摘要
传统计算机免疫系统检测器训练效率低下,自体/非自体定义缺乏动态的演化机制,适应性较差,不能满足真实网络环境下网络监控的需求.有鉴于此,该文提出了一种新型的基于免疫的网络监控模型(AINM),给出了自体、非自体、抗原、检测器以及证据的形式定义,建立了自体、抗原、动态取证、免疫耐受、检测器的生命周期以及免疫记忆的动态模型及相应的递推方程,并对模型进行了仿真.实验表明这种新型的网络监控模型具有良好的多样性、实时性和自适应能力.
In a traditional computer immune system(CIS), the detector training efficiency is very low, and, there is no dynamic evolutionary mechanism for self/nonself definition, resulting a lower self-adaptability, therefore, not satisfying the requirements of network monitoring in a real network environment. To solve this problem, a new immune based model, which is called AINM for computer network monitoring, is proposed. The concepts and the formal definitions of self, nonself, antigen, detector and digital evidence are introduced. Furthermore, the dynamic evolutive models and the recursive equations to the self, antigen, dynamic computer forensics, immunological tolerance, and the detector lifecycle are presented. The simulation for this model has been given. The experiment result shows that the new model has the capability of real-time, self-learning, self-adaptive and diversity.
出处
《计算机学报》
EI
CSCD
北大核心
2006年第9期1515-1522,共8页
Chinese Journal of Computers
基金
国家自然科学基金(60373110
60573130
60502011)
教育部新世纪优秀人才计划项目基金(NCET-04-0870)
教育部博士点基金(20030610003)
四川省科技厅应用基础研究计划项目基金(05JY029-021-1)
四川大学创新基金(2004CF10)资助
关键词
人工免疫
入侵检测
网络监控
计算机取证
计算机免疫系统
artificial immune system
intrusion detection
network monitoring
computer forensics
computer immune system