Fang Jinhe,Feng Yan,Wang Ruijie

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.18.048

2006-01-01

Abstract:After discussing the constraints of current intrusion detection systems(IDS),we issue two problems should be considered in developing an adaptive IDS,one is to select the time to update the normal profile and the other is to select a mechanism to update the profile.To resolve the first problem,we calculate the similarity between the incremental audit data and the normal profile and then decide whether to and when to update the profile.To resolve the second problem,we employ a sliding window approach and use only the audit data inside that sliding window to update the profile.The window therefore acts to filter out outdated audit data and to build a profile based on only recent data that reflects the recent system activities.

Lei Deng,De-yuan Gao

DOI: https://doi.org/10.1109/nswctc.2009.87

2009-01-01

Abstract:Intrusion Detection Systems (IDSs) are increasingly a key part of systems defense. Various approaches to Intrusion Detection are currently being used, but they are relatively ineffective. Recently applying Artificial Intelligence, machine learning and data mining techniques to IDS are increasing. Artificial Intelligence plays a driving role in security services. This paper proposes an Immune based Adaptive Intrusion Detection System Model (IAIDSM). Analyzing the training data obtaining from internet, the self behavior set and nonself behavior set can be obtained by the partitional clustering algorithm, then it extracts Self and nonself pattern sets from these two behavior sets by association rules and sequential patterns mining. The Self and nonself sets can update automatically and constantly online. So IAIDSM improves the ability of detecting new type intrusions and the adaptability of the system.

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

Jh Sun,H Jin,H Chen,Zf Han,Dq Zou

DOI: https://doi.org/10.1007/978-3-540-45080-1_91

2003-01-01

Abstract:Intrusion Detection Systems (IDSs) have become a critical part of security systems. The goal of an intrusion detection system is to block intrusion effectively and accurately. However, the performance of IDS is not satisfying. In this paper, we study the issue of building a data mining based intrusion detection model to raise the detection performance. The key ideas are to use data mining techniques to discover consistent and useful patterns for intrusion and use the set of patterns to recognize intrusion. By applying statistics inference theory to this model, the patterns mined from a set of test data are effective to detect the attacks in the same category, and therefore can detect most novel attacks that are variants of known attacks.

HUANG Jun-cai,WANG Feng-bi,LUO Xun,SHE Kun,ZHOU Ming-tian

DOI: https://doi.org/10.3969/j.issn.1001-0548.2006.01.025

2006-01-01

Abstract:The feasibility of applying artificial immune theory in intrusion detection system is Analyzed, establishes a model combining artificial immune theory and data mining technique is estoblished. Based on the statistical theory, the amount of information that is lost by splitting a data stream into unordered strings can be estimated, and this estimate can be used to guide the choice of string length. Based on information-theory, a lower bound on the size of the detector set is derived. Detector Generating algorithm is described. The performance of Artificial Immune Intrusion Detection System (AIIDS) is better than the normal intrusion detection system based on knowledge engineering.

XR Yang,JY Shen,R Wang

DOI: https://doi.org/10.1109/icmlc.2002.1176712

2002-01-01

Abstract:A network intrusion detection model based on artificial immune theory is proposed in this paper. In this model, self patterns and non-self patterns are built upon frequent behaviors sequences, then a simple but efficient algorithm for encoding patterns is proposed. Based on the result of encoding, another algorithm for creating detectors is presented, which integrates a negative selection with the clonal selection. The algorithm performance is analyzed, which shows that this method can shrink each generation scale greatly and create a good niche for patterns evolving.

Sun Jian-hua,Jin Hai,Chen Hao,Han Zong-fen

DOI: https://doi.org/10.1007/bf02828629

2005-01-01

Abstract:Aiming at the shortcomings in intrusion detection systems (IDSs) used in commercial and research fields, we propose the MA-IDS system, a distributed intrusion detection system based on data mining. In this model, misuse intrusion detection system (MIDS) and anomaly intrusion detection system (AIDS) are combined. Data mining is applied to raise detection performance, and distributed mechanism is employed to increase the scalability and efficiency. Host- and network-based mining algorithms employ an improved Bayesian decision theorem that suits for real security environment to minimize the risks incurred by false decisions. We describe the overall architecture of the MA-IDS system, and discuss specific design and implementation issue.

