摘要
针对拒绝服务(Denial of Service,DoS)攻击的特点,提出了一种基于免疫危险理论的新型入侵检测方法,设计、实现了检测算法和抗体变异、进化算法。引入血亲类方法分类抗原/抗体,定义了抗原凋亡和坏死的过程,定量计算抗原危险信号和网络危险度,并以此检测DoS攻击。仿真实验表明该方法不仅具有基于传统人工免疫理论的入侵检测自学习、自适应的优点,而且误警率降低87.5%,检测效率更高。
A new denial of service intrusion detection model based on the immune danger theory was presented, according to the characteristic of denial of service intrusion. The model and the antibody evolution algorithm were designed and realized. In the model, antigen/antibody was classified by consanguinity, the procedure of antigen apoptosis and necrosis were defined, and both danger signal and risk of network were calculated. This model can detect denial of service intrusion by the danger signal and risk of network. The results of the experiment showed that the method can not only keep the advantages of self-learning and self-adaptation of intrusion detection based on tradition artificial immune artificial immune, but also decrease the false positive rate by 87.5%.
出处
《四川大学学报(工程科学版)》
EI
CAS
CSCD
北大核心
2007年第5期116-120,共5页
Journal of Sichuan University (Engineering Science Edition)
基金
国家自然科学基金资助项目(60573130
60502011)
教育部博士点基金资助项目(20030610003)
教育部新世纪优秀人才计划(NCET-04-0870)
关键词
免疫危险理论
危险信号
拒绝服务攻击
抗原凋亡和坏死
血亲类分类法
immune danger theory
danger signal
denial of service intrusion
antigen apoptosis and necrosis
con- sanguinity classification
