计算机免疫系统中知识库的构造与规则的提取
|
摘要
伴随着计算机网络的发展,计算机的安全也面临着新的挑战,传统的信息安全方法已不能有效的解决这些问题。人们把生物免疫机理应用到计算机系统和计算机网络安全中,提出了计算机免疫系统,它克服了传统方法的被动和不灵活的缺点。
本文主要介绍了计算机免疫系统的重要功能部件—知识库。给出了知识库的构造、知识库的一致性,并对知识库中规则的提取方法进行了研究,采用Apriori算法提取规则,提出了该算法三种改进策略:优化连接策略、数据划分策略和减少交易数据策略。在知识库的构造中,本文将知识库设计成分布式数据库的形式,给出了知识库中的表结构、表的存取操作;并且将本地规则库设计成主动数据库的形式,从而可以提高计算机免疫系统在紧急情况下的执行效率;给出了保持各客户机知识库规则一致性的策略:消息队列法,并给出了消息队列法的系统框架。
With the development of computer network, computer security also faces to some new challenges. Traditional information safety measures cannot resolve these problems effectively. Then natural immune system is applies to computer system and network security , also brings forward computer immune system. Computer immune system overcomes the disadvantages of traditional passivity and stagnant.
In this paper, a brief part-knowledge base of computer immune system is designed and its consistency is discussed. Apriori algorithm is used to extract rules and three improved strategies are put forward: optimizing connection, data compartmentalization and reducing business data. In the constitution of the knowledge base, it is designed to distributed database. and the tables and its accessing operations are given. The native rule base is devised to active database in order to enhance the efficiency of the computer immune system. Message queue is used to maintenance data consistency of different copies and the system frame is also given.
本文主要介绍了计算机免疫系统的重要功能部件—知识库。给出了知识库的构造、知识库的一致性,并对知识库中规则的提取方法进行了研究,采用Apriori算法提取规则,提出了该算法三种改进策略:优化连接策略、数据划分策略和减少交易数据策略。在知识库的构造中,本文将知识库设计成分布式数据库的形式,给出了知识库中的表结构、表的存取操作;并且将本地规则库设计成主动数据库的形式,从而可以提高计算机免疫系统在紧急情况下的执行效率;给出了保持各客户机知识库规则一致性的策略:消息队列法,并给出了消息队列法的系统框架。
With the development of computer network, computer security also faces to some new challenges. Traditional information safety measures cannot resolve these problems effectively. Then natural immune system is applies to computer system and network security , also brings forward computer immune system. Computer immune system overcomes the disadvantages of traditional passivity and stagnant.
In this paper, a brief part-knowledge base of computer immune system is designed and its consistency is discussed. Apriori algorithm is used to extract rules and three improved strategies are put forward: optimizing connection, data compartmentalization and reducing business data. In the constitution of the knowledge base, it is designed to distributed database. and the tables and its accessing operations are given. The native rule base is devised to active database in order to enhance the efficiency of the computer immune system. Message queue is used to maintenance data consistency of different copies and the system frame is also given.
引文
[1] S. Forrest, S. A. Hofmeyr, A. Somayaji , and T. Longstaff[J] . A sense of self for UNIX processes. In Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy. IEEE Press, 1996: 20~128.
[2] S. Forrest, S. A. Hofmeyr , A. Somayaji. Computer immunology[J]. Communications of the ACM, 1997, 40(2): 88~96.
[3] J. Balthrop, S. Forrest, M. Glickman. Revisiting LISYS: Parameters and Normal Behavior[J]. In Proceedings of the 2002 Congress on Evolutionary Computation, 2002: 45~50.
[4]李欢,梁意文.一个基于Multi-Agent的计算机安全免疫系统模型[J].计算机科学. 2001, 28(8): 53~55.
[5]梁意文,康立山.一种基于用户行为的Self集构造和演化方法[J].计算机应用研究. 2001(9): 7~9.
[6]代文,梁意文,张海峰.计算机免疫识别规则的演化挖掘[J].计算机工程2001, 27 (11): 102~103.
[7]梁意文,汪朝霞,刘冬梅.基于食物链的计算机免疫多识别器协同识别模型[J].计算机工程与应用. 2002, 38(5): 147~149.
