【作者】 裴凯；

【导师】 秦绪佳；

【作者基本信息】 浙江工业大学 ， 计算机软件与理论， 2007， 硕士

【摘要】 网络的安全问题越来越受到人们的重视。研究人员围绕如何有效检测出系统和网络中的异常行为进行了大量深入性的探讨。由于生物免疫系统承担着与入侵检测系统类似的任务并且能够比较圆满地完成检测异常、保护生物体正常工作的任务,因而研究如何将生物免疫原理应用于入侵检测从而设计出高性能的入侵检测系统具有一定的理论价值和很重要的实际意义。这也使得基于免疫原理的入侵检测成为近年来入侵检测领域的一个研究热点,它的突出特点就是利用生物体免疫系统的原理、规则和机制来实现对入侵行为的检测和反应。本文首先介绍了网络安全以及入侵检测的国内外现状和发展趋势,接着阐述了生物免疫系统及其免疫学的基础知识,在此基础上,结合理论分析与仿真实验对生物免疫系统的正选择算法和负选择算法进行了对比研究。理论分析和仿真实验结果都表明,在抽样集很大的情况下,负选择算法具有较高的性价比。入侵检测需要处理网络中的海量数据,因此负选择方法适用于基于免疫学的入侵检测系统的研究。论文对入侵检测问题的负选择方法进行了全面、系统的形式化描述,针对负选择方法检测效率不如正选择方法的问题,首次提出结合马氏距离,改进负选择方法来提高检测效率。先从理论上分析此方法的可行性,然后利用仿真实验来证明。自主设计并实现了一个基于免疫学的入侵检测系统原型,并从数据收集、特征提取、模式构造、检测入侵、报告响应、系统优化等方面阐述了相应的实现思想。论文采用实际网络环境中收集的数据集对原型系统进行了测试。实验结果表明,此系统可以很好地检测出网络中的异常行为,达到了预期目标。更多还原

【Abstract】 People pay more attention to the network security. Researchers have made a great deal of useful discussion on how to detect the abnormal of the system in networks. Because biology immune system has the similar ability as intrusion detection system, and can accomplish the task of abnormity detection and protecting the organism to work in gear, it is valuable in theory to some extent and important in practice significance for the researchers to apply the biology immune theory on intrusion detection and the design higher performance intrusion detection system. It makes the immune-based intrusion detection a key research area in intrusion detection system, exploring natural immunological theories, mechanisms and principles for detecting and reacting to intrusions.Firstly, network security and the development of intrusion detection at home and aboard are introduced. After reviews of the biological immune system and immunological material necessary for this dissertation, positive and negative selection approaches are compared, by both theoretical analyses and experiments. It comes to the conclusion that negative approach can achieve better results at low cost. As great amount of packets pass through networks, negative selection approach is more feasible for intrusion detection.Comprehensive formalization and new analysis of the negative selection model are developed. In allusion to the low detection rates of negative selection compared with positive selection, Mahalanobis distance is introduced. It is used to improve negative selection in order to increase the detection rates. Theory analysis is given and then experiments are proved it.An immune-based intrusion detection system prototype is designed and implemented, and the referential realizing idea of data collection, character extraction, mode construction, detecting intrusion, reporting and responding, system optimizing are expounded. Our intrusion detection system is tested with data sets generated by a realistic context, and the experimental results disclaim its effectiveness in detection of network attacks as supposed.更多还原