基于人工免疫的入侵检测器生成研究
|
摘要
受生物免疫系统启发,模拟生物免疫系统原理、功能和模型的人工免疫为人们解决复杂的问题,提供了一种新的思路和方法。由于入侵检测系统的原理和生物免疫系统的原理在本质上的相似性,因此基于人工免疫的入侵检测系统成为计算机安全领域的一个新的研究热点。
基于人工免疫的入侵检测系统通过产生相对有限的检测器来检测相对无限的入侵,所以检测器的产生是基于人工免疫的入侵检测系统的核心,检测器性能的好坏严重影响入侵检测系统检测能力的大小。本文紧紧围绕检测器的生成这一核心问题进行了广泛深入的研究。
首先,在对入侵检测系统的作用、发展历程、实现技术和存在问题等方面进行简明而深入的综述后,对其发展趋势进行了展望;在介绍生物免疫系统的原理、层次结构和组成的基础上,分析了人工免疫中常用的算法。
其次,通过对否定选择算法研究和分析,指出了算法存在的问题,针对这个问题对算法进行了改进;为了提高检测器的性能,能够检测未知的入侵,采用基于小生境的克隆选择算法对检测器进行进化;在分析漏洞产生原因的基础上,提出了一种快速计算漏洞的算法,探讨了漏洞个数与自体集个数之间的关系和漏洞个数与匹配阈值之间关系。
最后,对改进的算法进行了仿真实验,通过理论分析和实验数据说明了改进算法的有效性。
Inspired by the biologic immune system, modeling of biological immune system principle, function and the model of artificial immune, providing a new thinking and method for people to solve complex problems. Because of the similarity between the intrusion detection system and biological immune system, apply artificial immune to intrusion detection system as the research becomes the focus in the field of computer security.
Based on artificial immune, intrusion detection system through the detector to produce relatively unlimited intrusion detection, therefore it is based on the detector artificial immune intrusion detection system, the core of the detector will have a direct impact on the detection performance of intrusion detection system. This paper is centering on the generating of detector for a more in-depth study.
First, in the brief review of the intrusion detection system, development, technology and the problems existing in the of its development trend, Then introduce biological immune system principle, structure and composition, on the basis of the analysis of the artificial immune algorithm.
Secondly, through to the negative selection algorithm analysis and study, points out the existing problems as well as the solution to the problem of the algorithm. In order to improve the performance of the detector, adopt the clonal selection algorithm based on niche for detector evolution; On the analysis of the causes of the holes has been put forward, based on a fast calculation of loopholes, probes into the number of holes algorithm with Self set number and the relationship between the number and the matching relation and threshold.
Finally, test the improved algorithm in simulation experiment to shows the effectiveness of the algorithm through theoretical analysis and experimental data.
基于人工免疫的入侵检测系统通过产生相对有限的检测器来检测相对无限的入侵,所以检测器的产生是基于人工免疫的入侵检测系统的核心,检测器性能的好坏严重影响入侵检测系统检测能力的大小。本文紧紧围绕检测器的生成这一核心问题进行了广泛深入的研究。
首先,在对入侵检测系统的作用、发展历程、实现技术和存在问题等方面进行简明而深入的综述后,对其发展趋势进行了展望;在介绍生物免疫系统的原理、层次结构和组成的基础上,分析了人工免疫中常用的算法。
其次,通过对否定选择算法研究和分析,指出了算法存在的问题,针对这个问题对算法进行了改进;为了提高检测器的性能,能够检测未知的入侵,采用基于小生境的克隆选择算法对检测器进行进化;在分析漏洞产生原因的基础上,提出了一种快速计算漏洞的算法,探讨了漏洞个数与自体集个数之间的关系和漏洞个数与匹配阈值之间关系。
最后,对改进的算法进行了仿真实验,通过理论分析和实验数据说明了改进算法的有效性。
Inspired by the biologic immune system, modeling of biological immune system principle, function and the model of artificial immune, providing a new thinking and method for people to solve complex problems. Because of the similarity between the intrusion detection system and biological immune system, apply artificial immune to intrusion detection system as the research becomes the focus in the field of computer security.
Based on artificial immune, intrusion detection system through the detector to produce relatively unlimited intrusion detection, therefore it is based on the detector artificial immune intrusion detection system, the core of the detector will have a direct impact on the detection performance of intrusion detection system. This paper is centering on the generating of detector for a more in-depth study.
First, in the brief review of the intrusion detection system, development, technology and the problems existing in the of its development trend, Then introduce biological immune system principle, structure and composition, on the basis of the analysis of the artificial immune algorithm.
