Negative selection intrusion detection method based on variable self-body radius

Abstract

The invention discloses a negative selection intrusion detection method based on the variable self-body radius, and the method is mainly used for solving the problem of poor detection effect because the self-body space formed by setting a fixed autologous radius can not be better covered in the traditional method. The negative selection intrusion detection method is implemented through the following steps: 1) pretreating a KDD (Knowledge Discovery In Database) 99data set; 2) selecting parts of normal data from the data set to serve as an self-body so as to form a self-body set; 3) randomly generating a foreign body, and setting the variable self-body radius for all self-bodies by utilizing a distance characteristic between the self-body and the generated foreign body; (4) training a detector set D; and (5) detecting the test data by use of the detector set D so as to judge whether the test data is normal or abnormal. The negative selection intrusion detection method based on the variable self-body radius has the advantages of high positive detection rate and low misinformation rate, the effect of the negative selection intrusion detection method can be effectively improved under the condition that the self-body data amount is small, the negative selection intrusion detection method is used for identifying the abnormal network data, and ensuring the network safety.

Description

technical field [0001] The invention belongs to the field of network technology, relates to network security, and is also the application of an artificial immune system in the field of network security. Specifically, it is an intrusion detection method based on negative selection with variable self-radius, which can be used for network data analysis and timely identification Whether the network communication status is abnormal. Background technique [0002] With the advent of the information age, e-commerce, e-government and the Internet are widely used in people's daily life, and human beings have entered the information society. However, when various fields benefit from the rapidly expanding amount of information, open resources, and shared information between networks, the security of system data is bound to be seriously threatened. Today, our commonly used security technologies mainly include firewalls, anti-virus software, user authentication, encryption technology, an...

AI Technical Summary

Problems solved by technology

[0007] In engineering applications, in order to detect abnormal behavior more effectively, the expectation of the negative selection algorithm is mainly to allow the detector set generated outside the self-region to cover as much of the heterogeneous space as possible in order to improve the accuracy of detection. However, the fixed The self-region covered by the self-set of the radius cannot express the self-space well, so that the detector set generated by NSA cannot cover the heterogeneous space well, resulting in poor detection effect when NSA is used for network intrusion detection. , that is, the problem with a low positive detection rate and a high false positive rate

Images