改进混合遗传算法在免疫入侵检测模型中的应用研究
|
摘要
信息的共享和网络的开放给我们带来了便利,同时也对信息安全提出了更高的要求。网络与信息安全已经成为信息系统的关键问题。
本文研究生物免疫系统的学习与检测机制,入侵检测系统的技术和构成,基于传统的GA理论模型,拟利用均匀设计抽样的理论,对遗传算法中的交叉遗传算子进行了重新设计、对染色体的相似度及其相关内容进行了改进,并结合进局部搜索策略给出一种改进的混合遗传算法HGA;引入检测器冗余优化这一概念及其相关内容,使染色体的相似度与检测器冗余建立关联,针对检测器算法收敛速度慢并且容易陷入早熟的缺点,拟采用上述改进的HGA对成熟检测器进行进化,进而给出一种检测器优化新方案和一个基于HGA的免疫入侵检测模型。最后拟通过对“算法”和“模型”进行仿真实验,验证了算法和模型的可行性和有效性。
首先,研究入侵检测和生物免疫的相关原理与技术。从入侵检测的概念、功能、作用、基本结构入手,并进一步研究入侵检测系统分析方法、发展趋势和发展方向。同时,分析人工免疫系统的工作原理和机制,并将生物免疫系统与入侵检测进行类比。研究基于免疫机制的入侵检测系统的模型。
然后,研究基于改进混合遗传算法的免疫入侵检测模型。拟讨论对混合遗传算法的改进,对遗传算子进行讨论和设计,并将改进的混合遗传算法应用于对检测器的改进当中。进而给出改进的入侵检测系统模型的体系结构,并介绍各模块的工作流程。
最后,通过对仿真实验及实验结果的分析。对前文给出的改进策略和改进结果进行检测和实验,得出结论。
Information sharing and networks opening bring us the convenience, but also put higher information security requirements at the same time. Network and information security has become a key issue of information systems.
This paper studies the learning and detection mechanisms of biological immune system, the technologies and composition of intrusion detection system, based on the traditional GA theoretical models, to be intended use the theory of uniform design sampling(UDS), has been redesigned the crossover genetic operator in genetic algorithm, improved the chromosome similarity and its related content, incorporated into the local search strategy, gives an improved hybrid genetic algorithm(HGA); pull in the conception of detector redundancy and its relevant content, so that, associate detector redundancy with chromosome similarity. Using the HGA to evolution the mature detectors, then gives a new program of detector optimization and an immuno-intrusion detection model based on improved HGA. The final simulation experiment of the "algorithm" and "model" which is mentioned above test and verify the feasibility and validity of the "algorithm" and "model". This program maintains the diversity and efficiency of detector, can be validate to have the better performance in searching velocity, global optimal search ability and improving detection rate and reducing false alarm rate to a certain degree.
First, study the related principles and technologies of intrusion detection and biological immune. From the concept of intrusion detection, function, effect, the basic structure to start, and further to study the analysis methods of intrusion detection systems, trends of development. At the same time, analysis the principle and mechanism of artificial immune system working compare the biological immune system with intrusion detection. Research the intrusion detection system model based on immune mechanisms.
Then, research the immune intrusion detection model based on improved hybrid genetic algorithm. Prepared to discuss the improvements of the hybrid genetic algorithm, discuss and design the genetic operators, and apply the improved hybrid genetic algorithm in the detector improvements. Thus gives an improved model of intrusion detection system architecture and describes the working flow of each module.
Finally, through the analysis of simulation and experimental results, test the improvement strategy, to reach a conclusion.
