

The Mixed Intrusion Detection System Based on Immunology

【作者】 崔萌萌

【导师】 傅德胜;

【作者基本信息】 南京信息工程大学 , 系统分析与集成, 2007, 硕士

【摘要】 计算机系统安全要解决的问题与免疫系统要解决的问题非常类似。免疫系统保护躯体免受病原体的侵害,计算机系统安全保护计算机免遭入侵,将生物免疫学的原理和方法引入计算机安全领域的研究具有重要意义。本文首先对入侵检测系统及其有关技术进行了阐述,对生物免疫系统原理、免疫系统组成、免疫细胞的功能、免疫系统的免疫过程、免疫原理应用于网络入侵检测的可行性和必要性、人工免疫系统的基本概念进行了讨论,重点分析了模型“自体”和“非自体”的界定、检测规则和检测算法,提出了新的NA匹配规则和基于否定选择、克隆选择的新的检测器生成算法,验证了新规则和新算法的有效性。在此基础上给出了基于免疫学的混合入侵检测系统模型,在搭建的实验平台上利用KDDCup99实验数据包对该模型进行了测试,对测试结果进行了对比分析。结果显示本文设计的系统模型在检测性能上表现良好。

【Abstract】 Because the problem faced in computer system is similar with immune system: immune system protects body from the harm of antigen and the computer security system protects computer form intrusion, thus, it is more significant to put the methods and principles of biology immune into the fields of computer safety system.This article first elaborated the intrusion detection system and its relative technologies, then discussed the biological immunity system principle, the immunity system composition, the immune cell function, the immunity process of the immunity system, the feasibility and necessary of the network intrusion detection system based on the immunity principle, and the basic concept of artificial immunization system. We analyzed some key technologies on emphasis, such as the differentiation of the Self and Non-self set, matching rules and detection algorithms. The new NA matching rule was proposed and the algorithm was presented, involving negative selection and clonal selection. Some experiments were designed to demonstrate the validity of the new rule and algorithm, too.Finally, this article has produced an intrusion detection system model based on immunology. On the experimental platform we test the model with KDDCup99 empirical datum Through comparion, we can see that the immunology model has higher detection rate and better real time, and can find the new intrusion.

  • 【分类号】TP393.08
  • 【被引频次】3
  • 【下载频次】124