张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

张琨,徐永红,王珩,刘凤玉

DOI: https://doi.org/10.3969/j.issn.1005-9830.2002.04.001

2004-01-01

Abstract:According to the immunology principles of bionics, a new type of distributed model of intrusion detection system based on immunology was presented. Short sequences of system calls and parameters executed by privileged procedure were vie-wed as analogous to peptide. This model tried to simulate several basic principles in immune system, such as diversity, distribution, primary immune response and secondary immune response. The real time detection was realized by the data sharing and collab-oration between immune computers and consoles. Moreover, the architecture of this model and the functions of key components were described.

Lei Deng,De-yuan Gao

DOI: https://doi.org/10.1109/nswctc.2009.87

2009-01-01

Abstract:Intrusion Detection Systems (IDSs) are increasingly a key part of systems defense. Various approaches to Intrusion Detection are currently being used, but they are relatively ineffective. Recently applying Artificial Intelligence, machine learning and data mining techniques to IDS are increasing. Artificial Intelligence plays a driving role in security services. This paper proposes an Immune based Adaptive Intrusion Detection System Model (IAIDSM). Analyzing the training data obtaining from internet, the self behavior set and nonself behavior set can be obtained by the partitional clustering algorithm, then it extracts Self and nonself pattern sets from these two behavior sets by association rules and sequential patterns mining. The Self and nonself sets can update automatically and constantly online. So IAIDSM improves the ability of detecting new type intrusions and the adaptability of the system.

Yaping Jiang,Tao Li,Jin Yang,Tiefang Wang,Jianhua Zhou,Gang Liang,Chunlin Xu

2007-01-01

Abstract:The theory of modern, immunology provides a novel idea to study network intrusion detection and defense system. Inspired information processing in biology immune system is a highly parallel and distributed intelligent computation which has learning, memory, and associative retrieval capabilities. The architecture of multi-agent in depth defense based on immune principle is proposed. The agents of intrusion detection detect all intrusion which passes by the agent, including known and unknown. The information of new intrusion, which gotten from current monitored network is encapsulated and sent to the other network as vaccine by mobile agents. So the other network can prevent the same intrusion. Intrusion packets are prevented from gateway of intrusion source by response agent. The experimental results show that the new model actualizes an active and distributed prevention policy than that of the traditional passive intrusion prevention systems.

LIAN Jie,WANG Jie,LI Su-min,ZHU Xiang-qian

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.19.014

2006-01-01

Abstract:The immune theory of artificial immune system is introduced,the current intrusion detection system and its problems are analyzed.In order to solve these problems,an intrusion detection system model based on AIS is put forward.Detection rules are produced by negative selection algorithm.In the end,an implemental case of this system is given.The proposed intrusion detection system is designed to be adaptable,autonomy and robustness.

Chun XU,Xiao-jie LIU,Tao LI,Hui ZHAO,Nian LIU,Sun-jun LIU

DOI: https://doi.org/10.3969/j.issn.1009-3087.2007.05.023

2007-01-01

Abstract:A new denial of service intrusion detection model based on the immune danger theory was presented, according to the characteristic of denial of service intrusion. The model and the antibody evolution algorithm were designed and realized. In the model, antigen/antibody was classified by consanguinity, the procedure of antigen ap-optosis and necrosis were defined, and both danger signal and risk of network were calculated. This model can detect denial of service intrusion by the danger signal and risk of network. The results of the experiment showed that the method can not only keep the advantages of self-learning and self-adaptation of intrusion detection based on tradition artificial immune artificial immune, but also decrease the false positive rate by 87.5%.

SunJun Liu,Tao Li,DianGang Wang,Kui Zhao,Xun Gong,XiaoQing Hu,Chun Xu,Gang Liang

DOI: https://doi.org/10.1007/11903697_14

2006-01-01

Abstract:Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced. While its logical structure and running mechanism are established. The method which uses antibody concentration to quantitatively describe the degree of intrusion danger is presented. The proposed model implements a multi-layer and distributed active defense mechanism for network intrusion, and it is a new way to the network security.

Xiaojie Liu

2007-01-01

Abstract:Building on the concepts and the formal definitions of self, nonself, antigen, and detector introduced in the research of network intrusion detection, the dynamic evolution models and the corresponding recursive equations to self, antigen, immune-tolerance, lifecycle of mature detectors, and immune memory are presented. Following that, an immune-based model, referred to as AIBM, for dynamic intrusion detection is developed. Simulation results show that the proposed model has several desirable features including self-learning, self-adaption and diversity, thus provides an effective solution for network intrusion detection.