Secondly, through to the negative selection algorithm analysis and study, points out the existing problems as well as the solution to the problem of the algorithm. In order to improve the performance of the detector, adopt the clonal selection algorithm based on niche for detector evolution; On the analysis of the causes of the holes has been put forward, based on a fast calculation of loopholes, probes into the number of holes algorithm with Self set number and the relationship between the number and the matching relation and threshold.
Finally, test the improved algorithm in simulation experiment to shows the effectiveness of the algorithm through theoretical analysis and experimental data.
引文
[1]Forrest S, Perelson A, Allen L, et al. Self-Nonself discrimination in a computer[C]. Proceedings of IEEE Symposium on Research in Security and Privacy. Oakland,1994: 202~212.
[2]Hofmeyr S A, Forrest S. Immunity by Design:An Artificial Immune System [C]. Proceedings of the Genetic and Evolutionary Computation Conference. Morgan-Kaufmann, San Francisco, CA,1999:1289-1296.
[3]Forrest S, Hofmeyr S A. Architecture for an Artificial Immune System[J].Evolutionary Computation,2000,8(4):443~473.
[4]Dasgupta D, Nino. A Comparison of Negative and Positive Selection Algorithms in Novel Patern Detection[C]. Proceedings of the IEEE International Conference on Systems, Man and Cybernetics, Nashville,2000:1002~1011.
[5]Dasgupta D, Gonzalez F. An Immunogenetic Approach to Intrusion Detection[R]. CS Technical Report, the University of Memphis,2001:568~579.
[6]Dasgupta D, Gonzalez F. An Immunity-Based Technique to Characterize Intrusions in Computer Networks [J]. IEEE Transactions on Evolutionary Computation,2002.6(3): 281~291.
[7]Dasgupta D, Gonzalez F. Neuron-Immune and Self-Organizing Map Approaches to Anomaly Detection:A Comparison[C]. Proceedings of the 1st International Conference on Artificial Immune Systems, Canterbury, UK,2002:203~211.
[8]Kim J, Bentley P. The Artificial Immune Model for Network Intrusion Detection[C]. Proceedings of 7th European Congress on Intelligent Techniques and Soft Computing, Aachen, Germany,1999.
[9]Kim J, Bentley P. The Human Immune System and Network Intrusion Detection[C]. Proceedings of 7th European Congress on Intelligent Techniques and Soft Computing, Aachen, Germany,1999.
[10]苏璞睿,李德全,冯登国.基于基因规划的主机异常入侵检测模型[J].软件学报,2003,14(06):1120~1126.
[11]吴志坚,董红斌,薛童等.用牢笼机制对AIS的Self集进行再评估[C].计算机工程与应用,2004,86~88.
[12]李涛.一种基于免疫的动态入侵检测模型[C].科学通报,2005,50(17):1912~1919.
[13]李涛.基于免疫的网络监控模型[C].计算机学报,2006,29(9):1515~1522.
[14]闫巧,谢维信.自然免疫原理对信息安全防护技术的启示[C].系统工程与电子技术,2002,24(11):94~99.
[15]Anderson J P. Computer security threat monitoring and surveillance [R]. PA 19034, USA, 1980.
[16]Denning D E. An Intrusion-Detection Model [C]. IEEE Transaction on Software Engineering,1987, SE-13:222-232.
[17]Heberlein L T. Network Security Monitor[R].1990.
[18]唐正军、李建华.入侵检测技术[M].北京:清华大学出版社,2004.
[19]丛慧源.浅析入侵检测系统存在问题及发展趋势[C].电脑知识与技术,2009,5(4):796~797.
[20]Fei Yu, Xiaoping Dai, Yue Shen. et al. Intrusion Detection and Simulation for High-speed Networks[C]. IEEE,2005:835~840.
[21]薛强.网络入侵检测系统NIDS的新技术研究[D].天津大学,2004.
[22]吴敏毓,刘恭植.医学免疫学[M].合肥:中国科技大学出版社,1995.
[23]李涛.计算机免疫学[M].北京:电子工业出版社,2004.
[24]龚非力.医学免疫学[M].北京:科学出版社,2003.
[25]莫宏伟.人工免疫系统原理和应用[M].哈尔滨:哈尔滨工业大学出版社,2003.
[26]Timmis J, Knight T. Artificial Immunes System:Using The Immune System as Inspiration for Data Mining[J]. Abbass HA, Sarker RA, Newton Cseds. Data Mining:A Heuristic Approach. Hershey:Idea Publishing Group,2001:209~230.
