基于免疫机理的网络入侵检测系统的抗体生成与检测组件

介绍了作者设计并实现的基于免疫机理的网络入侵检测系统的抗体生成与检测组件．作者在该组件实现中类比自然免疫系统自适应免疫的两种免疫类型提出了被动免疫抗体和包括记忆自动免疫抗体及模糊自动免疫抗体的自动免疫抗体的概念．它是结合了模糊推理系统和统计的方法，达到了改善入侵检测系统的性能的目的．该文还给出了根据收集到的网络数据包以及DARPA1999的入侵检测评估数据对基于免疫机理的网络入侵检测系统的测试实验．通过与SNORT系统以及DARPA的检测结果进行比较，证明了使用了抗体生成与检测组件的基于免疫机理的网络入侵检测系统对已知和未知攻击都有令人满意的检测率．

Antibody Generation and Antigen Detection Component in Immune -Based Network Intrusion Detection System

The authors design and develop an immune-based network intrusion detection system--AINIDS, which includes a data collector component, a packet head parser and feature extraction component, antibody generation and antigen detection component, co-stimulation and report component and rule optimization component. The antibody generation and antigen detection component is the key module of AINIDS. In the component the passive immune antibodies and the automatic immune antibodies that include memory automatic immune antibodies and fuzzy automatic immune antibodies are proposed by analogy with natural immune system. The passive immune antibodies inherit available rules and can detect known intrusion rapidly. The automatic immune antibodies integrate statistic method with fuzzy reasoning system to improve the detection performance and can discover novel attacks. AINIDS is tested by the data collected from the LANs and by the data from 1999 DARPA intrusion detection evaluation data sets. Both experiments prove AINIDS that includes antibody generation and antigen detection component has good detection rate for old and new attacks.