The Research Of Immune Intrusion Detection Technologies Based On Artificial Immune And Cloud Model

With the rapid development of information network technology, the importance of network is increasing. At the same time, the number of network intrusions are becoming more, the technologies of network intrusions are becoming more difficult to find, the measures of network intrusions, the measures of network intrusions are becoming more diverse. Intrusion detection, as one of the principal means for network information security, focuses on confrontation against intrusion. Because of its own shortcomings, traditional intrusion detection technology cannot cope with the new network environment with large amount of intrusion, quick changes, broaden range. So that, we need a proactive, robust and self-organize defense technology to deal with this challenges. In compatible with the intrusion detection systems, biological immune system can detect the harmful bacteria when they enter human body. This viruses testing as well as having the features like protecting toleration, self-organizing, self-learning and so on. It is the similarity of the modern network security environment needs and biological immune system immune mechanisms. So that, the researchers currently proposed danger theory, negative selection algorithm, immune network theory and other theories to apply to the field of computer security.This paper takes artificial immune system for intrusion detection technology as the main research point. Based on the detailed analysis of the network environment, the paper describes the technology of artificial immune intrusion detection, achieve a series of valuable research results. The main contents and results are reflected as the following:(1) Proposed an anomaly detection model based on cloud model and dangerous theory. First of all, analyzing the advantages of anomaly detection in the case of real-time, which can effectively detect harm signals. Secondly, combining with the cloud model, this chapter proposes means to measure the data abnormal degree. Anomaly detection model is divided into two parts: the cloud data processing module, and DCA anomaly detection module. The data processing module use Chi-square statistical method to establish the degree of difference between normal cloud model and the test data. Then the DCA detecting module convert the difference degree to the input signal of antigen and test data, in order to count the degree of abnormality.(2) Proposed a cloud-based immune intrusion detection system. Firstly, based on the features of cloud model, this system focuses on the feasibility of applying the artificial immune system under a cloud computing environment. Secondly, combining with the MapReduce parallel technology and design ideas of CARDINAL, this chapter proposed a cloud-based immune intrusion detection system. The system can effectively simplify the various types of input antigen, detect the harmful data and the variability data. At last, taking an experiment to testify the efficiency of the proposed system, which shows it can significantly improve the detection in the distributed computing environment.