Mimicry Method Based On Immune Danger Theory

Wide application of computer network, the network security problems become the focus in the present. Because of the immune recognition of biological immune system, the distribution of the detection of immune cells, immune adaptive characteristic and immune memory and so on is very similar to characteristics of the intrusion detection system needs. Therefore, intrusion detection research and simulation of the mechanism of biological immune intrusion detection research widely attention. However, the traditional artificial immune intrusion detection method based mainly in model of self / non-self, widespread low detection rate and high rate of false positives, which is difficult to meet a variety of network security requirements. Immune danger theory based on danger signal immune response, it argues that the key factor to start the immune response is the invaders to make the body cell death or disease of danger signals, as long as have danger signals, antigen presenting cells can activate activating immune response, need not consider the problem of self and self-tolerance.In view of the traditional detection methods cannot effectively detect unknown attacks and high rate of false positives, low detection efficiency problems. A mimicry detector based on Immune Danger Theory—IDTMD detector, a testing organizations dynamic detection and control algorithm—TODDCA, a mimicry detector adaptive adjustment algorithm—MTOCSA algorithm ware put forward. The detector consists of several testing-organizations, and each testing-organization is composed of many different detection-cells. In testing, the testing organizations as the smallest independent unit can complete test task. The IDTMD detector generated some testing-organizations that tested the detected signals, and then the detector will dynamically adjusted the number and types of testing-organizations and detection-cells according to number and types of detected signals and danger signal that has been detected by the mimicry algorithm, as to realize the dynamic, diversity and randomness of mimicry detection. The TODDCA algorithm is based on the classification of dangerous signal, by calculating the affinity of the detected signal and the characteristic code in cells to judge whether detected signal belongs to the dangers of the detection-cell can recognize, at the same time, it can dynamic adjustment number and types of detection-cell according to the number and types of detected signals, species and amount to detect cell dynamic combination of sex and the diversity of testing organizations, which fully reflect the dynamic combination of testing-cells and the diversity of testing-organizations. Experimental results show that the detector that used the TODDCA algorithm has a high detection rate and low false alarm rate, improves the detection performance of the. MTOCSA algorithm, which dynamic adjustment number and types of testing-organization according to the number and types of detected signals and danger signal that has been detected by the mimicry algorithm.The experimental results show that the IDTMD detector not only improved the adaptive ability of network attack defense system, improved the detection rate and decreased the false alarm rate, but also enhanced the detector’s adaptive capacity and improved the resource utilization, at the same time, when testing amount reaches a certain scale, the first response time and the second response time is less than the average detector.