Based On The Distributed Intelligent Intrusion Detection System Research

As an active and voluntary protection system, intrusion detection system is an ideal complement to the firewall. The system not only provides real-time protection for information, but also heads off and responds to intrusions before the system vulnerable to assault. In order to ameliorate the real-time, intelligence, detection efficiency, accuracy and robustness of intrusion detection system at furthest, distribute intelligent intrusion detection system (DⅡDS) employs some artificial intelligent techniques into intrusion detection system or its model forming and designing, in the distributed environment.The DⅡDS is designed to improve the time lapse of intrusion detection system in detection, as well as to ameliorate the intelligence and recoverability of intrusion detection system. A new intrusion detection method based on the principle of immune privilege is proposed, which breaks through traditional intrusion detection concept to head off all possible intrusions as much as possible. While a new type of intrusion occurs, the method employed to trigger mechanism of immune privilege not only can stop new type invasion from further information destructions, but also can learn and eliminate new types of intrusion. At the same time, the normal or degraded service is still provided unceasingly to users. So, the DⅡDS can carry out an immune evolution in a short time.In the system, in order to improve the time delay of intrusion detection system, a detection module based on of the network traffic intelligent forecasting is designed. The prediction activities of intelligent prediction Agent are simulated in a manual way. By analyzing and comparing, the accurateness of the prediction method employed by intelligent prediction Agent is attested to be feasible. Furthermore, a trigger base on immune privilege, as an improving part of distributed intelligent intrusion detection system, is built. Reference to the mechanism of immune privilege in the medical life and biological immunity principle, and integrating intelligent Agent technology, a mechanism (immune privilege) for the intrusion screening, as well as save recovery after intrusion occurs, is constructed in distribute intrusion detection system. Finally, in order to achieve transferring the user’s information in security and the immune evolutionary of intrusion detection systems themselves, an immune privilege Agent transplant (IPAT) mechanism is constructed. The performance of system is tested and analyzed by an emulation test. The data sets used in the test is from the famous data set KDDCUP99. Tests show that the distributed intelligent intrusion detection system constructed in this dissertation achieves amelioration on real-time and fail detection rate.