生物免疫原理在入侵检测系统中的应用探索
|
摘要
随着计算机应用的日益普及和信息网络技术的飞速发展,网络安全问题越来越显示出其重要性。作为防火墙的有益补充,入侵检测技术引起了广泛的关注,但是目前的入侵检测系统大多是基于误用检测技术,只能检测出已知的入侵,存在着一定的漏检率。生物免疫系统和计算机网络入侵检测系统具有很大的相似性,它为人们研究入侵检测技术提供了全新的思路。本论文正是在这样的背景下,并且在学习前人研究成果的基础上进行的。主要的内容有:
1、介绍入侵检测系统在网络防护中的作用以及其产生和发展的历程,同时分析目前入侵检测技术所存在的缺陷和发展趋势。
2、讨论生物免疫系统的原理、层次结构和组成,分析生物免疫机制和相关的免疫算法。
3、建立一个结合误用检测技术和异常检测技术相结合的入侵检测系统,详细描述了系统的实验流程。改进R-连续位匹配阴性选择算法生成成熟检测器集合。
4、进行系统仿真实验,验证其检测新的入侵的能力。同时分析了基于生物免疫入侵检测系统的优点和缺点。
With the popularization of computer and rapid development of internet information technique, the security issues of network becomes more and more important. As a helpful supply for firework, Intrusion Detection technique attracts popular attention. However, most existing IDS products which adopt simple pattern matching technology only can detect known attacking patterns, and will lost some intrusions.
Computer intrusion detection system is so similar with biology immune system that we can get new ideas to design IDS through study biology immune principal. Based on existing conclusions, The primary works of this paper are as follows:
1、The function, history of IDS are introduced, the disadvantages and the development in which the IDS will follow in the future are pointed out.
2、The principal, makeup, structure of biology immune system are discussed, and the immune algorithms relative to IDS are analyzed.
3、A new IDS which involves two existing detect techniques are given, and the negative selection algorithm based on R-consecutive matching method is improved.
4、Experiment are given to prove the function of the IDS based on immunological principles, and the advantage and disadvantage of this nwe IDS also be indicated by the experiment results.
1、介绍入侵检测系统在网络防护中的作用以及其产生和发展的历程,同时分析目前入侵检测技术所存在的缺陷和发展趋势。
2、讨论生物免疫系统的原理、层次结构和组成,分析生物免疫机制和相关的免疫算法。
3、建立一个结合误用检测技术和异常检测技术相结合的入侵检测系统,详细描述了系统的实验流程。改进R-连续位匹配阴性选择算法生成成熟检测器集合。
4、进行系统仿真实验,验证其检测新的入侵的能力。同时分析了基于生物免疫入侵检测系统的优点和缺点。
With the popularization of computer and rapid development of internet information technique, the security issues of network becomes more and more important. As a helpful supply for firework, Intrusion Detection technique attracts popular attention. However, most existing IDS products which adopt simple pattern matching technology only can detect known attacking patterns, and will lost some intrusions.
Computer intrusion detection system is so similar with biology immune system that we can get new ideas to design IDS through study biology immune principal. Based on existing conclusions, The primary works of this paper are as follows:
1、The function, history of IDS are introduced, the disadvantages and the development in which the IDS will follow in the future are pointed out.
2、The principal, makeup, structure of biology immune system are discussed, and the immune algorithms relative to IDS are analyzed.
3、A new IDS which involves two existing detect techniques are given, and the negative selection algorithm based on R-consecutive matching method is improved.
4、Experiment are given to prove the function of the IDS based on immunological principles, and the advantage and disadvantage of this nwe IDS also be indicated by the experiment results.
