Ruirui Zhang,Xin Xiao

DOI: https://doi.org/10.4028/www.scientific.net/amm.121-126.4926

2011-01-01

Applied Mechanics and Materials

Abstract:As a new research area of network security, network security situation evaluation is significant for achieving large-scale network security monitoring. In this paper, the artificial immune technology is applied to the study of situation evaluation for network security. Mathematical expressions of immune elements such as antibodies, antigens are established, and basic immune mechanism such as self-tolerance, clone selection, immune memory are achieved. According to the relationships between concentration changes of antibodies and attack intensity of pathogens in biological immune system, a situation evaluation model for network security is proposed. In addition, this paper adopts the uncertainty reasoning method in the cloud theory to make multi-granularity analysis for network security situation. By modeling the security situation indicator, and using cloud rules generator and reverse cloud generator, we can get qualitative results of hosts and network's security situation. Theoretical analysis and experimental results show that the model is effective to evaluate situation for network security with advantages of real-time, adaptability and high accuracy.

LIU Nian,LIU Yong,LI Tao,LIU Sun-jun

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.01.030

2009-01-01

Abstract:In order to change the current passive network security defense situation depending on traditional network security tools,such as firewall,network vulnerability scanning and intrusion detection etc,the artificial immune technology is applied to network security situation awareness.This technology adopts intrusion detection model based on immune to realize the detection of known and unknown intrusion behaviors,and establishes real-time and quantitative network risk evaluation model based on the corresponding relationship between the antibody concentration variation of biological immune system and the intrusion rate of pathogen.During the trend forecast of network security situation,ARMA model based on time series is adopted to make real-time and quantitative analysis and forecast on network security situation and its future trend,in this way,it can reduce the risk of network attack effectively and improve the emergency logistic support ability of network information system.The experiment result shows that this system can adjust network security strategy timely and efficiently,provide overall security guarantee for the system and is a good solution to active network security defense.

Lu YU,Zhen-qiang WU

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2009.01.029

2009-01-01

Abstract:Through the research on the achievements of human immune system,a model of adaptive network security based on immune theory has been given.The model introduces the evaluation of system vulnerability level,and it can dynamically adapt its security policy according to the current security situation and performance of the system in order to achieve the network adaptive security.After the explanation of the functions of security risk assessment component,security level adjustment component and security operation execution component,the redesign of security risk assessment component is emphasized.This model is characterized by distributing,self-studying and adaptability.

XU Chun,LI Tao,CHEN Xing-shu,LIU Nian,YANG Jin

DOI: https://doi.org/10.3969/j.issn.1001-0548.2007.06.021

2007-01-01

Abstract:A new method of risk evaluation about network security based on the danger signal is presented in this paper. In this method, the antigen necrosis produces the gain signal, and the antigen apoptosis produces restrain signal, the two signals influence to the process of antibody evolution. This model can detect the attacking by calculating the danger signal of the category of the antigen. Moreover, the model can also evaluate the network suffered attack risk by calculating the network risk. The result of simulative experiment shows that this method can quantitatively calculate the network risk, it has the features of most real-time process ability and lower false positive rate. It is a good solution for real-time risk evaluation for network security.

Yuanquan Shi,Tao Li,Wen Chen,Ruirui Zhang

DOI: https://doi.org/10.1109/cccm.2009.5267847

2009-01-01

Abstract:To effectively evaluate and predict network security situation, a quantitative model for network security situation awareness based on artificial immune system and grey theory is proposed. In this model, the formal definitions of self, non-self, antigen and detector is given. According to the relationship between the antibody-concentration of memory detector and the attack intensity of network, network security situation evaluation sub-model based on artificial immune system is given. And to forecast the attack intensity that the current network faces in the next step, network situation predication sub-model based on grey theory is given. Experimental results exhibit that the proposed model provides a novel approach for network security situation awareness, and holds better characters of self-adaptability and real-time processing.

Yixiang Luo,Minghua Zhao,Qunyan Zhang,Ajin Zou

DOI: https://doi.org/10.4028/www.scientific.net/amr.267.635

2011-01-01

Advanced Materials Research

Abstract:Network security situation awareness is the pivotal technology of building the next generation active defensible network, which has been got widespread concerns by experts and scholars. Inspired-by artificial immune, an immune-inspired network security situation awareness model, referred as Ineim, was given. The real-time network security situation awareness equations were built up, which can exactly compute security situation awareness of the host and network. Both the theory analysis and experimental results prove that Ineim provides a positive and active network security method.

