Research And Application Of Artificial Immune System For Misuse Detection And Multidimensional Pattern Matching

With the rapid development of Internet technology,how to protect the stability and security of the network environment in the complex environment of frequent network attacks and increasing attack means has always been one of the important issues studied by scholars.The complexity and diversity of network attacks almost make the traditional attack detection system obsolete.Inspired by the development of biology,the immune algorithm based on the immune system of the organism itself has sprung up.The misuse detection system is highly consistent with the human immune system,which is to protect itself from external attacks in the external environment.Misuse detection technology,as one of the classification of intrusion detection technology,constructs a feature base for known attacks,and judges whether it is an attack by matching the collected information with the information in the feature base.The traditional misuse detection method has a huge demand for attack data,and the diversified attack characteristics lead to a low detection rate,and can only match the completely known attacks,and has no detection ability for unknown and variant attacks.At present,the attack detection technology based on artificial immunology is one of the international cutting-edge technologies.In the field of multi-dimensional attack pattern matching for misuse detection,it can more effectively solve the above problems.This paper focuses on the artificial immune system for misuse detection and multi-dimensional pattern matching,and designs:(1)negative selection algorithm based on chaos theory,(2)clonal selection algorithm based on genetic algorithm,(3)according to the above two algorithms,an artificial immune system for misuse detection and multi-dimensional pattern matching is constructed,which realizes the effective detection of network attacks through pattern matching of multi-dimensional attack characteristics.The main research contents and innovative achievements of this paper are as follows:(1)This paper designs a negative selection algorithm based on chaos theory.The feature sequence generated by this algorithm has better coverage ability and higher efficiency than the traditional methods.Traditional artificial immune system generates random feature sequences through negative selection algorithm for pattern matching with security information features.This process requires a wide range of feature coverage and will produce large performance overhead.In order to solve this problem and improve the performance of the traditional negative selection algorithm,the logistic regression mapping of chaos theory is used to generate random feature sequences.Based on the initial value sensitivity of logistic mapping,even if a large number of random sequences are generated in a short time,it can ensure better random performance and wider coverage of the feature patterns of the generated random sequences.(2)This paper designs a clonal selection algorithm based on genetic algorithm,which makes the random feature sequence converge to the attack feature faster,and then has a better matching effect on variant attacks.The traditional artificial immune system makes the pattern sequence more similar to the attack feature sequence through clonal selection algorithm.Due to many attack features,this process usually requires multiple rounds of iterative process,which is inefficient.In order to improve the speed and achieve better convergence performance in the case of limited resources,this paper draws lessons from and adopts the operator of genetic algorithm as the iterative operator in clonal selection algorithm,which makes the algorithm pay more attention to the nature of global optimization,avoid the possibility of falling into local optimal solution,achieve better convergence effect,and make the feature sequence have aggressive characteristics faster.(3)Combined with the above two improved immune algorithms,an artificial immune system for misuse detection and multi-dimensional pattern matching is proposed in this paper.Compared with the traditional misuse detection system,this system can only match the completely known attack characteristics,and has a higher detection rate when detecting unknown attacks or attack variants.The system adopts the combination of non-specific immune module and specific immune module,which reduces the cost of specific immune module to match known attacks.For attacks with known characteristics,they are directly intercepted in the non-specific immune module(skin in biological immunity),and the characteristics of known attacks are stored through hash value,which reduces the storage overhead.For the data that is not intercepted,it is sent to the specific immune module for data verification.If it is determined to be an attack,the information is transmitted to other hosts in the distributed network,It is used for non-specific immune module interception when other hosts encounter such attacks.The test shows that compared with the traditional system,this system can reduce the space storage and have a certain detection ability for unknown attacks.Therefore,compared with only detecting known attacks,this system has a higher detection accuracy.