计算机工程与应用 ›› 2008, Vol. 44 ›› Issue (14): 113-117.

• 网络、通信、安全 • 上一篇    下一篇

一种基于危险理论的双信号免疫入侵检测模型

符海东,李 雪   

  1. 武汉科技大学 计算机科学与技术学院,武汉 430065
  • 收稿日期:2007-08-28 修回日期:2007-11-26 出版日期:2008-05-11 发布日期:2008-05-11
  • 通讯作者: 符海东

Doublesignal based immune intrusion detection model inspired by danger theory

FU Hai-dong,LI Xue   

  1. College of Computer Science & Technology,Wuhan University of Science & Technology,Wuhan 430065,China
  • Received:2007-08-28 Revised:2007-11-26 Online:2008-05-11 Published:2008-05-11
  • Contact: FU Hai-dong

摘要: 为了克服传统的“自我—非我”模型的不足,设计了一种新的基于危险理论的双信号协同入侵检测模型。依据入侵检测系统与生物免疫机制的对应关系,详细分析了模型的组成模块及处理流程。引入细胞自动机思想,提供了一种危险感知的新思路。结合产生式规则推理技术,给出了一种有效的危险域的建立方法。系统只对“危险”进行响应,提高了系统的检测效率,同时,“危险”的识别建立在抗原识别信号和协同刺激信号双重作用的基础上,有效地降低了系统的误报率。

关键词: 危险理论, 入侵检测, 免疫, 细胞自动机

Abstract: In order to overcome the limitations lied at the classic self-non-self thinking,this paper proposes a novel Intrusion Detection System(IDS) based on double-signal inspired by danger theory.The composition modules and process flow are seriously analyzed according to the corresponding relationship between IDS and HIS.A new approach is proposed to sense danger by introducing cellular Automata.An effective method to construct danger zones is given by combining with the reasoning of production rules.The detection efficiency of the system is improved due to its only response to danger signal.Meanwhile,since the danger is sensed depending on both antigen recognition signal and co-simulation signal,the rate of false alarm has been greatly reduced.

Key words: danger theory, intrusion detection, immune, cellular automata