CHEN Hui-ming,CHEN Wen,LIANG Gang

DOI: https://doi.org/10.3969/j.issn.1671-0428.2012.10.003

IF: 5.105

2012-01-01

Computers & Security

Abstract:Traditional intrusion detection system faces the defects of huge alarm quantity and high false positives rate.In order to overcome the defects,a network security risk assessment-based intrusion detection method is proposed in this article.The method calculates network security risk uses the latest research results of artificial immune theory,which mainly include that the antibody concentration changes dynamic with strength of invasion.Then dynamicly set the alarm strategy based on real-time security risks faced by the current network.The experimental results show that the model can calculate host and network risk in real time and quantitative,the alarm quantity and the false positives rate is greatly reduced.

Lei Wang,B. Hirsbrunner

DOI: https://doi.org/10.1109/ICMLC.2002.1175366

2002-11-04

Abstract:Referring to the mechanism of biological immune system, a novel model of computer security system is proposed, which is a dynamic, multi-layered and co-operational system. Through dynamically supervising abnormal behaviors with multi agent immune systems, a two-level defense system is set up for improving the whole performance: one is based on a host and mainly used for. detecting viruses; and the other is based on a network for supervising potential attacks. On the other hand, a pseudo-random technology is adopted for designing the sub-system of data transmission, in order to increase the ability of protecting information against intended interference and monitoring. Simulations on information transmission show that this system has good robustness, error tolerance and self-adaptiveness, although more practice is needed.

Computer Science

Yan Zhang,Caiming Liu

DOI: https://doi.org/10.1109/cis54983.2021.00059

2021-01-01

Abstract:Biological immune mechanism may resist the invasion of pathogens. Its application in network security research can improve the ability of network security protection. Through simulating the biological immune mechanism, an immune algorithm for network security data detection is designed and implemented in this paper. The variables in the immune environment and the parameter variables required by the system environment are defined to ensure the effective operation of the proposed algorithm. Four sub immune algorithms are designed, which include immune environment initialization, feature extraction, immune evolution and immune detection. They are used to realize the sub processes of network data security detection. The overall algorithm is designed to integrate each sub algorithm, and make the network data feature extraction, immune evolution and immune detection run at the same time through multithreading. The prototype system of the proposed algorithm is programmed and tested. Test results show that the proposed algorithm can effectively simulate the evolution and recognition mechanism of biological immune system, and can detect the security problems in network data in real time.

Bo Yang,Meifang Yang

DOI: https://doi.org/10.1007/s00521-020-05049-5

2020-06-15

Neural Computing and Applications

Abstract:Traditional network security detection models are trained offline using attack samples of known types. Although such models have high detection rates for known attack types, they cannot identify new attack types in the network layer. At present, these detection systems have the disadvantages of slow system construction and a high cost of model updating. Facing the increasing expansion of networks and endless attacks, these detection systems lack self-adaptability and expansibility, so it is difficult to detect complex and changeable attack events in networks. In this paper, the integrated use of immunology theory, complex adaptive system theory, and computational experiment technology is proposed to develop an Internet network layer security detection model based on an artificial immune system as an improvement over existing models of Internet network layer security. On the basis of testing knowledge, when a new type of attack is encountered, the online detection and learning process enables the dynamic extension of the network security detection model. Experimental calculations and an example analysis are presented to verify the scientific validity and feasibility of the model.

computer science, artificial intelligence

RF Li,C Wang,XY Tu

DOI: https://doi.org/10.1109/icnsc.2005.1461170

2005-01-01

Abstract:Natural immune system has many features for inspirations to computer security. From this paradigm, a new multi-agent model for network-based intrusion detection system is presented. We briefly summarize the main mechanisms of immunology from information processing perspective and concisely review the related works. Moreover, some mechanisms, including cloning with hyper-mutation, affinity maturation, and stigmergy are incorporated to this new model for network intrusion detection. Its conceptual view and working mechanism are described, and its characteristics, autonomous, robust, adaptable, and lightweight, are discussed.

Shuqin, Cai,Wang Ge,Cai Hong

DOI: https://doi.org/10.1109/CCCM.2008.324

2008-01-01

Abstract:As new field of computer intelligence research, artificial immune system inspired by biological immune system, provides a strong paradigm for information processing and problem solving. Artificial immune network theory is an important theory of AIS and has already wildly applied in the fields of data clustering, data analysis and robot control. This research proposes firstly to apply artificial immune network theory into risk assessment of managerial field, provides specific model construction process relating to case study and testifies the result with data from real test.

Zhang Ruirui,Li Tao,Xiao Xin,Shi Yuanquan

DOI: https://doi.org/10.1007/978-3-642-24091-1_29

2011-01-01

Applied Mechanics and Materials

Abstract:The artificial immune theory and the cloud model theory are applied to the research on situation awareness of network security in this paper. A security situation awareness model is established from three levels, including situation perception, situation comprehension and situation projection. In the model, network attacks can be real-timely monitored by the intrusion detection technology based on the danger theory and the cloud model; network security situation can be evaluated by the calculation of antibody concentration changes which have relationship with the attack power, and can be predicted by a new mechanism of time-series prediction based on cloud models according to the historical and current situations. The theoretical analysis and experimental results show that the model is effective to network security situation awareness with advantages of real-time and high accuracy.

