Research Of Intrusion Detecyion Model Based On Biological Immune Principle

As an active network security technology, IDS (Intrusion Detection System) has become a research focus and has attracted more and more people's attention. And the new intrusion detection technology based on biological immune principle which has the advantages as self-adaptive, self-organization, self-learning, collaboration, efficient, intelligent and dynamic adaptability, etc could overcome the shortcomings of traditional intrusion detection technology and achieve real-time defense against unknown attacks.In the paper, the theoretical knowledge of intrusion detection techniques and biological immune principle is analyzed firstly. The theories of intrusion detection as detection principle, classification, defects and future development trends .etc are discussed; Furthermore, the structure, working mechanism, characteristics and associated immune algorithm .etc of biological immune system is studied, and then the paper compared the intrusion detection with the biological immunity.Secondly, a new model of intrusion detection is proposed based on biological immune principle and the key technologies of the model are researched. The spirit of the model is from principle of B-Cell and T-cell in the biological immune system. This model is composed of three modules-the feature extraction module, detection module and alarm module. Through feature extracting and pre-treating towards the network data packets, the feature extraction module can provide detected data sets for detection module. Besides, it could forms the description of the initial"self"set. It can dynamically update the"self"set through the continuously updating mechanism of the"self"set. In this way, it could overcome some drawbacks of the static"self"set in the traditional intrusion detection, so, it is possible to adapt to the change of network environment. The detection module uses two detectors B and T to recognize anomaly and"common self"set for pre-detection mechanisms, along with two co-stimulations, to achieve high efficiency, high speed and high accuracy. In addition, as the detector sets involved in the detection module are all dynamically generated and dynamically updated. To prevent the volumes of the detectors unlimitedly growing and impact detection efficiency, this paper proposed a LRU-based dynamic demotion and dynamic elimination mechanism, and quantitative the size of the detectors, meanwhile, using a combination of random and variation method to generate the initial detectors, these measures above can greatly improve the accuracy dynamic, adaptive and diversity of the model.Finally, by using the KDD99 data sets, a series of simulation experiments are carried on the new intrusion detection model. The experimental results show that this model is better on detection rate, false alarm rate and detection time. It can reduce the false alarm rate and improve the detection rate. So the intrusion detection model is practical.