本文研究生物免疫系统的学习与检测机制,入侵检测系统的技术和构成,基于传统的GA理论模型,拟利用均匀设计抽样的理论,对遗传算法中的交叉遗传算子进行了重新设计、对染色体的相似度及其相关内容进行了改进,并结合进局部搜索策略给出一种改进的混合遗传算法HGA;引入检测器冗余优化这一概念及其相关内容,使染色体的相似度与检测器冗余建立关联,针对检测器算法收敛速度慢并且容易陷入早熟的缺点,拟采用上述改进的HGA对成熟检测器进行进化,进而给出一种检测器优化新方案和一个基于HGA的免疫入侵检测模型。最后拟通过对“算法”和“模型”进行仿真实验,验证了算法和模型的可行性和有效性。
首先,研究入侵检测和生物免疫的相关原理与技术。从入侵检测的概念、功能、作用、基本结构入手,并进一步研究入侵检测系统分析方法、发展趋势和发展方向。同时,分析人工免疫系统的工作原理和机制,并将生物免疫系统与入侵检测进行类比。研究基于免疫机制的入侵检测系统的模型。
然后,研究基于改进混合遗传算法的免疫入侵检测模型。拟讨论对混合遗传算法的改进,对遗传算子进行讨论和设计,并将改进的混合遗传算法应用于对检测器的改进当中。进而给出改进的入侵检测系统模型的体系结构,并介绍各模块的工作流程。
最后,通过对仿真实验及实验结果的分析。对前文给出的改进策略和改进结果进行检测和实验,得出结论。
Information sharing and networks opening bring us the convenience, but also put higher information security requirements at the same time. Network and information security has become a key issue of information systems.
This paper studies the learning and detection mechanisms of biological immune system, the technologies and composition of intrusion detection system, based on the traditional GA theoretical models, to be intended use the theory of uniform design sampling(UDS), has been redesigned the crossover genetic operator in genetic algorithm, improved the chromosome similarity and its related content, incorporated into the local search strategy, gives an improved hybrid genetic algorithm(HGA); pull in the conception of detector redundancy and its relevant content, so that, associate detector redundancy with chromosome similarity. Using the HGA to evolution the mature detectors, then gives a new program of detector optimization and an immuno-intrusion detection model based on improved HGA. The final simulation experiment of the "algorithm" and "model" which is mentioned above test and verify the feasibility and validity of the "algorithm" and "model". This program maintains the diversity and efficiency of detector, can be validate to have the better performance in searching velocity, global optimal search ability and improving detection rate and reducing false alarm rate to a certain degree.
First, study the related principles and technologies of intrusion detection and biological immune. From the concept of intrusion detection, function, effect, the basic structure to start, and further to study the analysis methods of intrusion detection systems, trends of development. At the same time, analysis the principle and mechanism of artificial immune system working compare the biological immune system with intrusion detection. Research the intrusion detection system model based on immune mechanisms.
Then, research the immune intrusion detection model based on improved hybrid genetic algorithm. Prepared to discuss the improvements of the hybrid genetic algorithm, discuss and design the genetic operators, and apply the improved hybrid genetic algorithm in the detector improvements. Thus gives an improved model of intrusion detection system architecture and describes the working flow of each module.
Finally, through the analysis of simulation and experimental results, test the improvement strategy, to reach a conclusion.
引文
[1] CNNIC《中国互联网发展状况统计报告》[R].2008年1月.
[2]《国家计算机网络应急技术处理协调中心(CNCERT/CC)2006统计报告》[R].2007年1月.
[3]蒋建春,冯灯国.网路入侵检测原理与技术[M].北京,国防工业出版社,2004,7.
[4]徐小龙,王文国.纵论新一代入侵检测系统[J].科技信息,2005,(2):14-15.
[5]张然,钱德沛,张文杰等.入侵检测技术研究综述[J].小型微型计算机系统,2006,24(7):1113-1118.
[6]李德全,冯登国.A Host-Based Anomaly Intrusion Detection Model Based On Genetic Programming[J].软件学报,2003,14(6):20-21.
[7]戴英侠,连一峰,王航.系统安全与入侵检测[M].清华大学出版社2005.3.
[8]唐正军,李建华.入侵检测技术[M].北京:清华大学出版社,2004
[9]耿麦香.网络入侵检测技术研究综述[J].网络安全,2004,(6):28-30.
[10] CROSBIE MS PAFFORD G.Applying genetic programming to intrusion detection[R].Department of Computer Sciences,Coast Laboratory,2004.
[11]刘春颂,杨寿保,杜滨.基于网络的入侵检测系统及其实现[J].计算机应用,2003,23(02):28-31.
[12]徐晖,张卫平,吴志伟.入侵检测系统的发展与研究[J].微机发展,2003,3(l):67-69.
[13]唐正军.网络入侵检测系统的设计与实现[M].电子工业出版社,2002.