引文
[1] Kim J, Bentley P. An Evaluation of Negative Selection in an Artificial Immune System for Network Intrusion Detection[C]. Proceedings of the Genetic and Evolutionary Computation Conference (GECCO-z2001). 2001: 1330-1337
[2] 贾皓昕.基于免疫原理的入侵检测系统研究.西安电子科技大学.2005:1
[3] S. Forrest, Perelson. A Self-nonselfdiscrimination in a computer Research in Security and Privacy. Proceedings IEEE Computer Society Symposium on. 1994
[4] S. Hofmeyr, S. Forrest. A Somayaji Intrusion Detection Using Sequences of System Calls. Journal of Computer Security. 1998
[5] 葛丽娜,钟诚.基于人工免疫的入侵检测系统负选择并行算法.计算机工程.第31卷,第12期
[6] 刘继洲.基于免疫机理的网络入侵检测模型的研究.四川大学.2005.5
[7] 唐正军.入侵检测技术导论.机械工业出版社.2004.4
[8] cohen Fred. Intrusion Detection and Response. Computer & Security. volume 16, December 2004
[9] 薛静锋,宁宇鹏,阎慧.入侵检测技术.机械工业出版社.2004.4
[10] 吴作顺.基于免疫学的入侵检测系统研究.国防科技大学.2003.4
[11] 张鄢.基于人工免疫的入侵检测技术的研究.上海交通大学.2005.1
[12] 付兴兵,刘光远.入侵检测技术分类与比较研究.西南大学电子信息工程学院.2006.8(25)
[13] http: //uhaweb.hartford.edu/BUGL/immune.htm
[14] 吴敏毓,刘恭植.医学免疫学.中国科学技术大学出版社.1995
[15] 李涛.计算机免疫学.电子工业出版社.2004.7
[16] 张大亮.生物免疫原理在入侵检测中的应用研究.武汉理工大学.2006.4
[17] 陈军敢.基于人工免疫系统的入侵检测器生成算法研究.浙江工业大学.2005.5
[18] 吴作顺.基于免疫学的入侵检测系统研究.国防科技大学.2003.4
[19] 秦海玉.基于免疫原理的入侵检测系统的介绍与研究.电子科技大学.2004.3
[20] 鲁云平.基于免疫原理的网络入侵检测技术研究.重庆大学.2003.6
[21] 刘加礼.基于人体免疫原理的分布式入侵检测系统研究与实现.上海交通大学.2003
[22] 郑艳君,王曙霞.基于人工免疫原理的入侵检测研究.武汉大学计算机学院.2004.12
[23] 马书月.基于免疫原理的入侵检测技术研究.华中科技大学.2006.5
[24] 梁可心,李涛,刘勇,陈桓.一种基于人工免疫理论的新型入侵检测模型.计算机工程与应用.2005.2(129)
[25] 杨沿航,江子扬.基于免疫的入侵检测系统模型.哈尔滨师范大学自然科学学报.第20卷,第3期
[26] 尹峰,邓小鹏,许四毛.生物免疫机理在计算机安全领域的应用与发展.安徽电子信息职业技术学院学报.2004第5、6期(3)
[27] 葛红.免疫算法综述。华南师范大学学报.2003(3)
[28] 卢嫦娟。入侵检测免疫细胞的有效性.武汉大学硕士.2003年
[29] http://www.dcs.kcl.ac.uk/staff/jungwon/computer Immune.html
[30] 吴泽俊,梁意文,钱立进.入侵检测系统中基于免疫的克隆选择算法.计算机工程,第30卷,第6期
[31] 唐正军.网络入侵检测系统的设计与实现。电子工业出版社,2002
[32] Brian Caswell, Jay Beale, James C.Foster, Jeffrey Posluns. Snort 2.0 Intrusion Detection. 国防工业初版社. 2004.1
[33] Beghdad, Rachid Modeling and Solving the Intrusion Detection Problem In Computer Network. Computer & Security . volume 23, December 2004
[34] 韩健,张乐,蔡瑞英.基于人工免疫算法的入侵检测系统.南京工业大学.2003.2
[35] 姜梅.基于生物免疫系统的计算机入侵检测技术研究.南京航空航天大学.2001.1
[36] HuWenjing, LiMing, QiuRunhe, LiuJingao. Real-time Capturing andMeasunrement of Traffic Flow Based on winPcap. 1 .school of information Science & Technology, East China Normal University. 2. College of Information Science & Technology, Donghua University, . 3. Dept. of Physics & Electronics Information, Hunan Institute of Science & Technology 2005.4
[37] 罗军舟 黎波涛 杨明 吴俊 黄健编著.TCPhP协议及网络编程技术.清华大学出版社.2004年10月第1版
[38] 刘少君.基于协议分析的网络入侵检测系统的研究与设计。河海大学.2006.4
[39] S. A. Hofmeyr and S. Forrest. Immunity by design: An Artificial Immune System. Proceedings of the Genetic and Evolutionary Computation Conference(GECCO). San Francisco, CA, pp1289-1296, 1999