Jin Yang,Xiaojie Liu,Tao Li,Gang Liang,SunJun Li

DOI: https://doi.org/10.1016/j.knosys.2008.07.005

IF: 8.139

2008-01-01

Knowledge-Based Systems

Abstract:Artificial immune systems (AIS) is a complicated system with the ability of self-adapting, self-learning, self-organizing, parallel processing and distributed coordinating, and it also has the basic function to distinguish self and non-self and clean non-self. One significant feature of the theory immunology is the ability to adapt to changing environments and dynamically learning continuously. Inspired by the theory of artificial immune systems, a novel model of Agents of Network Danger Evaluation is presented. The concepts and formal definitions of immune cells are given, and dynamically evaluative equations for self, antigen, immune tolerance, mature-lymphocyte lifecycle and immune memory are presented, and the hierarchical and distributed management framework of the proposed model are built. Furthermore, the idea of dynamic immunological surveillance period is applied for enhancing the self-learning ability to adapt continuously variety environments. The experimental results show that the proposed model has the features of real-time processing that provide a good solution for network surveillance.

YANG Jun-long,YU He-wei

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.21.017

2010-01-01

Abstract:We give a new framework which integrates multi-agent and distributed intrusion detection system(DIDS) to solve defects of normal DIDS. This paper gives detail description of the new framework. We found that the existed multi-agent intrusion detection system mostly use rule base to detect intrusion, lack intelligence detection. We combine immune mechanism and multi-agent intrusion detection system to give a new IDS which base on immune mechanism and multi-agent, the new system can improve accuracy and detection rate of attacks, at last we give the description of the system we designed.

Tao Li,Xiaojie Liu,Hongbin Li

DOI: https://doi.org/10.1007/11599371_7

2005-01-01

Abstract:Building on the concepts and the formal definitions of self, nonself, antigen, and detector introduced in the research of network intrusion detection, the dynamic evolution models and the corresponding recursive equations of self, antigen, immune-tolerance, lifecycle of mature detectors, and immune memory are presented. Following that, an immune-based model, referred to as AIBM, for dynamic intrusion detection is developed. Simulation results show that the proposed model has several desirable features including self-learning, self-adaption and diversity, thus providing a effective solution for network intrusion detection.

段丹青,陈松乔,杨卫平

DOI: https://doi.org/10.3969/j.issn.1673-629X.2004.08.036

2004-01-01

Abstract:The concepts of Intrusion Detection System (IDS) has been introduced,and the main weaknesses in current IDS has been pointed out.In order to solve the problems in existing IDS,the artificial immunology is introduced in our network-based IDS.According to the feature of human immune system,a multi-agent network-based intrusion detection system based on artificial immunology has been proposed.The system adopts the distributed architecture based on multi-agent,employs the artificial immune mechanism including negative selection,clonal selection,gene library evolution,associative memory and so on,therefore,the system has the features of adaptability,being distributed,self-recognition and extendibility.

HUANG Jun-cai,WANG Feng-bi,LUO Xun,SHE Kun,ZHOU Ming-tian

DOI: https://doi.org/10.3969/j.issn.1001-0548.2006.01.025

2006-01-01

Abstract:The feasibility of applying artificial immune theory in intrusion detection system is Analyzed, establishes a model combining artificial immune theory and data mining technique is estoblished. Based on the statistical theory, the amount of information that is lost by splitting a data stream into unordered strings can be estimated, and this estimate can be used to guide the choice of string length. Based on information-theory, a lower bound on the size of the detector set is derived. Detector Generating algorithm is described. The performance of Artificial Immune Intrusion Detection System (AIIDS) is better than the normal intrusion detection system based on knowledge engineering.

郭建华,杨海东,邓飞其

DOI: https://doi.org/10.3724/sp.j.1087.2008.02481

2008-01-01

Journal of Computer Applications

Abstract:It is very hard to develop encryption technology used in cheap Radio Frequency Identification (RFID) tags. In this paper, intrusion detection, as a new methodology, was adopted to create security model for RFID system. By analyzing typical security attacks on RFID systems, and based on artificial immune network, a solution to extract intrusion characteristics and to identify intrusion was proposed. A self-adaptive intrusion detection model for RFID system was designed. The model can enhance the defense capabilities of RFID systems by cooperating with encryption technology, but has no need to amend the technical standards of RFID. Stimulation results prove that the mistake rate and miss rate of the model are fairly low.

