改进复合免疫算法的大规模网络入侵攻击检测
Large-Scale Network Intrusion Detection Based on Improved Complex Immune Algorithm
要丽娟 1武喆2
作者信息
- 1. 太原学院计算机科学与技术系,山西 太原 030032
- 2. 山西农业大学,山西 晋中 030801
- 折叠
摘要
为提高入侵攻击检测效果以应对多种网络攻击,提出一种改进复合免疫算法的大规模网络入侵攻击检测方法.通过对自我和非我的区分匹配,描述网络入侵攻击检测问题,凭借模糊算法规则明确免疫机制界限.将遗传算法带入否定选择法中,令任意染色体可描述为模糊规则中的部分限定,设定惩罚系数限制规则覆盖正常样本的概率,令检测器选择过程简单化.选用二进制编码和汉明距离计算抗体与抗原间亲和度,得出二者在大规模网络内的浓度,最后基于检测器数据集与网络数据对比,若匹配则存在入侵攻击,根据对比结果记录抗体并报警.实验结果表明,所提方法能够提高检测精度和效率,具有极佳的适用性和应用价值.
Abstract
In order to improve the effect of intrusion detection,a method of detecting large-scale network intrusion was put forward based on improved compound immune algorithm.At first,the problem about network intrusion detec-tion was described by self-differentiation and non-self differentiation,and then the boundary of immune mechanism was defined by fuzzy rules.Moreover,the genetic algorithm was introduced into the negative selection algorithm,so that any chromosome can be described as a partial restriction in fuzzy rules.Meanwhile,the limit rules for penalty co-efficients were set to cover the probability of normal samples,thus simplifying the selection process of detector.Fur-thermore,binary coding and Hamming distance were used to calculate the affinity between antibody and antigen,thus obtaining the concentration of the two in the large-scale network.Finally,based on the comparison between the detec-tor dataset and network data,if it matches,there is an intrusion attack.Antibodies are recorded and an alarm is trig-gered based on the comparison results.The experimental results show that the proposed method can improve the de-tection accuracy and efficiency,and has good applicability and application prospects.
关键词
入侵攻击检测/否定选择/复合免疫算法/匹配阈值Key words
Intrusion detection/Negative choice/Compound immune algorithm/Matching threshold引用本文复制引用
基金项目
2022年全国高等院校计算机基础教育教学研究项目(2022-AFCEC-126)
出版年
2024
NETL
NSTL
万方数据