一种基于危险信号的拒绝服务入侵检测方法
A Method for Denial of Service Intrusion DetectionBased on Immune Danger Theory
作者:许春(四川大学 计算机学院,四川 成都610065);刘晓洁(四川大学 计算机学院,四川 成都610065);李涛(四川大学 计算机学院,四川 成都610065)
Author:(School of Computer Sci.,Sichuan Univ.,Chengdu 610065,China);(School of Computer Sci.,Sichuan Univ.,Chengdu 610065,China);(School of Computer Sci.,Sichuan Univ.,Chengdu 610065,China)
收稿日期:2007-04-23 年卷(期)页码:2007,39(5):116-120
期刊名称:工程科学与技术
Journal Name:Advanced Engineering Sciences
关键字:免疫危险理论;危险信号;拒绝服务攻击;抗原凋亡和坏死;血亲类分类法
Key words:immune danger theory; danger signal; denial of service intrusion; antigen apoptosis and necrosis; consanguinity classification
基金项目:国家自然科学基金资助项目(60573130;60502011);教育部博士点基金资助项目(20030610003);教育部新世纪优秀人才计划(NCET-04-0870)
中文摘要
针对拒绝服务(Denial of Service, DoS)攻击的特点,提出了一种基于免疫危险理论的新型入侵检测方法,设计、实现了检测算法和抗体变异、进化算法。引入血亲类方法分类抗原/抗体,定义了抗原凋亡和坏死的过程,定量计算抗原危险信号和网络危险度,并以此检测DoS攻击。仿真实验表明该方法不仅具有基于传统人工免疫理论的入侵检测自学习、自适应的优点,而且误警率降低87.5%,检测效率更高。
英文摘要
A new denial of service intrusion detection model based on the immune danger theory was presented, according to the characteristic of denial of service intrusion.The model and the antibody evolution algorithm were designed and realized. In the model, antigen/antibody was classified by consanguinity, the procedure of antigen apoptosis and necrosis were defined, and both danger signal and risk of network were calculated. This model can detect denial of service intrusion by the danger signal and risk of network. The results of the experiment showed that the method can not only keep the advantages of self learning and self adaptation of intrusion detection based on tradition artificial immune artificial immune, but also decrease the false positive rate by 87.5%.
【关闭】
