Xu Chun,Chen Xing-Shu,Zhao Hui,Jiang Yu-Ming,Liu Nian,Wang Tie-Fang

DOI: https://doi.org/10.1109/ISDPE.2007.108

2007-01-01

Abstract:Denial of Service (DoS) attack is one of the most common network attacks on network in the present. Usually DoS attack is often executed in fraudulent way, so they have the characteristic of fraudulence and danger. A new method of DoS intrusion detection based on the immune danger theory is presented in the paper, according to the characteristic of DoS intrusion. In the method a definition of danger signal with a formula of computing it quantificationally, is presented And the method is tested by experiment in which DoS intrusion is detected in the real-time way. The results of the experiment show that the method can not only detect DoS intrusion in the real-time way, but also have the advantage of working with less false positive rate and with faster response. It is an effective method for DoS intrusion detection.

Chun XU,Xiao-jie LIU,Tao LI,Hui ZHAO,Nian LIU,Sun-jun LIU

DOI: https://doi.org/10.3969/j.issn.1009-3087.2007.05.023

2007-01-01

Abstract:A new denial of service intrusion detection model based on the immune danger theory was presented, according to the characteristic of denial of service intrusion. The model and the antibody evolution algorithm were designed and realized. In the model, antigen/antibody was classified by consanguinity, the procedure of antigen ap-optosis and necrosis were defined, and both danger signal and risk of network were calculated. This model can detect denial of service intrusion by the danger signal and risk of network. The results of the experiment showed that the method can not only keep the advantages of self-learning and self-adaptation of intrusion detection based on tradition artificial immune artificial immune, but also decrease the false positive rate by 87.5%.

Wenhao Wang,Chen Zhang,Quan Zhang

DOI: https://doi.org/10.1007/978-3-662-43908-1_15

2014-01-01

Abstract:In order to solve non-real time problem in traditional intrusion detection technologies, this paper proposes an anomaly detection model based on cloud model and danger theory. First using cloud model as a tool to evaluate the diversity factors between test data and the standard data set, then covert it into signal input of DCA to detect abnormality degree of system. Meanwhile, a dendritic cell algorithm based on data segmented detection is proposed in order to raise real-time response of the system. The paper use KDDCUP99 data sets to validate membership of normal data and detection rate of this model. Experimental results show that the model can effectively distinguish between normal data and abnormal data, and also improve the system anomaly detection capabilities.

Zhang Ruirui,Li Tao,Xiao Xin,Shi Yuanquan

DOI: https://doi.org/10.1007/978-3-642-24091-1_29

2011-01-01

Applied Mechanics and Materials

Abstract:The artificial immune theory and the cloud model theory are applied to the research on situation awareness of network security in this paper. A security situation awareness model is established from three levels, including situation perception, situation comprehension and situation projection. In the model, network attacks can be real-timely monitored by the intrusion detection technology based on the danger theory and the cloud model; network security situation can be evaluated by the calculation of antibody concentration changes which have relationship with the attack power, and can be predicted by a new mechanism of time-series prediction based on cloud models according to the historical and current situations. The theoretical analysis and experimental results show that the model is effective to network security situation awareness with advantages of real-time and high accuracy.

HUANG Xiao-tao,LI Sha

DOI: https://doi.org/10.1109/icbecs.2010.5462467

2008-01-01

Abstract:A layered multi-agent detection model for abnormal intrusion, based on danger theory, is presented according to the research on the danger theory and artificial immunity. The model, with three layers in the frame, conducts the real time monitoring and danger judgment on the host computer and network resource before it recognizes the nonself, and then the danger signal activates the immunity recognition. The danger judgment conducted by cloud model can recognize the harmful self and harmful nonself effectively, which ensures the system safety and improves the performance of detection system. Thus, the probability of misinformation and omission will decrease to some extent.

CHEN Hui-ming,CHEN Wen,LIANG Gang

DOI: https://doi.org/10.3969/j.issn.1671-0428.2012.10.003

IF: 5.105

2012-01-01

Computers & Security

Abstract:Traditional intrusion detection system faces the defects of huge alarm quantity and high false positives rate.In order to overcome the defects,a network security risk assessment-based intrusion detection method is proposed in this article.The method calculates network security risk uses the latest research results of artificial immune theory,which mainly include that the antibody concentration changes dynamic with strength of invasion.Then dynamicly set the alarm strategy based on real-time security risks faced by the current network.The experimental results show that the model can calculate host and network risk in real time and quantitative,the alarm quantity and the false positives rate is greatly reduced.

Jian-bing JIANG,Jia-rong LIANG,Long WANG

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.03.042

2010-01-01

Abstract:Because of the uncertainty of network behavior, the exiting intrusion detection systems almost have some flaws, such as the high false positive rate and high false negative rate. Cloud model is an effective tool of uncertainty reasoning in transforming between qualitative concepts and their quantitative expressions combined with fuzziness and randomness. Based on cloud model, a new cloud intrusion detection method(CIDM) was presented in this paper. Cloud reasoning generator cloud intelligently processes network behav-ior by means of uncertainty reasoning based on cloud knowledge database. The simulation results indicate CIDM can greatly improve the effectiveness of intrusion detection.

