计算机应用 ›› 2013, Vol. 33 ›› Issue (10): 2842-2845.

• 信息安全 • 上一篇    下一篇

基于抗体浓度的实时网络风险控制系统的设计与实现

高志强,胡晓勤   

  1. 四川大学 计算机学院,成都 610065
  • 收稿日期:2013-04-15 修回日期:2013-06-06 出版日期:2013-10-01 发布日期:2013-11-01
  • 通讯作者: 胡晓勤
  • 作者简介:高志强(1988-),男,黑龙江五大连池人,硕士,主要研究方向:信息安全;胡晓勤(1977-),男,四川内江人,讲师,博士,主要研究方向:网络安全。
  • 基金资助:
    国家自然科学基金资助项目

Design and implementation of real-time network risk control system based on antibody concentration

GAO Zhiqiang,HU Xiaoqing   

  1. School of Computer Science, Sichuan University, Chengdu Sichuan 610065, China
  • Received:2013-04-15 Revised:2013-06-06 Online:2013-11-01 Published:2013-10-01
  • Contact: HU Xiaoqing

摘要: 系统采用人工免疫理论,通过对传统入侵检测系统Snort的实时检测结果进行分析,根据抗体浓度随网络入侵强度动态变化的特点,计算出当前网络风险值,反映出当前网络所面临的各类攻击和整体风险状况;Snort依赖规则匹配对数据包进行检测,由于检测过程未考虑当前的网络风险状况,对所有的匹配都发出报警,存在误报率过高的问题,系统针对不同攻击的危险程度设定报警阈值和丢包阈值,降低Snort的误报率;并根据风险值大小,采取通过、报警、丢包阻断等响应措施。实验表明,该系统能够准确计算出主机和网络所面临的实时风险,降低Snort误报率,并能根据风险值大小制定有效的响应措施

关键词: 抗体浓度, 风险控制, 人工免疫, Snort, 网络安全风险值

Abstract: The system adopted artificial immune theory. Through analyzing the detection results of the traditional real-time intrusion detection system Snort, and according to the characteristic that antibody concentration dynamically changes with the network intrusion intensity, the current risk value of network was calculated to reflect all kinds of attacks and overall risk profile. Snort relies on the rule matching to detect data packets. The detection process does not take into account the current network risk, resulting in the problem of high false positives rate. This system set pass threshold and dropped threshold based on different degree of attack danger to reduce the false alarm rate of Snort, and took “pass, alarm, discard packet, etc.” as response measures according to the risk value. The experimental results show that the system can calculate the real-time risk faced by the host and network accurately, reduce the false positive rate and take response measures according to risk value effectively.

Key words: antibody concentration, risk control, artificial immune, Snort, network security risk value

中图分类号: