The Study Of Immunity Intrusion Detector Model Based On Danger Theory

With the speedy development of Computer and Network Technology, the phenomenon of network intrusion is become more and more evident.The existing intrusion detection systems have high detection rate, but it is lack of adaptive, self-learning, and fault tolerance. While the principle of artificial immune system is simulating biological immune to antigen recognition, the clearance of antigen so as to protect the system balance. Artificial immune system fault-tolerant, distributed, self-learning characteristics, in recent years, the artificial immune theory in intrusion detection system is one of the hotspots of research, which is composed of two on the principle of similarity and functionally complementary decision.In this paper, a detailed analysis of the existing SNS model based on intrusion detection system flaws, the DCA algorithm in detail, and the DCA algorithm, on the basis of the combination of SNS theory and risk theory to propose a new immune intrusion detection model. The main research contents are as follows:(1) the traditional artificial immune algorithm in intrusion detection system application is analyzed in detail, point out Forrest SNS model presented by the existence of defects and summarizes the current research for its improvement.(2) elaborates the danger theory and the recent research trends, mainly introduced the dendritic cell algorithm (dendritic cell algorithm, DCA), from the following aspects of the algorithm memory improvement:1) each antigen presenting process, dynamic generation of N DC, DC from static to dynamic generation, increased DC diversity and adaptability.2) the original algorithm on the antigen presentation, without considering the effects on the environment, increase the sliding window concept, from antigen environment increased antigen assessment.3) the original algorithm using an iterative process of antigen assessment, its purpose is to make full use of DC pool all DC, improved algorithm using an evaluation in time, there is obvious improvement.4) the original algorithm in all the antigen presentation after finally unified computing the MCAV value, the improved algorithm as a result of iteration, so in the current antigen-presenting after antigen MCAV value that is calculated. From the time, diversity, to assess the accuracy of three aspects of DCA algorithm. In the experiment, the number of antigens take different environmental changes of antigen extraction, mainly from the antigen detection rate, false negative rate were compared, the experimental results show the improved algorithm has better efficiency(3) SNS model allows for easy and rapid detection of known resistance to the original characteristics and risk theory can detect unknown antigen advantages, design a kind of hybrid model based immune intrusion detection model, this model firstly uses the SNS model will be obvious characteristics of the antigen, antigen and antigen recognition security attacks, and the attack antigen in immune response the characteristic is not apparent, the antigen in risk theory module, the module using the improved algorithm on antigen presentation, assessment of the antigenic risk degree MCAV, if MCAV exceeds the threshold value set in, for the invasion antigens, initiate immune responses, or safety antigen and MCAV value lower antigen into the internal system. In simulation experiment, from antigen detection rate, false positive rate, time-consuming three performance on three kinds of models were compared.At present,the study on biological immune danger theory and its application in intrusion detection is still at initial stage, especially the definition and detection of danger signals need to be done further.