[8] Steven L. Scott. A Bayesian paradigm for designing intrusion detection systems[J]. Computational Statistics & Data Analysis. 2004(45):69~83.
[9] M. Zaki, Tarek S. sobh. A cooperative agent-based model for active security systems[J]. Journal of Network and Computer Application. 2004(27):221~220.
[10] J. Balthrop, S. Forrest, M. Glickman. Revisiting LISYS: Parameters and Normal Behavior[J]. In Proceedings of the 2002 Congress on Evolutionary Computation, 2002: 45~50.
[11] Theuns Verwoerd, Ray Hunt. Intrusion detection techniques and approaches. Computer Communications. 2002(25):1356~1365.
[12]张彦超,阙喜戎,王文东.一种基于免疫原理的网络入侵检测模型[J].计算机工程与应用. 2002(10): 159~161.
[13]励晓健,黄勇,黄厚宽.基于Poisson过程和Rough包含的计算免疫模型[J].计算机学报. 2003, 26(1): 71~76.
[14]戴志锋,何军.一种基于主机分布式安全扫描的计算机免疫系统模型[J].计算机应用. 2001, 21(10): 24~26.
[15]张惠敏,何军,黄厚宽.一个基于免疫的网络入侵检测模型[J].计算机工程与应用2002.6:159~160.
[16] R. Agrawal. Mining association rules between sets of items in large databases[J]. Proc. ACM SIGMOD int’l conf. management of data, Washington, DC, May 1993: 207~216.
[17]李千目,戚勇,刘凤玉.一种改进的基于系统调用的入侵检测技术[J].小型微型计算机系统. 2004, 25(7):1348~1350.
[18]胡征兵,苏军.人工免疫入侵检测在网络安全中的研究[DB/OL]. http://www.issncn.net/html/ 4539_1.htm. 2008.11.10.
[19]基于免疫的入侵检测模型与通信应用研究[DB/OL]. http://www.gec-edu.org/action-newsdetail,id-54733.html, 2009,08,27.
[20]计算机免疫学应用于网络安全的研究现状与前景[DB/OL]. http://lw.china-b.com/jsjlw/ 200190202/1353_1.html, 2009.02.02.
[21]基于计算机免疫技术的入侵检测研究[DB/OL]. http://www.verylib.com.cn/html/technology /246/918233.htm#, 2009.05.29
[22] Yongguo Liu, Kefei Chen. A genetic clustering method for intrusion detection. Pattern Recognition[J]. 2004(37):927~942.
[23]徐惠,刘凤玉.多特征融合的入侵检测[J].计算机工程. 2004, 30(15):103~105.
[24]何新贵,唐常杰,李霖等.特种数据库技术.北京:科学出版社, 2000: 85-96.
[25]王凤先,曾斌,张海帆等.计算机免疫系统中沙盒主机的负载平衡[J].河北大学学报. 2005,4: 434~438.
[26]徐洁磐,马玉书,范明.知识库系统导论[M].北京:科学出版社, 2000.
[27]李欢,梁意文.一个基于Multi-Agent的计算机安全免疫系统模型[J].计算机科学. 2001, 28(8): 53~55.
[28]徐洁磐,马玉书,范明.知识库系统导论.北京:科学出版社, 2000.
[29] MQ Series Application Programming Guide. IBM Corp.
[30]刘培江,傅秀芬,陈长瑶.基于主动数据库的工作流管理系统[J].计算机工程. 2008, 34(6):57~59.
[31]朱明.数据挖掘[M].北京:科学出版社. 2000.
[32] Jie Wu著,高传善译.分布式系统设计[M].北京:机械工业出版社, 2001.2.
[33]何炎祥,宋文欣,彭锋.高级操作系统[M].北京:科学出版社, 1999.
[2] S. Forrest, S. A. Hofmeyr , A. Somayaji. Computer immunology[J]. Communications of the ACM, 1997, 40(2): 88~96.
[3] J. Balthrop, S. Forrest, M. Glickman. Revisiting LISYS: Parameters and Normal Behavior[J]. In Proceedings of the 2002 Congress on Evolutionary Computation, 2002: 45~50.
[4]李欢,梁意文.一个基于Multi-Agent的计算机安全免疫系统模型[J].计算机科学. 2001, 28(8): 53~55.
