Research And Application Of Immune Intrusion Detection Technology Based On PCA-AKM

As an active security protection technology,intrusion detection technology can solve network security problems effectively.However,current detection technologies have the problems of low detection efficiency,poor self-adaptability,and high false alarm rate.The paper starts from the perspective of clustering algorithms and artificial immunity,and studies how to effectively improve the effectiveness of intrusion detection.The main contents are as follows:(1)The K-means algorithm randomly selects the initial clustering center,which leads to the instability of cluster analysis results.The paper proposes the PCA-AKM algorithm,and the algorithm uses the custom indicators Dw to choose the initial clustering centers,and it could avoid the instability problem of the clustering center.The algorithm uses the principal component analysis method to extract the main components of the data set to achieve the purpose of data dimensionality reduction.Compared with other K-means improved algorithm in UCI data set,the PCA-AKM algorithm has higher clustering stability than other K-means algorithms.Experimental proof the algorithm has a high detection rate and low false detection rate on KDD CUP 99 data set which used to simulate intrusion detection,the algorithm can improve the accuracy of intrusion detection effectively.(2)Aiming at the low detection accuracy and poor self-adaptability of clustering algorithm for unknown intrusion behavior,a hybrid intrusion detection model PCA-AKM-AIID based on PCA-AKM algorithm and artificial immune system is constructed.The model consists of three parts:PCA-AKM detection module,first generation immune detector module,and immune response module.The detection data is detected by the PCA-AKM module,and the detected non-abnormal data is passed to the immune response module for secondary detection,and the detected abnormal data is passed to the first generation module of the immune detector for the generation of immature detectors.The immature detector performs self tolerance to generates a mature detector.When the number of matches between the mature detector and the non-self data exceeds the threshold p,and the mature detector is evolved into a memory detector.The detector is dynamically updated through continuous evolution.The experiment shows that the model performance is stable,it can improve the accuracy of intrusion detection,reduce the false detection rate.(3)An intrusion detection system based on the PCA-AKM-AIID model is designed.System grabs the network traffic data,then processes the traffic data into data that can be identified by subsequent modules.Using flow control while catching data,to prevent the problem that excessive traffic causes increasing of packet loss.Experiments have proved that using the PCA-AKM-AIID model to detect abnormal behavior in network traffic is effective,and it can meet the requirements of intrusion detection under large-flow conditions,and the system operates stably.