[14] M.A.MORET, P.G.PASCUTTI, P.M.BISCH,etc. Classical and quantum conformational analysis using generalized genetic algorithm.[J].Physical A:Statistical Mechanics and Its Applications,2006,363(2):260-268
[15]赵俊忠,黄厚宽.免疫机制在计算机网络入侵检测中的应用研究[J].计算机研究与发展:2007,vol.40,No.9:1293-1299.
[16]莫宏伟.人工免疫系统原理与应用[M].哈尔滨工业大学出版社,2006.
[17] BAGHERI.E, DELDARI.H. DeJong function optimization by means of a parallel approach to fuzzified genetic algorithm.[C].Proceedings of the11th IEEE Symposium on Computers and Communications,2006,6(26-29):675-680
[18]李涛.计算机免疫学[M].电子工业出版社,2004.7.
[19]张琨,张宏,李千目.基于生物免疫学的入侵检测系统[J].计算机工程与应用.2003(8):45-48.
[20]李建飞,吴国新.基于人工免疫原理的入侵检测技术研究[J].微机发展.2005,15(1):131-134.
[21]吴浩扬,常炳国,朱长纯,刘君华.基于模拟退火机制的多种群并行遗传算法[J].软件学报, 2000,(03).
[22]张葛祥,金炜东,胡来招.基于量子遗传算法的特征选择算法[J].控制理论与应用, 2005,(05).
[23] QIANG LUO, WENQIANG YANG, PUYIN LIU. Promoter recognition based on the Interpolated Markov Chains optimized via simulated annealing and genetic algorithm[J].Pattern Recognition Letters,2006,27(9):1031-1036
[24] HOFMEYR . S . A . Intrusion Detection Using Sequences of System Calls[J].Journal of Computer Security,1998,(6):149-178.
[25] BAGLEY J D. The Behavior of Adaptive System which Employ Genetic and Correlation Algorithm [J]. Dissertation Abstracts International, 1997, 28(12): 13-15.
[26] S . FORREST , S . HOFMEYR , A . SOMAYAJI . Computer Immunology.[M]. In Communications of the ACM vol.40,No.10,2005:88-96.
[27] S . FORREST , B . JAVORNIK , R . Smith , A . PERELSON . Using genetic algorithms to explore pattern recognition in the immune system[J].In Evolutionary Computation,2006,1(3):191-211.
[28] CASWELL BRIAN,BEALE JAY,FOSTER JAMES C.Snort2.0 Intrusion Detection[M].Beijing:National Defense Industry Press, 2004:140-142.
[29] PORRAS PHILLIP A, NEUMANN PETERG. EMERALD.Event Monitoring Enabling Responses to Anomalous Live Disturbances[C]. National Information Systems Security Conference,2001:120-126.
[30]项巧莲.日志分析及其在入侵检测系统中的应用[J].2003,09,22(3):54-55
[31] QIAO Y, XIN X W, BIN Y. Anomaly Intrusion Detection Method Based onHMM [J]. Electronics Letters, 2002, 38(13): 663-664.
[32] SJHA, K TAN, R MXAION. Markov Chains Classifiers and Intrusion Detection[J]. Computer Security Foundations Workshop, the 14th IEEE,Cape Breton, Nova Scotia,Canada, 2005.
[33]袁健.几种新的混合遗传算法研究[D].湖南大学,2007:6-10.
[34] DE CASRTO L N,VON ZUBEN FJ.The Clonal Selection Algorithm with Engineering Applications[C] . Proceeding of Artificial Immune System Wokershop , Genetic and Evolutionary Computation Conference (GECCO’2005),2005.
[35] SUSAN Bridges, VAUGHN Rayford B. Intrusion Detection via Fuzzy Data Mining [J].Canadian Information Technology Security, 2000,6:109-122.
[36]熊焰,陈欢欢,苗付友,王行甫.一种解决组合优化问题的量子遗传算法QGA[J].电子学报, 2004,(11) .
[37] DAVIES.T, JNIFENE.A. Multiple waypoint path planning for a mobile robot using genetic algorithms[C].Proceedings of 2006 IEEE International Conference on Computational Intelligence for Measurement Systems and Applications,2006,7,21-26
[38] PARANJOTHI S R,BALAJI V. Hybrid Genetic Algorithm-based Unit Commitment[J]. Electric Power Components and Systems, 2002, 30(10):147-154.