Tao Gong,Sigma Xi,Zixing Cai

DOI: https://doi.org/10.1109/robio.2005.246396

2005-01-01

Abstract:Immune computation is burgeoning bioinformatics technique inspired from the natural immune system and can solve the information security problems such as antivirus and fault detection. And the immune model is a crucial problem of the artificial immune system. In this paper, an immune model was proposed for the application of a mobile robot simulator, which was infected by some worms, such the love worm and the happy-time worm. The immune model was comprised of three tiers, including the inherent immune tier, the adaptive immune tier and the parallel computing tier. This immune model was built on the theories of the natural immune system and had many excellent features, such as adaptability, immunity, memory, learning, and robustness. And the application example of the immune model in the mobile robot simulator showed, the artificial immune system can detect, recognize, learn and eliminate computer viruses, and can detect and repair faults such as software bugs, and so the immune computation is an excellent approach for antivirus security. Moreover, the application fields and prospect of the immune computation will be rich and successful in the near future.

SunJun Liu,Tao Li,DianGang Wang,Kui Zhao,Xun Gong,XiaoQing Hu,Chun Xu,Gang Liang

DOI: https://doi.org/10.1007/11903697_14

2006-01-01

Abstract:Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced. While its logical structure and running mechanism are established. The method which uses antibody concentration to quantitatively describe the degree of intrusion danger is presented. The proposed model implements a multi-layer and distributed active defense mechanism for network intrusion, and it is a new way to the network security.

ZHANG Ping,WANG Jian-zhong,SHE Kun,ZHOU Ming-tian

DOI: https://doi.org/10.3969/j.issn.1001-3695.2007.08.050

2007-01-01

Abstract:Exploited traditional information secure technology and artificial immune theory and applied it to the computer examination system in order to improve the system security,stability.The network secure examination system with immune capacity designed could solve secure problem of examination system with the multilayer,distribution,active,passive charac￣teristics.

Tao Li,Juling Ding,Xiaojie Liu,Pin Yang

DOI: https://doi.org/10.1007/11539117_113

2005-01-01

Abstract:Dynamically evolutive models and recursive equations for self, antigen, dynamic computer forensics, immune tolerance, mature-lymphocyte lifecycle and immune memory are presented. Following that, a new model, referred to as Insdcf, for computer network surveillance and dynamic computer forensics is proposed. Simulation results show that the proposed model has the features of real-time processing, self-learning, self-adaptivity, and diversity, thus providing a good solution for computer network surveillance and dynamic computer forensics.

Chun XU,Xiao-jie LIU,Tao LI,Hui ZHAO,Nian LIU,Sun-jun LIU

DOI: https://doi.org/10.3969/j.issn.1009-3087.2007.05.023

2007-01-01

Abstract:A new denial of service intrusion detection model based on the immune danger theory was presented, according to the characteristic of denial of service intrusion. The model and the antibody evolution algorithm were designed and realized. In the model, antigen/antibody was classified by consanguinity, the procedure of antigen ap-optosis and necrosis were defined, and both danger signal and risk of network were calculated. This model can detect denial of service intrusion by the danger signal and risk of network. The results of the experiment showed that the method can not only keep the advantages of self-learning and self-adaptation of intrusion detection based on tradition artificial immune artificial immune, but also decrease the false positive rate by 87.5%.

Jin Yang,Cilin Wang,Le Yu,Caiming Liu,Lingxi Peng

DOI: https://doi.org/10.1007/978-3-642-34041-3_68

2012-01-01

Abstract:Cloud computing is an important innovation in the current computing model. The critical problem of cloud computing faced at present is the security issue. In the current network environment, that relying on a single terminal to check the Trojan virus is considered increasingly unreliable. Based on the correspondence between the artificial immune system antibody and pathogen invasion intensity, this paper is to establish a real-time network risk evaluation model in cloud computing. This paper builds a hierarchical, quantitative measurement indicator system, and a unified evaluation information base and knowledge base. The paper also combines assets evaluation system and network integration evaluation system, considering from the application layer, the host layer, network layer may be factors that affect the network risks. The experimental results show that the new model improves the ability of intrusion detection and prevention than that of the traditional intrusion prevention systems.

MENG Bo,YIN Chun-hua,CHEN Lei

DOI: https://doi.org/10.3969/j.issn.1000-7024.2007.12.011

2007-01-01

Abstract:Natural immune systems provide a rich source of inspiration for network security is insufficiency.Applying the characteristics of immune system and multi-agent system to network security system,a convergent method of immunity-based and multi-agent network security system model is proposed.The multi-agent system with two kind of agent is designed,and the agents are defined with access control,IDS,honeypot and the network security tools,the adaptability and other characteristics network security system are increased.