Study On Intrusion Detection Model Based On Artificial Immune

It is an important context to research on intrusion detection for the network security.But there are many problems that low detection rate，low agility, ignoring ofunknown attack and the legging behind of rules updating in the existing intrusiondetection systems. The vertebrate immune mechanism based artificial immune systemhas so many advantages of parallel processing, self-learning, self-adaption and thesame function as the intrusion detection system to protect computers against the local ordistant intrusions. So the combing of the artificial immune system and intrusiondetection system has become an new hot research area[1,2]. In order to solve theproblems in the existing intrusion detection systems, some work has done to improvethe traditional immune systems.Analyzing of defects in the artificial immune mechanism based intrusion detectionsystem and based on Hofmeyr’s distributed artificial immune system model ARTIS, animproved artificial immune system model has proposed in this paper. The improvedmodel, which used the protocol analysis technology to make co-stimulation of theimmune module and taken weight based r-continuous matching rules to improvematching accuracy of the antibody-antigen reactions, has enhanced the detection rate TPfrom70%-75%in ARTIS to80%-85%,and reduced the detection error FP from20-25%in ARTIS to12%-14%. The scales of memory detector and mature detector has alsoreduced from240-260and120-130in ARTIS to210~220and95~105. The storm typeattack detection algorithm with the over15M flow rate and attacks made the ARTISmodel stop working while the improved model still has a Considerable throughput.The OPNET experiments to the ARTIS model and the improved model has shownthat the improved model raised the detection rate but reduced the detection error rate;reduced the scales of memory detector and mature detector; higher throughout thanARTIS in the case of large flow data and attacks.The protocol analysis algorithm and the storm type attack detection algorithm areimplemented by the co-stimulation module in the improved model, which combined theadvantages of excellent representation, high accuracy and small system expenses inprotocol analysis technology and the virtue of self-learning and self-adaption in artificial immune technology together. The simulation test has validated the feasibilityand validity of the improved model.