一种基于人工免疫理论的新型入侵检测模型

文章提出了一种基于免疫的新型入侵检测模型,给出了自体、非自体、免疫细胞的定义,建立了由记忆细胞,成熟细胞,未成熟细胞集合构成的入侵检测模型。并对模型进行了仿真,就模型中的几个重要参数进行了分析。实验表明这种新型的入侵检测的模型具有很好的自适应性和多样性。     

一种基于克隆选择的入侵检测算法

提出了一种基于克隆选择的入侵检测算法,包括整体模块以及耐受、记忆细胞检测、成熟细胞检测模块。算法能够动态地自适应地定义自体,可以根据环境的变化,来调整自体集合的大小,只保证一段时间内被认为是正常行为的自体存在,从而在时空复杂度上都可以大大改善入侵检测系统,更好地适应了真实环境。     

一种基于免疫学原理的入侵检测模型

通过对基于免疫原理的入侵检测相关技术的深入研究,提出了一个判断随机模式是否有漏洞的算法.对记忆检测器的冗余问题,借鉴免疫系统的变异原理,对记忆检测器集合进行了优化.在以上研究的基础上设计了一个新的入侵检测系统模型,模型中引入了检测器的亲和力成熟过程、记忆检测器变异以及非完全匹配规则,该模型具有分布性、自适应性以及轻负荷等优点.     

疫苗独立机制的免疫入侵检测器模型研究

该模型将疫苗模块以独立的形式引入到免疫检测器模型中,通过信号控制疫苗接种模块与疫苗抽取模块的运作,对已有抗体的检测器中的记忆检测器集合动态提取成熟疫苗,注入需要接种检测器的成熟检测器集合中,使得不同检测器在运作过程中以疫苗作为媒介相互通信,随时共享抗体（检测器）,这样增加了检测器的灵活性。通过MATLBE仿真实验,对加入疫苗独立机制的检测器进行网络数据检测。结果显示,基于疫苗独立机制的免疫入侵检测器模型响应更快,检测率TP更高,误检率FP较低,证明该模型有更好的综合检测性能。     

一种基于协议分析和免疫原理的入侵检测模型

通过对协议分析技术和免疫系统的理论分析,提出了一种基于协议分析和免疫原理的入侵检测模型。该模型对自我集按协议类型分类,并生成相应的成熟检测器模块。在实际检测中,待检模式按协议类型与相应的成熟检测器模块匹配,从而能有效地提高检测速度,改进了以往模型在这方面的不足。     

基于Snort的混合入侵检测系统的研究与实现

在分析研究snon系统的优缺点的基础上,利用其开源性和支持插件的优势,针对其对无法检测到新出现的入侵行为、漏报率较高以及检测速度较低等问题,在snon系统的基础上结合入侵检测中的数据挖掘技术,提出一种基于snort系统的混合入侵检测系统模型。该系统模型在snort系统原有系统模型基础上增加了正常行为模式构建模块、异常检测模块、分类器模块、规则动态生成模块等扩展功能模块。改进后的混合入侵检测系统能够实时更新系统的检测规则库,进而检测到新的入侵攻击行为;同时,改进后的混合入侵检测系统具有误用检测和异常检测的功能,从而提高检测系统检测效率。     

一种基于免疫的入侵检测关联报警模型

在入侵检测系统Snort的基础上,结合网络实时危险评估技术,提出了一种基于免疫的网络入侵检测报警模型SAIM。给出了网络环境下记忆细胞的表示方法,以及记忆细胞实时危险计算过程,建立了主机分类及总体实时危险计算方程,在此基础上给出了网络入侵检测报警模型。理论分析和试验结果均表明,SAIM模型能有效进行关联报警,提高报警质量。     

基于粗糙集与生物免疫的入侵检测模型研究

该文将粗糙集理论与生物免疫相结合,提出一种基于粗糙集与生物免疫的入侵检测模型。该模型由规则库、数据处理模块、检测器及报警处理模块等组成。与传统入侵检测模型相比,该入侵模型借用了粗糙集和生物免疫的优势,实现了误用入侵与异常入侵的同时检测,对免疫细胞的产生有针对性,且具有整体协作性、动态适应性的特点,是一种能够适应复杂网络环境的入侵检测模型。     

