摘要
随着互联网用户数量的剧增,网络威胁也在迅速增长,传统的被动防御措施不足以防御日益多变的网络入侵。传统入侵检测系统原理是收集病毒特征再进行特征匹配,对于未知病毒,传统检测机制存在滞后性。面对日益繁杂的网络安全环境,研究基于人工免疫理论的入侵检测系统具有重要意义。文章首先介绍人工免疫理论的核心思想否定选择算法,进而介绍实值否定选择算法和V-detector算法。针对V-detector算法的不足,进行3个方面的改进:提出基于定距变异的克隆选择算法提高检测器生成效率;提出去冗算法减少检测器冗余,加快算法收敛;引入并改进假设检验方法,对检测器集合的覆盖率进行评估。实验证明,文章提出的改进V-detector算法能有效提升检测精度,减少检测黑洞,并大大缩减检测时间。
With the rapid increase in the number of Internet users, network threats are also growing rapidly. Traditional passive defense measures are not enough to defend against the everchanging network intrusions. The principle of traditional intrusion detection system is to collect virus features and then match them. For unknown viruses, the traditional detection mechanism lags behind. Facing the increasingly complex network security environment, it is of great significance to study intrusion detection system based on artificial immune theory. This paper first introduces the core idea of artificial immune theory, which is negative selection algorithm, and then introduces real value negative selection algorithm and V-detector algorithm. In view of the shortcomings of V-detector algorithm, three improvements are made. The clonal selection algorithm based on distance variation is proposed to improve the efficiency of detector generation. The de-redundancy algorithm is proposed to reduce detector redundancy and accelerate algorithm convergence. The improved hypothesis testing method is used to evaluate the coverage of the detector set. Experiments show that the improved V-detector algorithm can effectively improve the detection accuracy, reduce the detection of black holes, and greatly reduce the detection time.
作者
何泾沙
韩松
朱娜斐
葛加可
HE Jingsha;HAN Song;ZHU Nafei;GE Jiake(Department of Information Science,Beijing University of Technology,Beijing 100124,China;State Nuclear Electric Power Planning Design&Research Institute Co.,LTD.,Beijing 100095,China;School of Information,Renmin University of China,Beijing 100872,China)
出处
《信息网络安全》
CSCD
北大核心
2020年第12期19-27,共9页
Netinfo Security
基金
国家自然科学基金[61602456]。