[39]张玲,张钹.遗传算法机理的研究[J].软件学报,2000,11(7):946-951
[40] T.AI.IBAISI,AEL.ABU.Dalhoum.Network Intrusion Detection Using Genetic Algorithm to find Best DNA Signature[C].WSEAS transactions on systems,2008.
[41] SHUN-FA HWANG,RONG-SONG HE.Improving real-parameter genetic algorithm with simulated annealing for engineering problems[J].Advances in Engineering Software,2006,37(6):406-418
[42] MIT Lincoln laboratory , KDDCUP99 Dataset [M/OL] . http:// www.mit.edu/IST/ideval/,http:// kdd.ics.uci.edu/database/kddcup99/
[43] ZORANA BANKOVIC , SLOBODAN BOJANIC . Unsupervised Genetic Algorithm Deployed for Intrusion Detection[J].Computer Science,2008,9:157-161
[44]张润楚,王兆军.均匀设计抽样及其优良性质[J].应用概率统计,1996,12(4):338-346
[45] B . BALAJINATH , S . V . RAGHAVAN . Intrusion detection through learning behavior model[J].COMPUTER communications,2001(24):1202-1211.
[46]崔逊学.基于免疫原理的多目标进化算法群体多样性研究[J].模式识别与人工智能,2001,14(3):291-295.
[2]《国家计算机网络应急技术处理协调中心(CNCERT/CC)2006统计报告》[R].2007年1月.
[3]蒋建春,冯灯国.网路入侵检测原理与技术[M].北京,国防工业出版社,2004,7.
[4]徐小龙,王文国.纵论新一代入侵检测系统[J].科技信息,2005,(2):14-15.
[5]张然,钱德沛,张文杰等.入侵检测技术研究综述[J].小型微型计算机系统,2006,24(7):1113-1118.
[6]李德全,冯登国.A Host-Based Anomaly Intrusion Detection Model Based On Genetic Programming[J].软件学报,2003,14(6):20-21.
[7]戴英侠,连一峰,王航.系统安全与入侵检测[M].清华大学出版社2005.3.
[8]唐正军,李建华.入侵检测技术[M].北京:清华大学出版社,2004
[9]耿麦香.网络入侵检测技术研究综述[J].网络安全,2004,(6):28-30.
[10] CROSBIE MS PAFFORD G.Applying genetic programming to intrusion detection[R].Department of Computer Sciences,Coast Laboratory,2004.
[11]刘春颂,杨寿保,杜滨.基于网络的入侵检测系统及其实现[J].计算机应用,2003,23(02):28-31.
[12]徐晖,张卫平,吴志伟.入侵检测系统的发展与研究[J].微机发展,2003,3(l):67-69.
[13]唐正军.网络入侵检测系统的设计与实现[M].电子工业出版社,2002.
[14] M.A.MORET, P.G.PASCUTTI, P.M.BISCH,etc. Classical and quantum conformational analysis using generalized genetic algorithm.[J].Physical A:Statistical Mechanics and Its Applications,2006,363(2):260-268
[15]赵俊忠,黄厚宽.免疫机制在计算机网络入侵检测中的应用研究[J].计算机研究与发展:2007,vol.40,No.9:1293-1299.
[16]莫宏伟.人工免疫系统原理与应用[M].哈尔滨工业大学出版社,2006.
[17] BAGHERI.E, DELDARI.H. DeJong function optimization by means of a parallel approach to fuzzified genetic algorithm.[C].Proceedings of the11th IEEE Symposium on Computers and Communications,2006,6(26-29):675-680
[18]李涛.计算机免疫学[M].电子工业出版社,2004.7.
[19]张琨,张宏,李千目.基于生物免疫学的入侵检测系统[J].计算机工程与应用.2003(8):45-48.
[20]李建飞,吴国新.基于人工免疫原理的入侵检测技术研究[J].微机发展.2005,15(1):131-134.
[21]吴浩扬,常炳国,朱长纯,刘君华.基于模拟退火机制的多种群并行遗传算法[J].软件学报, 2000,(03).
[22]张葛祥,金炜东,胡来招.基于量子遗传算法的特征选择算法[J].控制理论与应用, 2005,(05).
