基于抗体浓度的实时网络风险控制系统的设计与实现

系统采用人工免疫理论，通过对传统入侵检测系统Snort的实时检测结果进行分析，根据抗体浓度随网络入侵强度动态变化的特点，计算出当前网络风险值，反映出当前网络所面临的各类攻击和整体风险状况；Snort依赖规则匹配对数据包进行检测，由于检测过程未考虑当前的网络风险状况，对所有的匹配都发出报警，存在误报率过高的问题，系统针对不同攻击的危险程度设定报警阈值和丢包阈值，降低Snort的误报率；并根据风险值大小，采取通过、报警、丢包阻断等响应措施。实验表明，该系统能够准确计算出主机和网络所面临的实时风险，降低Snort误报率，并能根据风险值大小制定有效的响应措施

Design and implementation of real-time network risk control system based on antibody concentration

The system adopted artificial immune theory. Through analyzing the detection results of the traditional real-time intrusion detection system Snort, and according to the characteristic that antibody concentration dynamically changes with the network intrusion intensity, the current risk value of network was calculated to reflect all kinds of attacks and overall risk profile. Snort relies on the rule matching to detect data packets. The detection process does not take into account the current network risk, resulting in the problem of high false positives rate. This system set pass threshold and dropped threshold based on different degree of attack danger to reduce the false alarm rate of Snort, and took “pass, alarm, discard packet, etc.” as response measures according to the risk value. The experimental results show that the system can calculate the real-time risk faced by the host and network accurately, reduce the false positive rate and take response measures according to risk value effectively.