【作者】 刘海龙；

【导师】 张凤斌；

【作者基本信息】 哈尔滨理工大学 ， 计算机应用技术， 2013， 博士

【摘要】 计算机网络安全的重要性毋庸置疑。随着以物联网技术为代表的第三代网络技术的兴起，计算机网络安全的研究又迎来了新的热潮。作为计算机网络安全的一项重要技术——入侵检测的研究也与时俱进，增加了许多新的研究内容。以生物免疫系统为基础的人工免疫理论近些年一直受到国内外专家学者的高度重视。作为其中主要的研究热点——基于免疫机制的入侵检测研究也一直是这些专家学者关注的重点。特别是对决定其检测性能的最主要部件——检测器的研究更加受到研究者的青睐。本文就以检测器为主要研究对象，以检测器存在的主要问题为突破口，以生物免疫机制和相关理论及方法为手段，重点讨论检测器优化和检测方法的改进。检测器的维度与检测性能之间有着很大的关系，特别是在实值形态空间。针对实值空间高维检测器存在的黑洞、检测器高重叠等问题，借鉴线性矩阵变换的思想，利用主成分分析法，在保证足够信息量的前提下，将高维的实值空间转化为低维的主成分空间，并在主成分空间中进行亲和力函数和匹配规则设计，利用亲和力计算完成基于主成分的检测器分布优化处理，从而解决以上问题。实验验证在主成分空间里“变形”后的检测器可以在保证原有信息量损失不多的基础上较好地覆盖非自体空间，提升检测器的检测性能。检测器分布优化一直以来都是国内外学者研究的热点。针对其中存在的诸多问题，特别是检测器分区和边界入侵问题，提出一种基于协同进化和Monte Carlo方法的检测器分布优化算法，首先利用V-detector算法的思想调整检测器检测半径来解决检测器的边界入侵问题，然后利用协同进化思想将检测器集合分成不同子集，通过子集间的相互作用进行优化，并采用Monte Carlo方法估计当前优化效果来判定是否达到预期目的。实验验证通过这两种方法的结合使得优化后的检测器更好地覆盖非自体空间，较好地解决黑洞和高重叠等问题。DNA技术作为生物工程领域一项重要的技术已经在诸多领域发挥着重要作用。而检测器的多个属性可以被看做是不同的DNA组合，借以这一思想，提出一种基于DNA疫苗的检测器更新与生成模型，提取不同的有效基因构造DNA库，通过DNA库进行疫苗合成等方式来构造候选检测器，从而制造更多成熟有效的检测器。实验验证模型可使检测器实时更新，优化对非自体空间的覆盖，稳定其检测效果。无论是二进制空间还是实值空间，单一检测器包含内容的不完备性使得检测器的检测效果一直都不甚理想。为了解决这一问题，借助免疫网络的思想和危险理论提出一种多形态检测模型，将系统的检测模块分成二进制模块和实值模块，并通过信号机制完成两个模块的协同检测。实验验证模型适应更复杂的待检测事件，使系统的检测效果在不同环境下都可以保持较为稳定的水平。本文主要研究了基于免疫机制的入侵检测中检测器的优化与检测，针对其中存在的问题提出了相应的解决方法。以上研究内容不仅对基于免疫机制的入侵检测研究提供了许多新的方法，也对人工免疫理论及其应用起到了一定的拓宽研究范围的作用。更多还原

【Abstract】 The importance of computer network security is undisputed. With the adventof the third generation of network technology represented by the Internet ofthings, computer network security ushered in a new wave of research. As animportant technology of computer network security, the intrusion detectionresearch also advances with the times, adding a number of new research contents.In recent years, the artificial immune theory, based on biological immune system,has been attracting great attention of domestic and foreign experts, in whichimmunity-based intrusion detection research has been the focus of researchers. Inparticular, the research of detector, the most important part to determine thedetection performance, is more favored by the researchers. This paper mainlydiscusses the improvement of detector optimization and detection method, takingthe detector as the research object, the existing problems of the detector as abreakthrough, the biological immune mechanism and other related theories andmethods as a mean.The detector’s dimension has a significant relationship with the detectionperformance, especially in the real-valued shape space. For the hole, theoverlapping and other problems in high-dimensional detector, the research drawson the thought of linear matrix transformations and principal component analysis,transforms high-dimensional real-valued shape space into low-dimensionalprincipal component shape space under the premise to ensure an adequateamount of information, and then, designs affinity function and matching rules inthe principal component shape space. This research also applies affinitycalculation to do the principal-components detector distribution optimizationprocess to solve the above problems. The experiments verify that the detectors after deformation in the principal component shape space can ensure bettercoverage of nonself space and enhance the detection performance with little lossof the original amount of information.The optimization of detector distribution has always been a hot issue amongthe domestic and foreign researchers. For the existing problems, particularly thedetectors’ multi areas and intrusions in the self/nonself boundary, a detectordistribution optimization algorithm is proposed which is based on co-evolutionand the Monte Carlo method: first, using the thought of the V-detector algorithmto adjust the detector’s detection radius in order to solve the intrusion problem inthe self/nonself boundary; then applying the co-evolution thought to divide thedetectors into different subsets and to do the optimization with the interactionbetween the subsets; and finally employing the Monte Carlo method to estimatethe current optimization effect to determine whether the anticipated results hasbeen achieved. Experiments validate that the optimized detectors make bettercoverage of nonself space and deal with the problems of holes and overlappingwell.DNA technology, as an important technology in the bioengineering field, hasplayed an important role in many fields. Multiple attributes of the detector can beregarded as different combinations of DNA. Via this thought, the thesis proposesa detector update and generation model based on DNA vaccines, which is toconstruct the DNA pool by extracting different effective genes. Through the DNApool, the candidates are constructed by the vaccine synthesis. Thereby, more andmore mature and effective detectors will be created. Experiments verify thatmodel can update the detectors in real time, optimize the detector’s coverage innonself space, and stabilize the detection performances.Anywhere, in the binary or real-valued space, the content incompleteness ina detector makes the detection effects unsatisfactory. To solve this problem, amulti-shape detection model with the immune network and immune dangertheory is proposed: the detection module of the system is divided into binarymodule and real-valued module, which complete collaborative detection bysignal mechanism. The experiments validate that the model adapts to the morecomplex events to be detected, and the detection effects can maintain a relativelystable level in different environments. This paper studies primarily the optimization and the detection of thedetector in the immunity-based intrusion detection system, and proposescorresponding solutions for the existing problems. The above research contentsnot only provide some new methods to immunity-based intrusion detection, butalso broaden the scope of the study on artificial immune theory and itsapplications.更多还原