Analogue biological immunological mechanism invasion detecting method

Abstract

The invention is in use for intelligentized analyzing data source collected in intrusion detection system. The invention includes methods of anomaly detection under host condition and network condition. The method includes following steps: first obtaining data source to be detected including host audit data and data of network data packet, characters of which are formatted as binary element string character string in length L; then, based on data source under normal condition, set of tester is generated; finally, using the set of tester carries out anomaly detection for real data. Based on host audit data and data of network data packet, the invention implements overall process: data acquisition, feature extraction and intrusion detection. Features are: system in distributed, lightweight level, and having fine characteristics of biological immune system: self-organization, diversity and self-adapting.

Description

technical field

[0001] The invention is a computer security solution similar to biological immune mechanism. This solution is mainly used to solve the intelligent analysis of collected data in the intrusion detection system, including the analysis and processing method of host audit data and network data packets, which belongs to the cross-technical field of computer software security technology and artificial intelligence technology. Background technique

[0002] Computer system security has always been the focus of computer experts. The traditional computer security protection system relies on three prerequisites: (1), there must be a completely correct system implementation strategy; (2), the correct implementation of the system under the guidance of this implementation strategy; (3), the system must must be properly configured. These premises are completely correct in theory, but it is almost impossible in the actual application process, and no one can guarantee that a...

Images