基于免疫原理与粗糙集理论的入侵检测方法

针对目前基于进程系统调用的入侵检测方法中存在的问题，提出了一种基于免疫原理与粗糙集理论的入侵检测方法。该方法在对系统调用序列中的循环序列进行置换的基础上，借助于粗糙集理论，提取出一个简单的最小预测规则模型；同时融合免疫原理的有关机制，在检测模型中加入对已知入侵的快速检测引擎。同其他方法相比,该方法不需要完备的进程系统调用数据,而且得到的规则简单，更适用于实时检测。实验结果表明,该方法的检测效果优于同类的其他方法。

An Intrusion Detection Model Based on Immune and Rough Sets Theory

Intrusion detection system has become the research hotspot because it can provide dynamic protection for computer system. Aiming at the problems existed in actual methods or models of intrusion detection, an effective method for intrusion detection based on immune theory and rough sets theory was presented in this paper. The circular sequences of system call sequences generated during the normal execution of a process is replaced by circular body, then, a little data is extracted from normal system call sequences, and is transformed to decisive table, afterward, the decisive table is reduced and the simplest rules that present normal behavior mode is extracted from rcduct by rough sets theory. These rules can be used to detect anomalous behavior. In order to realize the quick detection of known intrusion, an engine of quick detection inspired by immune system theory was presented in this paper. Compared with other methods in the literature, the method presented in this paper is not only able to extract a set of effective detection rules with the minimum size from part of records of system call sequences, but also can dctect the known intrusion quickly. Experiments show that this method in this paper is better than other methods based on system call.