[27]张成宇.人工免疫技术在入侵检测中的应用研究[D].贵州大学,2008.
[28]豊小凯.基于人工免疫的入侵检测器算法研究[D].重庆大学,2008.
[29]Castro L N, Timmis J I. Artificial Immune System:A New Computational Intelligence Approach[M]. London:Springer-Verlag,2002.
[30]洪华秀.生物免疫原理在入侵检测系统中的应用探索[D].南昌大学,2007.
[31]李鑫鑫.检测器的覆盖问题研究[D].哈尔滨理工大学,2008.
[32]张大亮.生物免疫原理在入侵检测中的应用研究[D].武汉理工大学,2006.
[33]姜恩龙.基于否定选择的检测器生成算法研究[D].哈尔滨理工大学,2007.
[34]Esponda F, Forrest S, Helman P et al. A Formal Framework for Positive and Negative Detection Schemes[J]. IEEE Transactions on Systems Man and Cybernetics Part B: Cybernetics,2004,34(1):357-373.
[35]鲁云平.基于免疫原理的网络入侵检测算法改进[J].计算机科学,2008,35(9):116-118.
[36]Harmer P K, Williams P D, Gunsch G H et al. An artificial immune system architecture for computer security application[J]. IEEE Transaction on Evolutionary computation,2002,6(3): 252-280.
[37]张宇,周喜川,沈海彬.基于海明距离的阴性选择算法的改进[J].机电工程,2007,24(9):1-4.
[38]郭庚麒.基于海明距离的多重否定选择异常检测算法[J].微计算机应用,2009,30(5):5-11.
[39]张衡,吴礼发,张毓森.一种r可变阴性选择算法及仿真分析[J].计算机学报,2005,28(10):1614-1619.
[40]刘悦,张凤斌.一种可变阈值检测器生成算法的研究[J].计算机应用,2007,26(5):72-74.
[41]Stibor T, Mohr P, Timmis J. Is negative selection appropriate for anomaly detection:GECCO, Washington[C].321-328.
[42]刘星宝,蔡自兴.异常检测系统的漏洞分析[J].中南大学学报(自然科学版),2009,40(4):986-992.
[43]魏春英.基于免疫原理的入侵检测中的漏洞研究[C].计算机工程,2009,35(11):146-147.
[44]Burnet F M. The Clonal Selection Theory of Acquired Immunity[M]. Cambridge University Press,1959.
[45]Castro De, Zuben Von. Learning and Optimization Using the Clonal Principle[C]. IEEE Transactions on Evolutionary Computation, Special Issue on Selection Artificial Immune Systems.2001.
[2]Hofmeyr S A, Forrest S. Immunity by Design:An Artificial Immune System [C]. Proceedings of the Genetic and Evolutionary Computation Conference. Morgan-Kaufmann, San Francisco, CA,1999:1289-1296.
[3]Forrest S, Hofmeyr S A. Architecture for an Artificial Immune System[J].Evolutionary Computation,2000,8(4):443~473.
[4]Dasgupta D, Nino. A Comparison of Negative and Positive Selection Algorithms in Novel Patern Detection[C]. Proceedings of the IEEE International Conference on Systems, Man and Cybernetics, Nashville,2000:1002~1011.
[5]Dasgupta D, Gonzalez F. An Immunogenetic Approach to Intrusion Detection[R]. CS Technical Report, the University of Memphis,2001:568~579.
[6]Dasgupta D, Gonzalez F. An Immunity-Based Technique to Characterize Intrusions in Computer Networks [J]. IEEE Transactions on Evolutionary Computation,2002.6(3): 281~291.
[7]Dasgupta D, Gonzalez F. Neuron-Immune and Self-Organizing Map Approaches to Anomaly Detection:A Comparison[C]. Proceedings of the 1st International Conference on Artificial Immune Systems, Canterbury, UK,2002:203~211.
[8]Kim J, Bentley P. The Artificial Immune Model for Network Intrusion Detection[C]. Proceedings of 7th European Congress on Intelligent Techniques and Soft Computing, Aachen, Germany,1999.
[9]Kim J, Bentley P. The Human Immune System and Network Intrusion Detection[C]. Proceedings of 7th European Congress on Intelligent Techniques and Soft Computing, Aachen, Germany,1999.
[10]苏璞睿,李德全,冯登国.基于基因规划的主机异常入侵检测模型[J].软件学报,2003,14(06):1120~1126.
