Network Intrusion Detection System Based On Artificial Immune

IDS(Intrusion Detection System) is a security protection system which detects the attempts or the behaviors that harm or threaten the usability, confidentiality or integrality of host or network resources. Recent years IDS has gained great attention because of its important role in computer security field. Intrusion detection techniques have been improved very much these years. However, there are still some limitations in traditional intrusion detection systems, such as distributing, flexibility and efficiency etc. Therefore it is necessary to develop new technologies to improve the overall performance of IDS.BIS(Biological Immune System) is a physiological system which protects organism from external pathogens. It has some advantages which are quite needed by IDS, such as self-organization, distributed protection, immune memory and robustness. There're amazing similarities between IDS and IS(Immune System). So we can make use of some immune principles such as self-learning and self-evolution to improve IDS.In the paper, the main research topics included:First, expounding the basic concepts and principles of intrusion detection systems and biological immune technology, introducing the feasibility as well as the advantages and disadvantages of using the biological immune technology into intrusion detection system.Second, according to CIDF system specifications of IDS, designing new model of NIDS based on biological immune principle, and introducing affinity mutation, gene base optimization in intellective IDS to improve efficiency and accuracy rate of identifying intrusion mode. The model possesses these properties of self-organization, self-learning, self-adaptation etc.,and based on biology immune's identifying self or non-self. The model is mostly composed of the followed four aspects :generate detector, affinity mutation, gene base recombine, detect intrusion. These four aspects form a whole to generate various detectors so that it can realize the purpose of using lesser detectors to detect multiple intrusions:Third, we did simulation experiments using the new model in this paper. We used the packets that distilled from real network and coded by 65 bits to test the system through adjusting these parameters that affect detecting efficiency, and the results show that the new model has better detection rate and low false detection rate.Fourth, concluding the whole research work in this paper. Analysed the problems in the model that need to be solved and forecasted the development tendency.