基于人工免疫算法的入侵检测研究

发布时间：2018-02-21 03:46

本文关键词： 入侵检测人工免疫多种群克隆选择算法匹配规则　出处：《华北理工大学》2015年硕士论文　论文类型：学位论文

【摘要】：在互联网高速发展的时代,网络安全越来越受到青睐,入侵检测在其中的地位也与日俱增。传统的入侵检测方法对规则库数据的依赖性较强,且不能识别未知攻击。研究者将人工免疫引入到检测领域中,使得它在理论上有了新的突破。基于人工免疫的入侵检测是入侵检测领域研究的一个新方向,它的研究取得了很多成果,但是仍然存在检测率低、误报率高的问题。所以,该领域的研究重点依然是通过不同的手段提高检测效果。在深入了解入侵检测和人工免疫的基础上,针对现有免疫算法存在的优缺点,选取克隆选择算法和多种群免疫算法进行研究。将多种群免疫算法的并行机制、杂交算子、传优算子引入到克隆选择算法中,结合这两种算法的优点,提出了多种群克隆选择算法。然后,结合kddcup99数据集的特点,把经过编码、去重的四种攻击类型数据作为多种群克隆选择算法的初始种群进行免疫操作,输出最优群体。对常用的基于字符串匹配的r-匹配规则进行分析,通过概率匹配公式说明r值对匹配效果的影响,指出基于kdcup99数据集的二进制字符串存在长度过长、不易测试最优r值等问题,并针对存在的问题对该匹配算法做出了改进。最后,通过kddcup99数据集对设计的免疫算法进行仿真试验。根据正常数据远大于异常数据的原则,不同攻击类型的测试数据集通过自体集进行过滤,过滤后的数据与最优群体进行匹配,并对实验结果进行分析。结果表明,设计的免疫算法能够提高入侵检测的检测率。
[Abstract]:In the era of rapid development of the Internet, network security is more and more popular, and intrusion detection is becoming more and more important. Traditional intrusion detection methods rely heavily on rule-base data. The researchers introduced artificial immunity into the field of detection, which made it a new breakthrough in theory. Intrusion detection based on artificial immunity is a new direction in the field of intrusion detection. Its research has made a lot of achievements, but it still has the problems of low detection rate and high false alarm rate. The research focus in this field is still to improve the detection effect by different means. On the basis of in-depth understanding of intrusion detection and artificial immunity, the advantages and disadvantages of existing immune algorithms are pointed out. The parallel mechanism of multi-swarm immune algorithm, hybrid operator and optimal operator are introduced into the clonal selection algorithm, and the advantages of these two algorithms are combined. Then, considering the characteristics of kddcup99 data set, four kinds of attack type data, which are coded and removed, are used as the initial population of the multi-colony clone selection algorithm. The r-matching rule based on string matching is analyzed, the effect of r value on matching effect is explained by probability matching formula, and the length of binary string based on kdcup99 dataset is pointed out. It is difficult to test the optimal r value, and the matching algorithm is improved for the existing problems. Finally, the immune algorithm is simulated through the kddcup99 dataset. According to the principle that the normal data is far larger than the abnormal data, The test data sets of different attack types are filtered by autologous sets, the filtered data are matched with the optimal population, and the experimental results are analyzed. The results show that the designed immune algorithm can improve the detection rate of intrusion detection.
【学位授予单位】：华北理工大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP393.08;TP18

【参考文献】