节点文献

主机免疫系统模型及其检测器生成算法研究

Research on Host Immune System Model and Its Detector Generating Algorithm

【作者】 王峰

【导师】 宋书民;

【作者基本信息】 解放军信息工程大学 , 计算机应用技术, 2007, 硕士

【摘要】 人工免疫系统作为计算智能研究的新领域,具备强大的信息处理和问题求解能力,在计算机安全领域得到了广泛应用,基于免疫的动态防护技术克服了传统安全技术的一些弱点,具有广阔的应用前景。本文借鉴人工免疫系统理论,结合主机系统的安全需求,提出了一个主机免疫系统模型,并给出了模型的形式化描述,设计了模型的结构框架,讨论了模型的免疫仿生机制和工作流程,分析了模型的重要特性;自适应性、动态防护性、可扩展性和鲁棒性。依此模型,构建了主机免疫系统体系结构,实现了基于Windows2000的主机免疫原型系统,该原型系统具备文件免疫、进程免疫和网络接口免疫等功能,构成主机全方位的免疫防护体系。然后,研究了主机免疫系统模型中检测器的生成方法,剖析了穷举等现有检测器生成算法,提出了一种自体变异的检测器生成算法,阐述了算法的实现过程——由保留一定数量空位的变异自体生成检测器,从理论上分析了该算法的性能和复杂性,结果表明,该算法克服了现有算法检测器生成效率低的不足。最后,对该算法进行了仿真实验,验证了理论分析的结果。总之,本文提出的模型为全面解决主机安全问题提供了新的思路,提出的算法性能优于穷举等现有检测器生成算法,具有良好的实用价值。

【Abstract】 As a novel branch of computational intelligence, Artificial Immune System (AIS) has strong capabilities of information processing and problem-solving paradigm. AIS have been applied broadly in the field of computer security. The dynamic defending technology based on immunity has conquered many weaknesses of traditional network security technology, and there is a wider prospect of its application.Firstly, a host immune system model (HISM) is presented by drawing inspiration from theories of AIS and combining the host security requirements, and HISM is formally described. The framework of HISM is designed, the immune mechanism and the work flow of HISM are discussed, and several important characteristics of HISM are analyzed, such as adaptability, dynamic defending, expansibility and robustness. According to HISM, the architecture of the host immune system is constructed, the prototype immune system of the host is implemented based on Windows 2000, which composes all-round host immune defending system, and has many functions such as file immunity, process immunity, network interface immunity and so on. And then, the detector generating technique of HISM is researched, some existing detector generating algorithms are analyzed, a self-mutation detector generating algorithm (SMDGA) is presented, the implementation course of SMDGA is described, the detector is generated by the mutated self string with a number of blank symbols in SMDGA, the performance and complexity of SMDGA are analyzed theoretically, the conclusion indicate that SMDGA overcomes the low generating detector efficiency of the existing algorithms. Finally, the results of theoretical analysis are verified by the simulation of SMDGA.In summary, a new way is introduced to solve security problems of the host system through this thesis, the proposed algorithm has a better performance than existing algorithms such as exhaustive detector generating algorithm, and it is practically valuable.

  • 【分类号】TP393.08
  • 【被引频次】2
  • 【下载频次】57
节点文献中: