基于自适应免疫计算的网络攻击检测研究

互联网与生俱来的开放性和交互性的特征,导致攻击者能利用网络的漏洞对网络进行破坏。网络攻击一般具有隐蔽性和高危害性,因此有效地检测网络攻击变得极为重要。为了解决大部分检测算法只能检测一类网络攻击且检测延迟高等问题,提出了一种基于自体集密度自动划分聚类方法的阴性选择算法,简称DAPC-NSA。该算法采用基于密度的聚类算法对自体训练数据进行预处理,对其进行聚类分析,剔除噪声并生成自体检测器；然后根据自我检测器生成非我检测器,同时利用自我检测器和非我检测器来检测异常。文中最后进行了模拟入侵检测实验,结果表明,相比于其他检测算法,该算法不仅能同时检测6种攻击,具有较高的检测率和较低的误测率,而且检测时间短,能达到实时检测的目标。

Research on Network Attack Detection Based on Self-adaptive Immune Computing

The Internet is inherently open and interactive,making the attacker use the network vulnerabilities to destroy the network.Network attacks are generally conceal and highly hazardous,so how to effectively detect network attacks becomes extremely important.In order to solve the problem that most of the detection algorithms can only detect a kind of network attack,and the detection delay is high,this paper proposed a negative selection algorithm based on density automatic partition clustering method with self-set,referred to DAPC-NSA.The algorithm uses the density clustering algorithm to preprocess the self-training data,performs cluster analysis on the training data,eliminates the noise,and generates the self-detector.And then it generates the nonself-detector according to the self-detector,and uses the self-detector and nonself-detector to detect the anomalies.The simulated intrusion detection experiment was carried out.The experiment shows that the algorithm can not only detect six kinds of attacks simultaneously,but also has the higher detection rate and the lower false alarm rate.The detection time is short compared with other detection algorithm,and it can achieve the target of real-time detection.