用于网络入侵检测的免疫学习子系统

网络入侵检测当前面临的主要问题是如何迅速有效地检测出未知模式的入侵．借鉴生物免疫系统中的自进化学习机制，我们设计了一种免疫算法，该算法以生物免疫的自我非我识别为基础，并进一步引入免疫学习机制以提高算法对入侵模式识别的效率和正确率．算法由四个紧密联系的模块组成：基因库进化模块、亲和度变异模块、非我选择模块和免疫记忆模块，四者形成一个有机的整体．本文介绍了免疫算法的具体细节，并完成了相应的验证实验．实验表明该算法具有较好的识别未知模式的能力．     

基于免疫和模糊综合评判的入侵检测模型研究

应用人体免疫系统的特异性免疫的分类，设计了一个入侵检测模型，将入侵检测模块分为固有检测模块和适应性检测模块。固有检测模块考虑继承目前已有的知识；适应性检测模块针对目前异常检测算法难以确定评判正常和异常的阈值以及检测特征数量多难以综合评判的问题，提出了一种具体的异常检测算法——FLADA。该算法借鉴了模糊数学的理论，采用模糊综合评判和层次分析法相结合。实验证明，该方法不仅能准确地检测出已知攻击，还能较好地检测出未知攻击。     

结合先天和适应性免疫的蠕虫检测免疫模型

现有的蠕虫检测方法大多通过关闭不安全的端口,切断感染主机与未感染主机之间通信等方法延缓蠕虫传播而达到将损害减少到最低程度的目的.实际上在实施这些方法时往往有许多障碍需要克服,其中的最大障碍就是存在错误检测率高的问题.现将免疫危险理论中的DCs(树突状细胞,Dendritic Cells)-T细胞协同机制用于蠕虫检测,其中DCs属于先天免疫系统细胞,T细胞属于适应性免疫系统细胞.本模型将蠕虫进程触发的系统调用序列当作抗原,将感染蠕虫导致的主机和网络异常当作危险信号.在该模型中,DCs负责危险信号的收集检测并提呈与该危险信号关联的抗原给T细胞检测器进行抗原结构检测.理论分析说明,这样的双重检测方法可以降低伪肯定率和伪否定率,并且记忆T细胞检测器的采用能使系统对类似蠕虫的再次感染反应更加迅速.     

Information fusion for anomaly detection with the dendritic cell algorithm

Dendritic cells are antigen presenting cells that provide a vital link between the innate and adaptive immune system, providing the initial detection of pathogenic invaders. Research into this family of cells has revealed that they perform information fusion which directs immune responses. We have derived a dendritic cell algorithm based on the functionality of these cells, by modelling the biological signals and differentiation pathways to build a control mechanism for an artificial immune system. We present algorithmic details in addition to experimental results, when the algorithm was applied to anomaly detection for the detection of port scans. The results show the dendritic cell algorithm is successful at detecting port scans.     

树突细胞算法的运行时间属性分析

第二代人工免疫系统中的树突细胞算法(DCA)是受先天性免疫系统中树突细胞(DCs)功能的启发而开发的算法,它已被成功运用于许多计算机安全相关领域。但是对DCA理论方面的分析工作很少,对算法大多数理论方面的研究也较少出现。而其它的人工免疫算法如负选择算法、克隆选择算法在理论方面的研究工作却出现在很多文献中。因此对DCA算法执行相似的理论分析,确定算法的运行时间变量、揭示其它算法属性就显得非常重要。论文给出了两个基于算法输入数据流的运行时间变量,并且证明了这两个变量是如何对算法输入数据与算法运行时变量进行关联,也揭示了在给定时间窗内基于输入数据的算法行为,而这些都与实际应用执行的算法无关。论文的研究工作为算法的进一步应用开发提供了指导。     