Ling ZHANG,Zhong-ying BAI,Yun-long LU,Ya-xing ZHA,Zhen-wen LI

DOI: https://doi.org/10.1016/s1005-8885(14)60290-9

2014-01-01

Abstract:The author puts forward an integrated intrusion detection (ID) model based on artificial immune (IIDAI), a vaccination strategy based on the significance degree of genes and a method to generate initial memory antibodies with rough set (RS). IIDAI integrates two kinds of intrusion detection mode: misuse detection and anonymous detection. Misuse detection and anonymous detection are applied to detect the known and the unknown attacks, respectively. On the basis of IIDAI model, an ID algorithm is presented. Simulation shows that the IIDAI has better performance than traditional ID methods in feasibility and effectiveness. It is very prone to achieve a higher convergence rate by using the vaccination strategy. Moreover, RS can remove the redundancy attributes and increase the detection speed. It can also increase detection rate by applying the integrated method.

Bo Yang,Meifang Yang

DOI: https://doi.org/10.1007/s00521-020-05049-5

2020-06-15

Neural Computing and Applications

Abstract:Traditional network security detection models are trained offline using attack samples of known types. Although such models have high detection rates for known attack types, they cannot identify new attack types in the network layer. At present, these detection systems have the disadvantages of slow system construction and a high cost of model updating. Facing the increasing expansion of networks and endless attacks, these detection systems lack self-adaptability and expansibility, so it is difficult to detect complex and changeable attack events in networks. In this paper, the integrated use of immunology theory, complex adaptive system theory, and computational experiment technology is proposed to develop an Internet network layer security detection model based on an artificial immune system as an improvement over existing models of Internet network layer security. On the basis of testing knowledge, when a new type of attack is encountered, the online detection and learning process enables the dynamic extension of the network security detection model. Experimental calculations and an example analysis are presented to verify the scientific validity and feasibility of the model.

computer science, artificial intelligence

DAI Hang,ZHANG Xin-Jia,ZOU Yi-Xin

2006-01-01

Microprocessors

Abstract:By analyzing the tradition intrusion detection system,we propose the mobile agent-based intrusion detection system by introducing mobile agent theory.The system construction and working flow are devised in the paper.The result tells us IDS based on mobile agent is effective.

梁文,曹先彬,张四海,王煦法

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.01.005

2005-01-01

Abstract:Immune network intrusion system is a new approach of anomaly detection and it detects relatively infinite foreign antigens using finite detectors. Cur rent work recognizes unknown antigens by traditional evolution methods but the e xperiment result is not satisfying. This paper points that particularity of NIDS requires many detectors rather than several best ones. Inspired by affinity mut ation mechanism in the biological immune system this paper proposes an immune re cognition method, in which polymorphism is introduced. Experiments results show that this model suits NID well and has excellent ability of recognizing unknown intrusion patterns.

Uwe Aickelin,Peter Bentley,Steve Cayzer,Kim Jungwon,Julie McLeod

DOI: https://doi.org/10.1007/b12020

2008-05-16

Abstract:We present ideas about creating a next generation Intrusion Detection System based on the latest immunological theories. The central challenge with computer security is determining the difference between normal and potentially harmful activity. For half a century, developers have protected their systems by coding rules that identify and block specific events. However, the nature of current and future threats in conjunction with ever larger IT systems urgently requires the development of automated and adaptive defensive tools. A promising solution is emerging in the form of Artificial Immune Systems. The Human Immune System can detect and defend against harmful and previously unseen invaders, so can we not build a similar Intrusion Detection System for our computers.

Neural and Evolutionary Computing,Artificial Intelligence,Cryptography and Security

Chen Zhongmin,Wang Yu,Xu Baowen

DOI: https://doi.org/10.1109/wicom.2007.446

2007-01-01

Abstract:Mobile agent technology could be used to solve the problems on intrusion detection in network security area, while immune principle could supply reference to algorithm design of agent for detecting and analyzing data. In this paper, the detecting algorithm based on the immune principle, including the definition of problem domain, computation of affinity between the antibody and antigen,as well as between antibody, the generation of the detectors, has been elaborated. The algorithm of negative selection used in the agent has been improved The experimental result indicates that the algorithm is more adaptive than the original one.