| With the continuous development of modern network technology and the wide-spread using about micro-blog, Taobao and Alipay, the issue of network security is increasing becoming the focus problem what people concern, which urgently need the researches to solve. And the traditional firewall solves the intrusion attacks only with passive defense, can not actively take measures. In contrast, Intrusion Detection System can initiate a positive response to against intrusion attacks, and protect the system from harm. Therefore now Intrusion Detection System (IDS) has become a popular research direction. And IDS based on Artificial Immune System (AIS), has become the scholars’ research focus. At present, IDS, which is based on danger theory, is a new method of intrusion detection. It has a good function in the detection performance, and can greatly improve the safety performance of the network system. Now it has also been widely used in other fields of computer security.In this paper, we firstly introduce the basic concepts of the Intrusion Detection System, and describe its principles, the simplified model, the basic classification and the use of technology. Then we introduce the basic concept, the immune processes and the characteristics of the Biological Immune System (BIS). And the following, we introduce the AIS model, which simulate the BIS, and explain several algorithms that based on AIS. We could acquaintance that there are a series of problems and defects in the IDS, which is based on the traditional Artificial Immune System.Then we make further research on the Intrusion Detection System, which is based on danger theory, and describe its method of detection-DCA algorithm. The algorithm has no need to define features, no training phase, linear computation of lightweight, fault tolerance and robustness. But at present the DCA algorithm, which may cause the differences of time and produce false alarms, is off-line analysis that can increase the false alarm rate and lead to a successful attack occurs, which is fatal to an intrusion detection system. Therefore, this paper has done the following work:1. In this paper we integrate the segmentation DCA algorithm of online analysis component, and divide segmentation into smaller. There will be a series of information processing is divided into smaller parts according to the antigen sampling quantity or time. And each slice analysis independently, and that can be identified in time for each slice in the instruction.2. By introducing the slice method to realize the real-time and periodic analysis, and gives the pseudo-code of DCA algorithm of on-line real-time analysis components, so that it can improve the speed of detection without affecting the detection precision. So it is a higher detection efficiency measurement in intrusion detection.3. The on-line analysis components of the DCA algorithm is applied to SYN scan data test, and we get the result of the experiment. Analysis and comparing the results, we get that the DCA algorithm of on-line real-time analysis components is the effective solution to the time difference problem of the DCA algorithm in off-line analysis, confirmed the feasibility of this method. |
PDF Full Text Request