Automated White Blood Cell Disease Recognition Using Lightweight Deep Learning

White blood cells (WBC) are immune system cells, which is why they are also known as immune cells. They protect the human body from a variety of dangerous diseases and outside invaders. The majority of WBCs come from red bone marrow, although some come from other important organs in the body. Because manual diagnosis of blood disorders is difficult, it is necessary to design a computerized technique. Researchers have introduced various automated strategies in recent years, but they still face several obstacles, such as imbalanced datasets, incorrect feature selection, and incorrect deep model selection. We proposed an automated deep learning approach for classifying white blood disorders in this paper. The data augmentation approach is initially used to increase the size of a dataset. Then, a Darknet-53 pre-trained deep learning model is used and fine-tuned according to the nature of the chosen dataset. On the fine-tuned model, transfer learning is used, and features engineering is done on the global average pooling layer. The retrieved characteristics are subsequently improved with a specified number of iterations using a hybrid reformed binary grey wolf optimization technique. Following that, machine learning classifiers are used to classify the selected best features for final classification. The experiment was carried out using a dataset of increased blood diseases imaging and resulted in an improved accuracy of over 99%.     

人工免疫分类器记忆细胞分布比较研究

人工免疫网络记忆分类器和人工免疫识别系统是两种人工免疫分类方法。二者的免疫系统原理有所差别,前者改进后的性能优于后者。本文对二者产生的记忆细胞分布进行比较研究,指出二者在分类性能上的差别来自记忆细胞分布。二者记忆细胞的分布都近似正态分布,但前者的产生高质量记忆细胞的概率高于后者。     

基于改进CS模型的免疫系统应答仿真

对基于细胞自动机理论的Celada Seida(CS)模型进行改进,仿真免疫系统应答。该模型能够对免疫系统中细胞和分子之间的相互作用进行仿真。模型在空间和时间上都是离散的,并可以模拟单个免疫细胞。给出了模拟免疫应答的具体仿真步骤,对原模型进行了简化,给出实验的结果。目的是通过该模型的研究,证明免疫系统模型是有用的,因为它们揭示了免疫系统有用的性能,进而可以用于研究解决生物学以外的工程问题的方法。     

An immune system model for the generation of self-tolerance and memory

To explain systematically the microscopic origins of two quite different response behaviors, immunological tolerance and the memory of the immune system, we proposed a model of the immune system in which we introduce a quantity “chronicity” which represents quantitatively the frequency of interaction of each immune cell with antigens. When the magnitude of the chronicity of an immune cell is too high or too low, the cell does not respond to the antigens. The cell may attack an antigen only when the magnitude of its chronicity is within a certain range. The activity of the system is also controlled by two kinds of cytokines, a positive cytokine which activates immune cells, and a negative cytokine which reduces the activity of immune cells. The system consists of immune cells, antigens, positive cytokines, and negative cytokines. The generation and destruction of these elements and the interactions between them are considered based on a cellular automations model. The model provides a unified view of the mechanism by which tolerance and memory are generated. This work was presented, in part, at the Fourth International Symposium on Artificial Life and Robotics, Oita, Japan, January 19–22, 1999     

On the modelling of genetic mutations and immune system competition

This paper deals with the modelling of genetic mutations, which occur in almost all cells of a living system. The mutated cells display different stages of cancer progression and are contrasted by the action of the immune system cells. This investigation can be of interest in the evolutionary dynamics of cellular systems since the selective pressure on the mutated cells exerted by the immune system is analyzed. The proposed mathematical model is developed by means of the tools of the kinetic theory of active particles. Numerical simulations, obtained considering different values of the parameters in the model, show different emerging behaviors that are typical of the cancer-immune system competition.     

Tri-tier Immune System in Anti-virus and Software Fault Diagnosis of Mobile Immune Robot Based on Normal Model

In this paper, anti-virus problem and software fault diagnosis of mobile robot, an immune robot, is discussed with proposal of a novel tri-tier immune system (TTIS). TTIS is a novel artificial immune system, which is comprised of three computing tiers and based on the normal model. The three tiers include inherent immune tier, adaptive immune tier and parallel immune tier. The tri-tier immune model is built on some theories of human immune system and has many good features, such as adaptability, immunity, memory, learning, and robustness. At the same time, for such immune robot, a novel normal model for the robot software is also proposed. The normal model is built on the space–time properties of each component in the robot software and can uniquely identify the normal state of the robot software. Such tri-tier immune system based on the normal model is suitable for anti-virus and fault diagnosis, which enable the immune robot to detect all viruses and faults in the robot software, recognize many viruses and faults, eliminate the viruses and faults, and repair the damaged robot software to its normal state. Meanwhile, simulation results show that the tri-tier immune system has the properties of immunity, security and robustness.