[5]梁意文,康立山.一种基于用户行为的Self集构造和演化方法[J].计算机应用研究. 2001(9): 7~9.
[6]代文,梁意文,张海峰.计算机免疫识别规则的演化挖掘[J].计算机工程2001, 27 (11): 102~103.
[7]梁意文,汪朝霞,刘冬梅.基于食物链的计算机免疫多识别器协同识别模型[J].计算机工程与应用. 2002, 38(5): 147~149.
[8] Steven L. Scott. A Bayesian paradigm for designing intrusion detection systems[J]. Computational Statistics & Data Analysis. 2004(45):69~83.
[9] M. Zaki, Tarek S. sobh. A cooperative agent-based model for active security systems[J]. Journal of Network and Computer Application. 2004(27):221~220.
[10] J. Balthrop, S. Forrest, M. Glickman. Revisiting LISYS: Parameters and Normal Behavior[J]. In Proceedings of the 2002 Congress on Evolutionary Computation, 2002: 45~50.
[11] Theuns Verwoerd, Ray Hunt. Intrusion detection techniques and approaches. Computer Communications. 2002(25):1356~1365.
[12]张彦超,阙喜戎,王文东.一种基于免疫原理的网络入侵检测模型[J].计算机工程与应用. 2002(10): 159~161.
[13]励晓健,黄勇,黄厚宽.基于Poisson过程和Rough包含的计算免疫模型[J].计算机学报. 2003, 26(1): 71~76.
[14]戴志锋,何军.一种基于主机分布式安全扫描的计算机免疫系统模型[J].计算机应用. 2001, 21(10): 24~26.
[15]张惠敏,何军,黄厚宽.一个基于免疫的网络入侵检测模型[J].计算机工程与应用2002.6:159~160.
[16] R. Agrawal. Mining association rules between sets of items in large databases[J]. Proc. ACM SIGMOD int’l conf. management of data, Washington, DC, May 1993: 207~216.
[17]李千目,戚勇,刘凤玉.一种改进的基于系统调用的入侵检测技术[J].小型微型计算机系统. 2004, 25(7):1348~1350.
[18]胡征兵,苏军.人工免疫入侵检测在网络安全中的研究[DB/OL]. http://www.issncn.net/html/ 4539_1.htm. 2008.11.10.
[19]基于免疫的入侵检测模型与通信应用研究[DB/OL]. http://www.gec-edu.org/action-newsdetail,id-54733.html, 2009,08,27.
[20]计算机免疫学应用于网络安全的研究现状与前景[DB/OL]. http://lw.china-b.com/jsjlw/ 200190202/1353_1.html, 2009.02.02.
[21]基于计算机免疫技术的入侵检测研究[DB/OL]. http://www.verylib.com.cn/html/technology /246/918233.htm#, 2009.05.29
[22] Yongguo Liu, Kefei Chen. A genetic clustering method for intrusion detection. Pattern Recognition[J]. 2004(37):927~942.
[23]徐惠,刘凤玉.多特征融合的入侵检测[J].计算机工程. 2004, 30(15):103~105.
[24]何新贵,唐常杰,李霖等.特种数据库技术.北京:科学出版社, 2000: 85-96.
[25]王凤先,曾斌,张海帆等.计算机免疫系统中沙盒主机的负载平衡[J].河北大学学报. 2005,4: 434~438.
[26]徐洁磐,马玉书,范明.知识库系统导论[M].北京:科学出版社, 2000.
[27]李欢,梁意文.一个基于Multi-Agent的计算机安全免疫系统模型[J].计算机科学. 2001, 28(8): 53~55.
[28]徐洁磐,马玉书,范明.知识库系统导论.北京:科学出版社, 2000.
[29] MQ Series Application Programming Guide. IBM Corp.
[30]刘培江,傅秀芬,陈长瑶.基于主动数据库的工作流管理系统[J].计算机工程. 2008, 34(6):57~59.
[31]朱明.数据挖掘[M].北京:科学出版社. 2000.
[32] Jie Wu著,高传善译.分布式系统设计[M].北京:机械工业出版社, 2001.2.
[33]何炎祥,宋文欣,彭锋.高级操作系统[M].北京:科学出版社, 1999.