Intrusion Detection Technology Based On Artificial Immune Classifier

In today’s society, computer network has been widely used in all walks oi-life. Computer technology has really improved the quality of life and efficiency. When people enjoy the high-tech achievements, they have to face an embarrassing reality:the computer network is often invaded, so that to result in major economic losses and serious social effects. Network Intrusion Detection becomes one of the most important and the most popular computer technologies.Network intrusion detection technology is a proactive security technology, providing real-time protection lor computer system from internal attacks, external attacks and incorrect manipulation. While traditional intrusion deteetion system has high rate ol’ missing report and false alarm, single way of detection, poor ability of adaptive and self-learning, it is difficult to meet people’s requirements of network security. In order to solve these problems, we have to make means of artificial intelligence algorithms.The principle of intrusion detection system can be summarized as follows:collecting data from the host or network, then deciding what are the normal data, and what are the attack data according to certain rules. Thus, intrusion detection is a classification problem.The artificial immune classification algorithm AIRS can solve the classification problem very well. An intrusion detection system based on the AIRS algorithm was designed in this paper. The system is composed of five modulcs:data acquisition module, the pre-processing module, feature extraction modulcartificial immune classifier module, response module. The data acquisition module captures network packets to collect data and filters useful information through the use of Winpcap. The preprocessing module reads and analyzes network packets, extracts key attributes and encodes non-numeric attributes. The feature extraction module encodes the training data set. The artificial immune classifier module uses AIRS algorithm to train the antigen(training data) to obtain a classification model, and then classifies the actual data according to the classification model. If there are intrusions, the module notifies the response module. The response module is responsible for accounting the number and specific types of attacks, storing to the database, and outputting alarm information.In order to test the performance of the system, the KDDCUP99data sets, the DARPA1998data sets, and the actual network packets have to be used to test the system separately. The result indicates that, the system has high detection rates and low false alarm rate, and has high classification accuracy and the abilities to detect unknown attacks.