Jianhua Sun,Hai Jin,Hao Chen,Zong F. Man

2005-01-01

Wuhan University Journal of Natural Sciences

Abstract:Aiming at the shortcomings in intrusion detection systems (IDSs) used in commercial and research fields, we propose the MA-IDS system, a distributed intrusion detection system based on data mining. In this model, misuse intrusion detection system (MIDS) and anomaly intrusion detection system (AIDS) are combined. Data mining is applied to raise detection performance, and distributed mechanism is employed to increase the scalability and efficiency. Host- and network-based mining algorithms employ an improved Bayesian decision theorem that suits for real security environment to minimize the risks incurred by false decisions. We describe the overall architecture of the MA-IDS system, and discuss specific design and implementation issue.

Xiaojie Liu

2007-01-01

Abstract:Building on the concepts and the formal definitions of self, nonself, antigen, and detector introduced in the research of network intrusion detection, the dynamic evolution models and the corresponding recursive equations to self, antigen, immune-tolerance, lifecycle of mature detectors, and immune memory are presented. Following that, an immune-based model, referred to as AIBM, for dynamic intrusion detection is developed. Simulation results show that the proposed model has several desirable features including self-learning, self-adaption and diversity, thus provides an effective solution for network intrusion detection.

LIAN Jie,WANG Jie,LI Su-min,ZHU Xiang-qian

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.19.014

2006-01-01

Abstract:The immune theory of artificial immune system is introduced,the current intrusion detection system and its problems are analyzed.In order to solve these problems,an intrusion detection system model based on AIS is put forward.Detection rules are produced by negative selection algorithm.In the end,an implemental case of this system is given.The proposed intrusion detection system is designed to be adaptable,autonomy and robustness.

Ling ZHANG,Zhong-ying BAI,Yun-long LU,Ya-xing ZHA,Zhen-wen LI

DOI: https://doi.org/10.1016/s1005-8885(14)60290-9

2014-01-01

Abstract:The author puts forward an integrated intrusion detection (ID) model based on artificial immune (IIDAI), a vaccination strategy based on the significance degree of genes and a method to generate initial memory antibodies with rough set (RS). IIDAI integrates two kinds of intrusion detection mode: misuse detection and anonymous detection. Misuse detection and anonymous detection are applied to detect the known and the unknown attacks, respectively. On the basis of IIDAI model, an ID algorithm is presented. Simulation shows that the IIDAI has better performance than traditional ID methods in feasibility and effectiveness. It is very prone to achieve a higher convergence rate by using the vaccination strategy. Moreover, RS can remove the redundancy attributes and increase the detection speed. It can also increase detection rate by applying the integrated method.

Cai Wan

2003-01-01

Computer Science

Abstract:Intrusion Detection System (IDS) is an important network security technique. It can dynamic detect the network attack behaviors. At present, great issues for IDS are incapable of detecting the unknown malicious attack behaviors. So that, some new detection techniques are presented,data mining-based detection technique is an effective method in them. In this paper, data mining-based detection method and its key techniques are discussed in detail.

Wan Tang,Limei Peng,Ximin Yang,Xia Xie,Yang Cao

DOI: https://doi.org/10.3837/tiis.2010.12.017

2010-01-01

KSII Transactions on Internet and Information Systems

Abstract:Immune-inspired intrusion detection is a promising technology for network security, and well known for its diversity, adaptation, self-tolerance, etc.However, scalability and coverage are two major drawbacks of the immune-inspired intrusion detection systems (IIDSes).In this paper, we propose an IIDS framework, named GEP-IIDS, with improved basic system elements to address these two problems.First, an additional bio-inspired technique, gene expression programming (GEP), is introduced in detector (corresponding to detection rules) representation.In addition, inspired by the avidity model of immunology, new avidity/affinity functions taking the priority of attributes into account are given.Based on the above two improved elements, we also propose a novel immune algorithm that is capable of integrating two bio-inspired mechanisms (i.e., negative selection and positive selection) by using a balance factor.Finally, a pruning algorithm is given to reduce redundant detectors that consume footprint and detection time but do not contribute to improving performance.Our experimental results show the feasibility and effectiveness of our solution to handle the scalability and coverage problems of IIDS.

Chun XU,Xiao-jie LIU,Tao LI,Hui ZHAO,Nian LIU,Sun-jun LIU

DOI: https://doi.org/10.3969/j.issn.1009-3087.2007.05.023

2007-01-01

Abstract:A new denial of service intrusion detection model based on the immune danger theory was presented, according to the characteristic of denial of service intrusion. The model and the antibody evolution algorithm were designed and realized. In the model, antigen/antibody was classified by consanguinity, the procedure of antigen ap-optosis and necrosis were defined, and both danger signal and risk of network were calculated. This model can detect denial of service intrusion by the danger signal and risk of network. The results of the experiment showed that the method can not only keep the advantages of self-learning and self-adaptation of intrusion detection based on tradition artificial immune artificial immune, but also decrease the false positive rate by 87.5%.

