基于免疫原理的层次入侵检测模型

Multilayer model for intrusion detection based on immunological principle

针对当前入侵检测系统普遍存在的误报、漏报和缺乏自适应性问题,以人体免疫系统的多层防御结构为基础,结合了误用检测和异常检测两种检测技术,提出了一种基于免疫原理的层次入侵检测模型,详细阐述了该模型的体系结构、工作原理和运行流程。最后给出了自适应检测层的成熟检测规则生成算法、自适应识别算法和检测规则的进化原理。利用此进化原理能不断对规则库里的检测规则实施进化,使之始终保持最有效的检测规则,从而使该模型具有自适应性、动态性和准确性等特点,因此它比其它方法更能满足基于网络的入侵检测系统的要求。

Aimed at the problem of false positive, false negative and lower self-adaptive capability in the intrusion detection system, a multilayer model for intrusion detection based on the immunological principle is proposed. This model, which is inspired by the multilevel defense architecture of a human immune system, combines the technology ofmisuse detection and anomaly detection. The architecture, working principle and working process of this model are fully expounded. At the end, the algorithm of generating the mature detection rule, self-adaptive identify and the evolution principle of the detection rule in adaptive detection are presented. According to evolutionism principle, the detection rule in the rule database auto-evolute constantly to keep the detection rule most effective consequently. This model have the properties of adaptability, dynamics and accuracy. Thus it can meet the requirement of a network-based intrusion detection system more than other method.