[11]吴志坚,董红斌,薛童等.用牢笼机制对AIS的Self集进行再评估[C].计算机工程与应用,2004,86~88.
[12]李涛.一种基于免疫的动态入侵检测模型[C].科学通报,2005,50(17):1912~1919.
[13]李涛.基于免疫的网络监控模型[C].计算机学报,2006,29(9):1515~1522.
[14]闫巧,谢维信.自然免疫原理对信息安全防护技术的启示[C].系统工程与电子技术,2002,24(11):94~99.
[15]Anderson J P. Computer security threat monitoring and surveillance [R]. PA 19034, USA, 1980.
[16]Denning D E. An Intrusion-Detection Model [C]. IEEE Transaction on Software Engineering,1987, SE-13:222-232.
[17]Heberlein L T. Network Security Monitor[R].1990.
[18]唐正军、李建华.入侵检测技术[M].北京:清华大学出版社,2004.
[19]丛慧源.浅析入侵检测系统存在问题及发展趋势[C].电脑知识与技术,2009,5(4):796~797.
[20]Fei Yu, Xiaoping Dai, Yue Shen. et al. Intrusion Detection and Simulation for High-speed Networks[C]. IEEE,2005:835~840.
[21]薛强.网络入侵检测系统NIDS的新技术研究[D].天津大学,2004.
[22]吴敏毓,刘恭植.医学免疫学[M].合肥:中国科技大学出版社,1995.
[23]李涛.计算机免疫学[M].北京:电子工业出版社,2004.
[24]龚非力.医学免疫学[M].北京:科学出版社,2003.
[25]莫宏伟.人工免疫系统原理和应用[M].哈尔滨:哈尔滨工业大学出版社,2003.
[26]Timmis J, Knight T. Artificial Immunes System:Using The Immune System as Inspiration for Data Mining[J]. Abbass HA, Sarker RA, Newton Cseds. Data Mining:A Heuristic Approach. Hershey:Idea Publishing Group,2001:209~230.
[27]张成宇.人工免疫技术在入侵检测中的应用研究[D].贵州大学,2008.
[28]豊小凯.基于人工免疫的入侵检测器算法研究[D].重庆大学,2008.
[29]Castro L N, Timmis J I. Artificial Immune System:A New Computational Intelligence Approach[M]. London:Springer-Verlag,2002.
[30]洪华秀.生物免疫原理在入侵检测系统中的应用探索[D].南昌大学,2007.
[31]李鑫鑫.检测器的覆盖问题研究[D].哈尔滨理工大学,2008.
[32]张大亮.生物免疫原理在入侵检测中的应用研究[D].武汉理工大学,2006.
[33]姜恩龙.基于否定选择的检测器生成算法研究[D].哈尔滨理工大学,2007.
[34]Esponda F, Forrest S, Helman P et al. A Formal Framework for Positive and Negative Detection Schemes[J]. IEEE Transactions on Systems Man and Cybernetics Part B: Cybernetics,2004,34(1):357-373.
[35]鲁云平.基于免疫原理的网络入侵检测算法改进[J].计算机科学,2008,35(9):116-118.
[36]Harmer P K, Williams P D, Gunsch G H et al. An artificial immune system architecture for computer security application[J]. IEEE Transaction on Evolutionary computation,2002,6(3): 252-280.
[37]张宇,周喜川,沈海彬.基于海明距离的阴性选择算法的改进[J].机电工程,2007,24(9):1-4.
[38]郭庚麒.基于海明距离的多重否定选择异常检测算法[J].微计算机应用,2009,30(5):5-11.
[39]张衡,吴礼发,张毓森.一种r可变阴性选择算法及仿真分析[J].计算机学报,2005,28(10):1614-1619.
[40]刘悦,张凤斌.一种可变阈值检测器生成算法的研究[J].计算机应用,2007,26(5):72-74.
[41]Stibor T, Mohr P, Timmis J. Is negative selection appropriate for anomaly detection:GECCO, Washington[C].321-328.
[42]刘星宝,蔡自兴.异常检测系统的漏洞分析[J].中南大学学报(自然科学版),2009,40(4):986-992.
[43]魏春英.基于免疫原理的入侵检测中的漏洞研究[C].计算机工程,2009,35(11):146-147.
[44]Burnet F M. The Clonal Selection Theory of Acquired Immunity[M]. Cambridge University Press,1959.
[45]Castro De, Zuben Von. Learning and Optimization Using the Clonal Principle[C]. IEEE Transactions on Evolutionary Computation, Special Issue on Selection Artificial Immune Systems.2001.