[40] Jungwon Kim and Peter J. Bentley. An Evaluation of Negative Selection in an Artificial ImmuneSystem. GECCO-2001, San Francisco, CA, 2001, 1320-1337
[2] 贾皓昕.基于免疫原理的入侵检测系统研究.西安电子科技大学.2005:1
[3] S. Forrest, Perelson. A Self-nonselfdiscrimination in a computer Research in Security and Privacy. Proceedings IEEE Computer Society Symposium on. 1994
[4] S. Hofmeyr, S. Forrest. A Somayaji Intrusion Detection Using Sequences of System Calls. Journal of Computer Security. 1998
[5] 葛丽娜,钟诚.基于人工免疫的入侵检测系统负选择并行算法.计算机工程.第31卷,第12期
[6] 刘继洲.基于免疫机理的网络入侵检测模型的研究.四川大学.2005.5
[7] 唐正军.入侵检测技术导论.机械工业出版社.2004.4
[8] cohen Fred. Intrusion Detection and Response. Computer & Security. volume 16, December 2004
[9] 薛静锋,宁宇鹏,阎慧.入侵检测技术.机械工业出版社.2004.4
[10] 吴作顺.基于免疫学的入侵检测系统研究.国防科技大学.2003.4
[11] 张鄢.基于人工免疫的入侵检测技术的研究.上海交通大学.2005.1
[12] 付兴兵,刘光远.入侵检测技术分类与比较研究.西南大学电子信息工程学院.2006.8(25)
[13] http: //uhaweb.hartford.edu/BUGL/immune.htm
[14] 吴敏毓,刘恭植.医学免疫学.中国科学技术大学出版社.1995
[15] 李涛.计算机免疫学.电子工业出版社.2004.7
[16] 张大亮.生物免疫原理在入侵检测中的应用研究.武汉理工大学.2006.4
[17] 陈军敢.基于人工免疫系统的入侵检测器生成算法研究.浙江工业大学.2005.5
[18] 吴作顺.基于免疫学的入侵检测系统研究.国防科技大学.2003.4
[19] 秦海玉.基于免疫原理的入侵检测系统的介绍与研究.电子科技大学.2004.3
[20] 鲁云平.基于免疫原理的网络入侵检测技术研究.重庆大学.2003.6
[21] 刘加礼.基于人体免疫原理的分布式入侵检测系统研究与实现.上海交通大学.2003
[22] 郑艳君,王曙霞.基于人工免疫原理的入侵检测研究.武汉大学计算机学院.2004.12
[23] 马书月.基于免疫原理的入侵检测技术研究.华中科技大学.2006.5
[24] 梁可心,李涛,刘勇,陈桓.一种基于人工免疫理论的新型入侵检测模型.计算机工程与应用.2005.2(129)
[25] 杨沿航,江子扬.基于免疫的入侵检测系统模型.哈尔滨师范大学自然科学学报.第20卷,第3期
[26] 尹峰,邓小鹏,许四毛.生物免疫机理在计算机安全领域的应用与发展.安徽电子信息职业技术学院学报.2004第5、6期(3)
[27] 葛红.免疫算法综述。华南师范大学学报.2003(3)
[28] 卢嫦娟。入侵检测免疫细胞的有效性.武汉大学硕士.2003年
[29] http://www.dcs.kcl.ac.uk/staff/jungwon/computer Immune.html
[30] 吴泽俊,梁意文,钱立进.入侵检测系统中基于免疫的克隆选择算法.计算机工程,第30卷,第6期
[31] 唐正军.网络入侵检测系统的设计与实现。电子工业出版社,2002
[32] Brian Caswell, Jay Beale, James C.Foster, Jeffrey Posluns. Snort 2.0 Intrusion Detection. 国防工业初版社. 2004.1
[33] Beghdad, Rachid Modeling and Solving the Intrusion Detection Problem In Computer Network. Computer & Security . volume 23, December 2004
[34] 韩健,张乐,蔡瑞英.基于人工免疫算法的入侵检测系统.南京工业大学.2003.2
[35] 姜梅.基于生物免疫系统的计算机入侵检测技术研究.南京航空航天大学.2001.1
[36] HuWenjing, LiMing, QiuRunhe, LiuJingao. Real-time Capturing andMeasunrement of Traffic Flow Based on winPcap. 1 .school of information Science & Technology, East China Normal University. 2. College of Information Science & Technology, Donghua University, . 3. Dept. of Physics & Electronics Information, Hunan Institute of Science & Technology 2005.4
[37] 罗军舟 黎波涛 杨明 吴俊 黄健编著.TCPhP协议及网络编程技术.清华大学出版社.2004年10月第1版
[38] 刘少君.基于协议分析的网络入侵检测系统的研究与设计。河海大学.2006.4
[39] S. A. Hofmeyr and S. Forrest. Immunity by design: An Artificial Immune System. Proceedings of the Genetic and Evolutionary Computation Conference(GECCO). San Francisco, CA, pp1289-1296, 1999
[40] Jungwon Kim and Peter J. Bentley. An Evaluation of Negative Selection in an Artificial ImmuneSystem. GECCO-2001, San Francisco, CA, 2001, 1320-1337