【作者】 梁可心；

【导师】 李涛；

【作者基本信息】 四川大学 ， 计算机软件与理论， 2005， 硕士

【摘要】 互联网发展到今天,黑客攻击越来越普遍,使用技术越来越高级,使整个网络安全形势愈加严峻。现有技术在一定程度上缓解了这种压力,但是对于精心策划的黑客攻击,尤其是以前从未出现过的入侵方式、方法,因其缺乏很好的动态性和自适应性而效果不佳。生物免疫系统中的一些机制以其良好的自适应性和动态性被计算机网络安全领域的研究人员用来设计基于免疫的入侵检测系统,并取得了令人鼓舞的成绩。但是,传统基于免疫的入侵检测对于正常行为和非正常行为的定义仅限一次,无法根据实际网络环境中的变化做出调整。缺乏定量描述也是目前一些计算机免疫系统存在的问题,给实际应用带来了困难。本文最主要的工作在于提出了一种新的基于免疫的动态入侵检测模型,建立了入侵检测中有关自体、抗原的动态描述方法,提出了免疫细胞的动态耐受概念,并建立了成熟细胞的生命周期以及免疫记忆等的动态模型及其递推方程。对模型进行的仿真和对比实验表明这种新型的入侵检测模型较基于免疫的传统方法具有更好的适应性。在最后一章中还给出了对模型的一些思考,并对以后在该领域的工作进行了展望。具体来说,本文的主要贡献有: 从理论发展和应用产品方面,分析比较了国内外计算机安全领域的研究现状; 分析了现有的入侵检测技术,总结了它们存在的不足; 分析了目前现有的入侵检测技术,对比了传统入侵检测技术和基于免疫的入侵检测技术,对比了基于免疫的入侵检测技术; 提出了一种基于人工免疫的动态入侵检测方法; 阐述了基于人工免疫的动态入侵检测方法的理论模型; 给出了理论原理上的定量的描述;更多还原

【Abstract】 Nowadays, the Internet has been developing rapidly. However, the realities that attacks lunched by hackers become more and more, and the techniques they use become more sophisticated, make the network security under a severe pressure. The techniques developed to protect the network have a bad performance when confronting sophisticated attacks, especially the intrusions never have occured before, because of the lack of adaptability and dynamics. More and more researchers working on network security start to apply the mechanisms derived from biological immune system into IDS due to their adaptability and dynamics, and some significant successes are gained. However, the once definition of normal and abnormal activities makes these Immune-based IDSs inadaptive in the real network environment. Moreover, the lack of quantitive descriptions in some Immune-based ID models makes them difficult for engineering application. The main work done in this paper lies in the following: A new immune based dynamic intrusion detection model is proposed, the dynamic description method of self and antigen is established, the concept of lymphocyte dynamic immune tolerance is proposed, and the dynamic models and the corresponding recursive equations of the lifecycle of matured lymphocytes, and the immune memory are presented. The problem of the dynamic description of self and nonself in the computer immune systems is solved, and the defect of the inefficiency of production of matured lymphocytes in the traditional computer immune systems is effectively overcame. Simulations of this model are undertaken, and the comparing experiment results show that the proposed intrusion detection model has a better adaptability than the traditional methods. In the last chapter, the discussion of the proposed model is given, and the expected future work is described. Specifically, the contribution of the paper includes: analyzing the research status of computer security techniques at home and abroard as to the theory development and application products; analyzing the currently used intrusion detection techniques, and concluding their drawbacks; analyzing the current intrusion detection techniques, comparing the techniques between traditional intrusion detection and immune-based traditional intrusion detection, and also discussing the immune-based intrusion detection techniques; proposing an artificial immune-based dynamic intrusion detection method; introducing the theoretical principles of the immune-based dynamic intrusion detection; giving out the quantitive descriptions of the theory; building the structure model and designing the system of immune-based dynamic intrusion detection; simulating the system of dynamic intrusion detection, and comparing the techniques among the immune-based intrusion detection, which verifies the advantages of detection effect and efficiency; solving the problem of the dynamic description of self and nonself in the computer immune systems, and overcoming the defect of the inefficiency of production of matured lymphocytes in the traditional computer immune systems; expecting the method of immune-based dynamic intrusion detection, and proposing the feasible work direction in the future.更多还原