基于多层免疫的网络入侵检测方法研究

The artificial immune based intrusion detection technology learning from related mechanism of biological immune system attracks more attentions and is regarded as a very important and far-reaching research of network security field in domestic and foreign scholars for its excellent characteristics in hierarchy, distributivity, adaptivity, diversity, robustness, and etc. However, the low detection efficiency and high false alarm rate commonly existed in the immune based network intrusion detection technology. The lower detector generation efficiency and the higher false positive rate are the main obstacles in the current artificial immune system (AIS), which greatly hindered the applications of AIS in every filed. The pattern recognition receptors (PRR) model is an important theory which links the innate immune and adaptive immune in the biological immune system (BIS), and the validation of the PRR theory won the 2011 Nobel Prize in Physiology or Medicine. In this research, we apply the principles of AIS to the intrusion detection research, and especially construct Multi-layer Immune based network intrusion detection method and model based on the PRR theory to improve and solve the problems in the current immune-based intrusion detection technology. Concretely, this project will answer three important questions: 1) set up the multi-layer immune based network intrusion detection model, 2) explore more efficient and low false alarm detector generation method, 3) achieve the overall risk analysis of the system. Compared to the traditional network intrusion detection model, the multi-layer immune based netowrk intrusion detection (MINID) model has excellent characteristics in hierarchy, fast response, adaptivity, diversity, robustness, and etc. Therefore, this study has important significance for promoting the research in immune-based network intrusion detection technology, and has great theoretical and engineering values for establishing a new generation of active network defense architecture.

因生物免疫系统与网络入侵检测系统的极大相似性，人工免疫系统成为了构造智能入侵检测系统的研究热点之一。但是，当前基于人工免疫系统的网络入侵检测方法普遍存在检测效率过低和检测误报率过高的问题。模式识别受体模型是生物免疫系统中联系固有免疫和自适应免疫的重要理论，其成果的验证获得了2011年诺贝尔生理学或医学奖。本项研究基于模式识别受体理论，结合固有免疫和自适应免疫的原理和方法应用于网络入侵检测，特别是构造基于模式识别受体模型的多层免疫的网络入侵检测方法和模型，以改善和解决当前基于免疫的入侵检测技术所存在的问题。其间解决3个重要问题：①建立基于多层免疫的网络入侵检测模型；②探索更高效和低误报的检测器生成方法；③实现系统的整体综合风险分析。基于多层免疫的网络入侵检测模型因其具有层次性、快速响应、自适应、分布性和鲁棒性等优良特性，该项研究成果对于促进人工免疫系统在网络入侵检测方面研究具有非常重要意义。

因生物免疫系统与网络入侵检测系统的极大相似性，人工免疫系统成为了构造智能入侵检测系统的研究热点之一。但是，当前基于人工免疫系统的网络入侵检测方法普遍存在检测效率过低和检测误报率过高的问题。模式识别受体模型是生物免疫系统中联系固有免疫和自适应免疫的重要理论，其成果的验证获得了2011年诺贝尔生理学或医学奖。本项研究基于模式识别受体理论，结合固有免疫和自适应免疫的原理和方法应用于网络入侵检测，特别是构造基于模式识别受体模型的多层免疫的网络入侵检测方法和模型，以改善和解决当前基于免疫的入侵检测技术所存在的问题。其间解决了3个重要问题：①建立基于多层免疫的网络入侵检测模型；②探索更高效和低误报的检测器生成方法（二次否定选择算法，模式识别受体算法）；③实现系统的整体综合风险分析。基于多层免疫的网络入侵检测模型因其具有层次性、快速响应、自适应、分布性和鲁棒性等优良特性，该项研究成果对于促进人工免疫系统在网络入侵检测方面研究具有非常重要意义。