计算机应用

• 信息安全(Information security) • 上一篇    下一篇

基于免疫的入侵检测模型中空洞的分析及对策

鱼静 王峰   

  1. 解放军炮兵学院 炮兵指挥自动化和仿真系 解放军炮兵学院 炮兵指挥自动化和仿真系
  • 收稿日期:2007-12-10 修回日期:2008-01-20 发布日期:2008-06-01 出版日期:2008-06-01
  • 通讯作者: 鱼静

Analysis and countermeasure of the hole in an intrusion detection modeling from immunology

Jing YU Feng WANG   

  • Received:2007-12-10 Revised:2008-01-20 Online:2008-06-01 Published:2008-06-01
  • Contact: Jing YU

摘要: 根据人工免疫的原理、体系结构,建立了一种新的基于免疫原理的分布式网络入侵检测系统模型。该模型中存在着检测子集合无法检测到的非我--"空洞"。"空洞"会导致模型性能的下降,漏报率的增高。在详细分析了"空洞"产生的原因以及"空洞"的相关特性后,给出了减少 "空洞"的对策,并用模拟试验的方式验证了不同形状的检测子可以有效弥补"空洞",从而使系统的漏报率下降。

关键词: 人工免疫, 入侵检测, 网络安全, 检测子, 空洞

Abstract: Inspired by the structures and ideas of natural immune system, a new instruction detection modeling was proposed to improve the capability of detection system. There may be some nonself strings that were not detected by any detector in the modeling, so named as "holes", which would lead to performance decline and increase the ratio of leak. After analyzing the formation reason and characteristics of the holes, some methods were presented to eliminate holes. It is proved by simulation experiments that different kinds of detectors can repair hole effectively, thereby false negative rate decreases.

Key words: immunology, instruction detection, network security, detector, hole