology. And the simulation shows that the network agent performs reliably.The extensive theory analysis and experiment showed that the network agent is a better intrusion detection method with low false positive rate, higher accuracy and faster detect spead. This work is supported by the National Basic Research Program of China (2007CB310706). The noticeable character of this thesis is interdisciplinary interoperability and combining immune theory with network engineering. |
PDF Full Text Request