基于改进否定选择算法的异常检测方法研究

Research on Anomaly Detection Method Based on Improved Negative Selection Algorithm

人工免疫理论目前被广泛应用于入侵检测系统,以解决无法识别的未知异常问题,应用最多的是否定选择算法。传统的实值否定选择算法通过随机方式生成候选检测器,随着自体集数量的增多,成熟检测器生成的时间复杂度呈指数级增长,导致训练阶段耗费时间长。为解决检测器生成过程中时间消耗过长问题,文章提出基于邻域搜索的实值否定选择算法(Real-Valued Negative Selection Algorithm Based on Neighborhood Searching,NS-RNSA),通过邻域搜索算法找到落在候选检测器邻域的自体样本点,利用这些样本点构建新的自体集合,以提高成熟检测器生成效率。文章以NS-RNSA算法为核心构建异常检测模型NSRNSAADM,在此模型基础上进行实验,验证基于邻域搜索的否定选择算法的性能。实验表明,文章提出的方法在保证检测率、误报率的基础上,能够降低自体耐受过程所需时间。

Artificial immune theory is currently widely used in intrusion detection systems to solve the problem of not being able to identify unknown anomalies.The most used one is the negative selection algorithm.The traditional real-valued negative selection algorithm generates candidate detectors in a random manner.The time complexity of mature detector generation increases exponentially with the rise of the number of self sets,leading to a long time-consuming in training phase.In order to solve the problem of excessive time consumption in the process of detector generation,this paper proposes a real-valued negative selection algorithm based on neighborhood searching.The algorithm aims at finding self objects that fall in the neighborhood of the candidate detector and using these objects to create a new self set,with a view to improving the generation efficiency of mature detectors.In this paper,a negative selection algorithm based on neighborhood searching is used as the core to construct an anomaly detection model NSRNSAADM.Experiments are carried out on this model to verify the performance of the neighborhood searching based negative selection algorithm.Experiments show that the method proposed in this paper can reduce the time required for the self-tolerance process while ensuring a certain detection rate and false alarm rate.