XU Chun,WU Liang-fu,CHEN Xing-shu,YOU Hong-yue,LIU Xue-hong

DOI: https://doi.org/10.15961/j.jsuese.2011.03.024

2011-01-01

Abstract:Based on immune danger theory,a danger zone generating mechanism,a danger zone radius calculation method and the calculating formula of the danger signals signal_0 by antigen necrosis and the antigen detected danger signals signal_1 were given according to the intrusion detection application.In addition,a detection algorithm in the danger zone was presented according to the signal_0 and signal_1.The experiments showed that the proper selection of the dangerous area radius is helpful for the improvement of the efficiency of intrusion detection system,and make both the false negative rate and false detection rates remained at a lower level.

Xin Xiao,Ruirui Zhang

DOI: https://doi.org/10.3837/tiis.2019.05.027

2019-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the application of wireless sensor networks in the fields of ecological observation, defense military, architecture and urban management etc., the security problem is becoming more and more serious. Characteristics and constraint conditions of wireless sensor networks such as computing power, storage space and battery have brought huge challenges to protection research. Inspired by the danger theory in biological immune system, this paper proposes an intrusion detection model for wireless sensor networks. The model abstracts expressions of antigens and antibodies in wireless sensor networks, defines meanings and functions of danger signals and danger areas, and expounds the process of intrusion detection based on the danger theory. The model realizes the distributed deployment, and there is no need to arrange an instance at each sensor node. In addition, sensor nodes trigger danger signals according to their own environmental information, and do not need to communicate with other nodes, which saves resources. When danger is perceived, the model acquires the global knowledge through node cooperation, and can perform more accurate real-time intrusion detection. In this paper, the performance of the model is analyzed including complexity and efficiency, and experimental results show that the model has good detection performance and reduces energy consumption.

CHAI Zheng-yi,LIU Fang

DOI: https://doi.org/10.3969/j.issn.1007-5321.2010.03.008

2010-01-01

Abstract:In order to effectively assess the risk of network risk,and to take effective prevention measures,featuring with real-time and quantitative detection,a danger-theory and Antibody-concentration based perception model for network risk is proposed.Based on dynamic self-sets,the mathematical model and dynamic equations for self-tolerance and various antibody are designed.The quantify description of antibody concentration is given.The candidate detector is generated from both random and detector genelib.Furthermore,the vaccination are introduced to enhance the active detection.Simulations are done to test the model.The experiments prove that the model can detect the intrusion attacks effectively and evaluate the risk of both host and network including each attack and the whole attacks.If the model is transformed properly,it also can be applied to the fields of virus detection and spam mail recognition.

XU Chun,LI Tao,CHEN Xing-shu,LIU Nian,YANG Jin

DOI: https://doi.org/10.3969/j.issn.1001-0548.2007.06.021

2007-01-01

Abstract:A new method of risk evaluation about network security based on the danger signal is presented in this paper. In this method, the antigen necrosis produces the gain signal, and the antigen apoptosis produces restrain signal, the two signals influence to the process of antibody evolution. This model can detect the attacking by calculating the danger signal of the category of the antigen. Moreover, the model can also evaluate the network suffered attack risk by calculating the network risk. The result of simulative experiment shows that this method can quantitatively calculate the network risk, it has the features of most real-time process ability and lower false positive rate. It is a good solution for real-time risk evaluation for network security.

He Yang,Yi-wen Liang,Jia Chen

DOI: https://doi.org/10.1109/ICNC.2008.711

2008-01-01

Abstract:The definition of danger is one of the most important problems need to be solved in the application of danger theory in artificial immune system. Cloud model is an effective tool in transforming between qualitative concepts and their quantitative expressions. This paper uses the concept of cloud model to abstract the character of parameters of computer system, and consequently present the definition of danger signal. Integrate various danger signals the definition of danger is got. At last, a cooperating stimulate model including both self-nonself recognition method and danger recognition method is presented.

Han Li,Qiuxin Wu

DOI: https://doi.org/10.1109/ccis.2012.6664443

2012-01-01

Abstract:Cloud computing is defined as the storage, management, processing, and accessing information and other data stored in a specific server. With the advent of internet, intrusion attacks have gained sophistication over the time. Distributed attacks could not be detected by the present available intrusion detection system. In this case, we propose a distributed intrusion detection model based on Cloud theory. Our model is composed by Intrusion Detection Agent subsystem and Data Aggregation subsystem. Intrusion Detection Agent subsystem has three parts: data collection module, Cloud decision-making module and communication module. An intrusion detection algorithm based on Cloud theory was proposed to detect intrusion behavior and improve the detection ability to complicated intrusion. Followed by our model, we introduced a strategy to defend DDoS attack using the elastic properties of cloud platform.

傅蓉蓉,郑康锋,芦天亮,杨义先

2012-01-01

Journal of Communications

Abstract:According to the challenges of intrusion detection technique for wireless sensor networks,a danger theory in-spired intrusion detection model was proposed by taking advantage of the working principle of artificial immune system.Due to the distributed and cooperative mechanism,the proposed model shows more advantages in detection performance and energy consumption than methods adopt promiscuous to get global knowledge.The simulation results show that compared to traditional Watchdog algorithm with single threshold and self-nonself(SNS)model,the model inspired by danger theory can provide highest correct detection rate and lowest false detection rate.Moreover,the model can also decrease the energy consumption of the system.

