新型否定选择算法的入侵检测模型研究及实现

发布时间：2018-08-20 12:06

【摘要】：随着计算机的不断发展及网络的普及,网络安全问题越发引起人们的注意。然而早期的被动防御技术因其自身的局限性,只能检测出已知攻击,已经不能够满足当今日益发展的网络需求。而现今的入侵检测系统作为一种新型的安全技术,可以很好地解决传统被动防御技术的局限性。本文鉴于免疫系统和入侵检测系统具有很大程度的相似性,即具有自治性、多样性、自适应性、耐受性和分布性等一系列特性,将免疫系统的相关原理和机制应用到入侵检测系统中,改进入侵检测系统模型,使之具有更好的可行性。该入侵检测模型是通过一种基于确定性拥挤的新型否定选择算法模拟T细胞的成熟机制来实现,是一种在人工免疫系统中基于自体/非自体的检测方法。现有的Forrest,Perelson等人提出的否定选择算法存在一些自身缺陷,造成了人工免疫系统对非自体的检测效率较低。本文通过实验发现,影响否定选择算法检测效率低的原因,是因为算法需要极其大量的检测器才能尽可能的完全覆盖异己空间,这在现实中是不可行的。因此如何能够平衡在一定检测器数量的基础上,最大化的覆盖异己空间是需要解决的问题。因此本文提出了基于确定性拥挤的新型否定选择算法,来改进传统否定算法在解决网络安全领域问题时存在的搜索空间大,运行效率低等问题。本文的主要工作是对入侵检测方面予以改进和提高。证明基于确定性拥挤的否定选择算法在不影响性能的前提下能够估计一个更精确方法的偏移量,生成一组较少的检测器,同时计算能力方面也更有效率。后经实验测试表明本文提出的基于确定性拥挤的否定选择算法相对于原始算法具有更高的检测效率和准确率。
[Abstract]:With the development of computer and the popularization of network, people pay more and more attention to the problem of network security. However, the early passive defense technology can only detect known attacks because of its own limitations, and can not meet the needs of the growing network. As a new security technology, intrusion detection system (IDS) can solve the limitation of traditional passive defense technology. In view of the fact that the immune system and the intrusion detection system are similar to each other to a great extent, that is, they have a series of characteristics, such as autonomy, diversity, adaptability, tolerance and distribution. The principle and mechanism of immune system are applied to intrusion detection system, and the model of intrusion detection system is improved to make it more feasible. The intrusion detection model is realized by a new negative selection algorithm based on deterministic crowding to simulate the maturation mechanism of T cells. It is a autologous / non-autologous detection method in the artificial immune system. The existing negative selection algorithm proposed by Forrest-Perelson et al has some defects, which results in the low detection efficiency of the artificial immune system for non-autologous detection. In this paper, we find that the reason of the low detection efficiency of the negative selection algorithm is that the algorithm needs a large number of detectors to completely cover the dissident space as far as possible, which is not feasible in reality. Therefore, how to balance the number of detectors and maximize the coverage of dissident space is a problem to be solved. In this paper, a new negative selection algorithm based on deterministic congestion is proposed to improve the problems of large search space and low running efficiency in solving the network security problems in the traditional negative selection algorithm. The main work of this paper is to improve the intrusion detection. It is proved that the deterministic congestion based negative selection algorithm can estimate the offset of a more accurate method without affecting its performance, generate a set of fewer detectors and be more efficient in computing power. The experimental results show that the proposed negative selection algorithm based on deterministic congestion has higher detection efficiency and accuracy than the original algorithm.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【相似文献】