Research On IP Traceback Intrusion Detection System Based On Immune

There are two important research direction in the network and informationsecurity, one is to study how to protect the host or network against hazard, forexample, the researchers model the immune system using in the intrusion-detectionsystem(IDS),that will improve the initiative of the IDS, and the self-learning andadaptability are much better. That has become an important research direction in thenetwork security, but it still exists the shortcomings such as the higher rate of falsepositives. The other is to study how to find the hidden attackers in order to carry onthe responsibility and punishment, that is, the research of attack source tracingtechnology. The current attack source tracking technology is represented by thepacket marking technology, this method is simple, but it can’t make the dynamicadjustment adapt for the characteristics of network data, needing the assistance oflarge of data packets.A new kind of attack source tracing model and algorithm based on immuneintrusion detection is raised in this paper by analyzing the advantages anddisadvantages of the existing methods, refer to the intrusion detection and responsearchitecture of distributed intrusion detection system. That is to say, the eventanalysis and response unit of immune intrusion detection system are widelydistributed in the WAN, its initiative for the analysis of network data、self learningand adaptive ability make the attack source tracking technology dynamically adapt tothe characteristics of network data, track for the behavior of the attack or thepotential attack, and not tracking the normal data. This method can improve theefficiency and the convergent speed of tracking algorithm, which is not dependent ona large number of data packets marking and reconstruction.We could classify the immune intrusion detection system better and extract theattack characteristics after confirming the attack data, in order to generate moretargeted testing cells and improve the working efficiency of the immune intrusion detection system.And, immune intrusion detection system based on the optimization of time andpath division has an ideal effect in defending for a single attack.At last, the results of simulation test prove the attack source tracking algorithmbased on immune has a good convergence rate, and it can optimize the intrusiondetection system.