Improved immune network abnormal behavior detection method

Abstract

The invention discloses an improved immune network abnormal behavior detection method. The method comprises four stages of autologous library data extraction, antigen presentation, abnormal behavior detection and clonal selection, wherein a single-category autologous data generation model based on deep belief network is adopted in the autologous library data extraction and antigen presentation; the deep belief network is formed by stacking restricted Boltzmann machines RBM; the RBM is a neural network; a method combining congenital immunity and adaptive immunity is adopted in the abnormal behavior detection; and a clonal variation method based on a generation network is adopted in the clonal selection. According to the improved immune network abnormal behavior detection method disclosed bythe invention, the deep learning model and method are introduced into a computer immune network anomaly detection model to improve the quality and efficiency of the model training, no matter the detection efficiency and the accuracy are greatly improved, and meanwhile, the defect that the traditional method is random or a large number of invalid calculations caused by cross variation are overcomeat the same time.

Description

technical field [0001] The invention relates to the field of digital networks, in particular to an improved immune network abnormal behavior detection method. Background technique [0002] The network has become an indispensable part of people's daily life. At the same time, the number of attacks on the network is increasing rapidly, and the means of attack are complex and changeable. For the network and network users, network security is an unavoidable problem, and an inadvertent negligence may cause irreparable losses to network users. Therefore, the demand for network security defense becomes more and more urgent. [0003] The existing network security technical means mainly include firewall and intrusion detection system. A firewall is a passive security technology that limits network users and permissions by setting network access rules, but the firewall cannot effectively monitor legitimate users. Intrusion detection technology is an effective supplement to firewall...

AI Technical Summary

Problems solved by technology

For the network and network users, the problem of network security is an unavoidable problem, and an inadvertent negligence may cause irreparable losses to network users

The advantage of this method is that the detection accuracy is high, but this method has the following defects: First, there is a lag in the detection, and it is impossible to detect new unknown attacks. second, as the number of features in the signature database increases, the detection rate of this method decreases linearly; third, based on information confidentiality reasons, more and more Internet applications use encryption technology, resulting in rule-based detection methods It is increasingly unable to adapt to the current technological development; fourth, with the improvement of hacker technology, the concealment of network attacks is becoming stronger and stronger, and it is difficult to discover the displayed attack characteristics in specific data packets, resulting in rule-based intrusion detection. The system is abandoned by more and more users

[0007] 1) The construction of the autologous library is complex and huge, each piece of data contains a large number of fields, and the cost of system training is high; in the stage of system antigen presentation, only simple data standardization is performed on the original data, and the generated antigen cells contain a large number of redundant fields. The remaining information and invalid information lead to a large delay in data analysis;

[0008] 2) Existing immune methods focus on the adaptive immunity of immunity and ignore the innate immunity of immunity, resulting in the system still adopting an adaptive method for training and recognition of known attacks, which takes a long time for training and low efficiency;

[0009] 3) When the generated detectors detect an attack, random or cross-mutation methods are used to generate detectors to improve the diversity of detection, but a large number of detectors generated by random mutations are invalid detectors, resulting in invalid calculations and greatly Delays the training of the immune system;

[0010] 4) With the rise of cloud computing, Internet of Things and Internet+, how to quickly detect intrusions in massive data poses a challenge to the efficiency and effectiveness of artificial immune algorithms

Images