节点文献
基于新型否定选择算法的计算机病毒检测技术研究
The Research of Computer Virus Detection Technology Based on a New Negative Algorithm
【作者】 赵红霞;
【作者基本信息】 太原理工大学 , 计算机应用技术, 2010, 硕士
【摘要】 计算机病毒检测系统是一种防护网络安全的系统,是被用来检测威胁或危害主机和计算机网络的代码。生物免疫系统是保护生物机体免受外部病原体危害的一种机制,其具有分布式并行处理、自组织、免疫记忆和鲁棒性等特性。传统的计算机病毒检测技术是一种被动防御技术,借鉴生物免疫系统与计算机病毒检测系统相似性,来提高病毒检测系统的性能。本文详细的分析了传统否定选择算法所存在的问题,并介绍了学者们在这些方面所作的改进和努力。根据切割空间生成检测器的算法原理,提出一种针对二进制串的新型的切割否定选择算法,此算法不仅可消除冗余的检测器,并可减少检测器的漏洞,还在一定程度上防止黑洞形成;引入树状层次管理机制和禁忌搜索策略思想,在基于新型否定选择算法生成庞大的检测器的基础上,提出了一种将禁忌搜索算法与人工免疫算法相结合的新型禁忌人工免疫网络算法,在很大的程度上提高了检测器的搜索效率,更新效率,节省了内存占用率,此算法全局收敛性可以达到最优;最后本文针对所选用的数据集数据,通过分析数据进行试验和测试,测试表明新型否定选择算法具有更高的检测效率,准确性和搜索速率。本文的主要工作如下:1)分析传统否定选择算法和计算机病毒检测技术所存在的问题,总结诸多学者在这方面的改进方案和实施方法。2)根据切割空间的否定选择算法,提出一种应用于二进制生成串检测器的新型的切割否定选择算法(Cutting Negative Selection Algorithm, CNSA),此算法生成的检测器有效的减少了检测漏洞,消除冗余的检测器,并通过递增阈值减少检测器存在的黑洞,使系统只需少量的检测器即可检测出较全面的非自体检测器。3)结合树状层次模型和禁忌搜索算法,提出一种新型的禁忌人工免疫网络算法,通过设置匹配迭代次数T的阈值,对检测器施行禁忌表、记忆表和进化方向表之间的调度,通过对各个表里的检测器进行亲和力大小的排序,抑制检测器的个数,提高检测器的有效利用率和减少内存占用率。4)选取数据集,对数据进行实验和分析,来对算法进行验证,最后建立基于新型否定选择算法的计算机病毒检测系统,并进行性能分析。
【Abstract】 Computer virus detection system is a network security system to be used to detect threats or hazards to the host and the computer network code, Biological immune system is a mechanism to protect living organisms from harmful external pathogens, which has distributed parallel processing, self-organization, immune memory and robustness properties, Traditional computer virus detection technology is a passive defense technology, based on the immune system and computer virus detection system similarity, So we learn from the immune system theory to improve virus detection performance.This paper analyses the problems of the traditional negative selection algorithm, and introduced improvement and effort in these areas, Based on a cutting space negative selection algorithm, proposes a kind of a new cut negative selection algorithm which is used to detecting the binary string, this algorithm can eliminate redundant detectors, reduce the detector vulnerability, but also to some extent prevent the black hole; we also introduce the principles of the tree-level management system and tabu search strategy, this paper presents a new taboo artificial immune network algorithm which combinations of the tabu search algorithm and the artificial immune algorithm combines, to improve the detection search speed, update efficiency, saving the memory, this algorithm can achieve optimal global convergence; Finally, we analyses the selected data sets which selected from KDDCUP99 and tests show that the new negative selection algorithm has a higher detection efficiency, accuracy of detection and search speed, The main work of this paper is as follows,1) This paper analyzes the problems of the traditional negative selection and the computer virus detection technology, and concluded the improvements and implementation methods in the areas.2) According to the cutting space negative selection algorithm, we presents a new cutting negative selection algorithm (CNSA) which is applied to the binary string detector generates, this algorithm improves detector effectively reduce the detection loopholes, and eliminate the redundant detectors, reduce the existence of black holes detector, the system only a small number of selfsets can detect a more comprehensive non-self-detector.3) Based on the combination of the tree-level model and the tabu search algorithm, we design a new kind of taboo artificial immune network algorithm, By setting the threshold T, the detectors can transform between tables which are the taboo table, the memory table and the evolutionary table, According to the sort of the detector affinity, which can inhibit the number of detectors to improve the detector efficiency and reduce the effective memory utilization.4) Screening the data sets, analyzing data, we can select data to validate the algorithm, and finally the paper design a new computer virus detection system based on the cutting negative selection algorithm, and analyzes the performance of the model.
【Key words】 artificial immune algorithm; negative selection algorithm; Tabu search; computer virus detection; cutting; network intrusion detection;