Wenjian Luo,Xianbin Cao,Xufa Wang

DOI: https://doi.org/10.1007/3-540-45600-7_40

2001-01-01

Abstract:Current network intrusion detection systems are of low intelligence level and have the main deficiency as being unable to detect new intrusive behaviors of unknown signatures.The protection mechanism of natural immune system has brought us inspirations to design a novel network intrusion detection system. The research on modeling a NIDS with natural immune system just started, including the negative selection algorithm proposed by S. Forrest and the basic system model proposed by J. Kim. Based on their works, this paper proposed a novel system structure including affinity mutation, which was used to improve the performance of anomaly detection, and established an basic system based on artificial immunology. This paper stressed on the novel construction and testing experiments. Result of the experiments proved that the application of the protection mechanism of natural immune system to network intrusion detection system has an exciting perspective.

张琨,徐永红,王珩,刘凤玉

DOI: https://doi.org/10.3969/j.issn.1005-9830.2002.04.001

2004-01-01

Abstract:According to the immunology principles of bionics, a new type of distributed model of intrusion detection system based on immunology was presented. Short sequences of system calls and parameters executed by privileged procedure were vie-wed as analogous to peptide. This model tried to simulate several basic principles in immune system, such as diversity, distribution, primary immune response and secondary immune response. The real time detection was realized by the data sharing and collab-oration between immune computers and consoles. Moreover, the architecture of this model and the functions of key components were described.

李建飞,吴国新

DOI: https://doi.org/10.3969/j.issn.1673-629x.2005.01.042

2005-01-01

Abstract:A kind of delamination-detection and distributed IDS model based on complete analyzing the immunity theory is put forward.The model has the characters of real-time,self-adaptability,expansibility,intelligence because the model can realize immunity by creating the auto-matching detection rule collection by adopting four layers divided from the detection rule database.After these detection rule collections are reverse-filtered they are separately injected the mobile detection agent(MDA) which has corresponding detection rule collection.Then these MDAs corporately execute intrusion detection and response.Having the immunity,the multi-agents can carry out delamination-detecting and response to the great-flux and distributed network,and can dectect the intrusion and attack in local and whole network.

Haipeng Yao,Qiyi Wang,Luyao Wang,Peiying Zhang,Maozhen Li,Yunjie Liu

DOI: https://doi.org/10.1007/s10766-017-0537-7

2017-01-01

International Journal of Parallel Programming

Abstract:With the dramatic opening-up of network, network security becomes a severe social problem with the rapid development of network technology. Intrusion Detection System (IDS) is an innovative and proactive network security technology, which becomes a hot topic in both industry and academia in recent years. There are four main characteristics of intrusion data that affect the performance of IDS including multicomponent, data imbalance, time-varying and unknown attacks. We propose a novel IDS framework called HMLD to address these issues, which is an exquisite designed framework based on Hybrid Multi-Level Data Mining. In this paper, we use KDDCUP99 dataset to evaluate the performance of HMLD. The experimental results show that HMLD can reach 96.70% accuracy which is nearly 1% higher than the recent proposed optimal algorithm SVM+ELM+Modified K-Means. In details, HMLD greatly increased the detection accuracy of DoS attacks and R2L attacks.

Tao Li,Xiaojie Liu,Hongbin Li

DOI: https://doi.org/10.1007/11599371_7

2005-01-01

Abstract:Building on the concepts and the formal definitions of self, nonself, antigen, and detector introduced in the research of network intrusion detection, the dynamic evolution models and the corresponding recursive equations of self, antigen, immune-tolerance, lifecycle of mature detectors, and immune memory are presented. Following that, an immune-based model, referred to as AIBM, for dynamic intrusion detection is developed. Simulation results show that the proposed model has several desirable features including self-learning, self-adaption and diversity, thus providing a effective solution for network intrusion detection.

Yao Lu,Shuyu Chen

2004-01-01

Abstract:The paper gives a brief introduction to the principle of Immune System,while it provides a survey of methods in intrusion detection based on immunological principle.In particular,the paper introduces the negative selection algorithm for detector generation and the string matching rule for detecting anomalous events.