[23] QIANG LUO, WENQIANG YANG, PUYIN LIU. Promoter recognition based on the Interpolated Markov Chains optimized via simulated annealing and genetic algorithm[J].Pattern Recognition Letters,2006,27(9):1031-1036
[24] HOFMEYR . S . A . Intrusion Detection Using Sequences of System Calls[J].Journal of Computer Security,1998,(6):149-178.
[25] BAGLEY J D. The Behavior of Adaptive System which Employ Genetic and Correlation Algorithm [J]. Dissertation Abstracts International, 1997, 28(12): 13-15.
[26] S . FORREST , S . HOFMEYR , A . SOMAYAJI . Computer Immunology.[M]. In Communications of the ACM vol.40,No.10,2005:88-96.
[27] S . FORREST , B . JAVORNIK , R . Smith , A . PERELSON . Using genetic algorithms to explore pattern recognition in the immune system[J].In Evolutionary Computation,2006,1(3):191-211.
[28] CASWELL BRIAN,BEALE JAY,FOSTER JAMES C.Snort2.0 Intrusion Detection[M].Beijing:National Defense Industry Press, 2004:140-142.
[29] PORRAS PHILLIP A, NEUMANN PETERG. EMERALD.Event Monitoring Enabling Responses to Anomalous Live Disturbances[C]. National Information Systems Security Conference,2001:120-126.
[30]项巧莲.日志分析及其在入侵检测系统中的应用[J].2003,09,22(3):54-55
[31] QIAO Y, XIN X W, BIN Y. Anomaly Intrusion Detection Method Based onHMM [J]. Electronics Letters, 2002, 38(13): 663-664.
[32] SJHA, K TAN, R MXAION. Markov Chains Classifiers and Intrusion Detection[J]. Computer Security Foundations Workshop, the 14th IEEE,Cape Breton, Nova Scotia,Canada, 2005.
[33]袁健.几种新的混合遗传算法研究[D].湖南大学,2007:6-10.
[34] DE CASRTO L N,VON ZUBEN FJ.The Clonal Selection Algorithm with Engineering Applications[C] . Proceeding of Artificial Immune System Wokershop , Genetic and Evolutionary Computation Conference (GECCO’2005),2005.
[35] SUSAN Bridges, VAUGHN Rayford B. Intrusion Detection via Fuzzy Data Mining [J].Canadian Information Technology Security, 2000,6:109-122.
[36]熊焰,陈欢欢,苗付友,王行甫.一种解决组合优化问题的量子遗传算法QGA[J].电子学报, 2004,(11) .
[37] DAVIES.T, JNIFENE.A. Multiple waypoint path planning for a mobile robot using genetic algorithms[C].Proceedings of 2006 IEEE International Conference on Computational Intelligence for Measurement Systems and Applications,2006,7,21-26
[38] PARANJOTHI S R,BALAJI V. Hybrid Genetic Algorithm-based Unit Commitment[J]. Electric Power Components and Systems, 2002, 30(10):147-154.
[39]张玲,张钹.遗传算法机理的研究[J].软件学报,2000,11(7):946-951
[40] T.AI.IBAISI,AEL.ABU.Dalhoum.Network Intrusion Detection Using Genetic Algorithm to find Best DNA Signature[C].WSEAS transactions on systems,2008.
[41] SHUN-FA HWANG,RONG-SONG HE.Improving real-parameter genetic algorithm with simulated annealing for engineering problems[J].Advances in Engineering Software,2006,37(6):406-418
[42] MIT Lincoln laboratory , KDDCUP99 Dataset [M/OL] . http:// www.mit.edu/IST/ideval/,http:// kdd.ics.uci.edu/database/kddcup99/
[43] ZORANA BANKOVIC , SLOBODAN BOJANIC . Unsupervised Genetic Algorithm Deployed for Intrusion Detection[J].Computer Science,2008,9:157-161
[44]张润楚,王兆军.均匀设计抽样及其优良性质[J].应用概率统计,1996,12(4):338-346
[45] B . BALAJINATH , S . V . RAGHAVAN . Intrusion detection through learning behavior model[J].COMPUTER communications,2001(24):1202-1211.
[46]崔逊学.基于免疫原理的多目标进化算法群体多样性研究[J].模式识别与人工智能,2001,14(3):291-295.