GUO Chen,LIANG Jia-rong,WANG Hou-Qian

DOI: https://doi.org/10.3969/j.issn.1673-5196.2005.04.022

2005-01-01

Abstract:The general situation and running mechanism of danger mode were expounded and a novel model of intrusion detection system based on danger model immune algorithm was developed.The system exhibited remarkably its high-efficiency of processing and its self-adaptive evolutionary ability,providing a new approach to the field of network security.

ZHAO Lin-hui,DAI Ya-ping,FU Dong-mei,DONG Fang-yan

2006-01-01

Journal of Computer Applications

Abstract:Based on Danger theory and data fusion technology, a new Danger model-inspired three-level-module intrusion detection system was presented. Also, an adaptive decision templates algorithm was derived, realizing the online automatic regulation on detection templates. There are two characteristics of the system. First, when it is difficult to distinguish current behaviors according to the present knowledge, this system will discriminate them by means of danger signals, thus false alarms are reduced and the ability of identifying novel attacks is enhanced. Second, the adaptive decision templates algorithm allows detection templates to modify dynamically without periodical updating, which enables the system to be adapted to a changing environment, and also increases the accuracy on unknown attacks. Experimental results on test data from KDD-CUP-99 database were reported to show the effectiveness of this system.

Lingxi Peng,Xudong Zhu,Jian Zhang,Rui Fan,Chunlin Liang,Jinquan Zeng,Caiming Liu

2009-01-01

Journal of Information and Computational Science

Abstract:A novel inspired intrusion detection system paradigm based on danger theory (NIIDS) is proposed. The danger theory, which depicts the immune system, is quite similar to the problems of network security, has been considering potential recognitional application values in network security problems. However, the definition of pivotal danger signals have not yet been defined in present literatures, which is also a hard problem that translate the danger theory into the realms of network security and limit its further application. In this paper, the definition danger signals are given. Furthermore, mathematic equations of the danger evaluation and danger alert are built in turn. NIIDS solves the problems of huge alerts and low quality of alert information, and can also evaluate the real-time intrusion attack and anomaly menace, which are troublesome in the existed intrusion detection models. Simulations of this model were performed, and the comparison experiment results show that NIIDS surmounts the current computer immune system and traditional intrusion detection models. Copyright ©2009 Binary Information Press.

Zuhua Guo,Yangbo Li,Lixin Xu,Xiao Zhang

DOI: https://doi.org/10.3969/j.issn.1001-3695.2015.11.052

2015-01-01

Abstract:In the cloud service environment,virtualization puts forward higher requirements to network security risk assess-ment.Through constructing a virtual component-centric system risk evaluation model on the cloud computing virtualization platform,the paper implemented network security risk prediction for the Web service DDoS attack.This model used a hierar-chical analysis method to achieve a risk prediction of Web service that improved the prediction accuracy of risk values.Mean-while,the paper used of RBF neural network for prediction parallelization,which achieved the purpose of rapid real-time pre-diction with multiple nodes.Experimental tests show that the method has a better risk evaluation result,which can provide scientific basis for developing the network security defense strategy of cloud computing systems.

Jinquan Zeng,Yan Fu,Jianbing Hu,AnLong Chen,Lingxi Peng

2008-01-01

Journal of Information and Computational Science

Abstract:Artificial Immune System (AIS) has been successful in many realms, especially in computer security, and the correlative algorithms rely on self-nonself discrimination, as stipulated in classical immunology. But when the algorithms are used in practical applications, scaling problems of self and nonself, computational efficiency, and the changing problems of self and nonself have to be addressed. Meanwhile, immunologists are increasingly finding faults with traditional self-nonself discrimination and a new Danger Theory (DT) is emerging. This new theory suggests that Human Immune System (HIS) is more concerned with damages than nonself and HIS reacts to threats through the correlation of danger signals. Based on the DT, within the context of computer system, immune response model is presented. In the model, the definitions of the danger signal, response type and intensity, and etc. are given. Then the producing method of the danger signal is put forth, and they are significant in incorporating the DT into computer security applications. 1548-7741/Copyright © 2008 Binary Information Press October 2008.

Yufei Ge,Hong Liang,Lin Chen,Qian Zhang

DOI: https://doi.org/10.2991/amcce-15.2015.346

2015-01-01

Abstract:The paper proposed a new model by applying bio-inspired theory into intrusion detection system in cloud computing. Dendritic Cell algorithm (DCA) based on Danger Theory get involved in the model designation in allusion to the existing problem, high false negative rate, low detection efficiency, low real-time process, and lack of adaptive of the unknown aggressive behavior for nowadays detection mechanisms. Combing the pertinent knowledge of machine learning theory, then to design one improved bio-inspired intrusion detection system model in cloud computing based on machine learning. Finally we introduce our system module as well as the detailed work processes.