西安电子科技大学学报 ›› 2016, Vol. 43 ›› Issue (2): 126-131.doi: 10.3969/j.issn.1001-2400.2016.02.022

• 研究论文 • 上一篇    下一篇

一种改进免疫算法的入侵检测设计

魏明军;王月月;金建国   

  1. (华北理工大学 信息工程学院,河北 唐山  063009)
  • 收稿日期:2014-11-04 出版日期:2016-04-20 发布日期:2016-05-27
  • 通讯作者: 魏明军
  • 作者简介:魏明军(1969-),男,教授, E-mail:weimj@ncst.edu.cn.
  • 基金资助:

    河北省自然科学基金资助项目(F2014209108);河北省科技计划资助项目(13210706)

Intrusion detection design of the impoved immune algorithm

WEI Mingjun;WANG Yueyue;JIN Jianguo   

  1. (College of Information Engineering, North China Univ. of Science and Technology, Tangshan  063009, China)
  • Received:2014-11-04 Online:2016-04-20 Published:2016-05-27
  • Contact: WEI Mingjun

摘要:

为提高入侵检测的检测效率和降低误报率,在多种群免疫算法和克隆选择算法的基础上,提出多种群克隆选择算法.针对该算法改进了匹配规则,并且采用KDDCUP99数据集的10%抽样数据进行仿真实验.该数据集每条记录有固定的41个属性,选取基于单个传输控制协议连接基本特征的9个属性进行研究.根据数据集的特点,结合多种群克隆选择算法,把经过编码、去重的4种攻击类型数据作为多种群克隆选择算法的初始种群进行免疫操作,输出最优群体.根据正常数据远大于异常数据的原则,混合4种攻击类型的测试数据集通过自体集进行过滤,过滤后的数据与最优群体进行匹配.实验结果表明,其能够有效识别异常数据.经过对比分析可得,多种群克隆选择算法和改进的匹配规则能够提高入侵检测的检测率.

关键词: 入侵检测, 免疫系统, 多种群克隆选择算法, 匹配, 属性

Abstract:

In order to improve the detection efficiency of intrusion detection and reduce the rate of misstatement, on the basis of the multi-colony immune algorithm and clonal selection algorithm, the multi-colony clonal selection algorithm is put forward, the matching rule is improved and the 10% sampling data of KDDCUP99 data set is adopted as the test data of the simulation test. Each record has 41 fixed properties. Nine attributes based on the basic features of a single TCP connection are selected for study. According to the characteristics of the data set, in combination with the multi-colony clonal selection algorithm, four types of attack data which are encoded and de-weighed are regarded as the initial populations of multi-colony clonal selection algorithm for immune operation. Then, the optimal group is output. Based on the principle that normal data is greater than abnormal data, the test data set need to be filtered by the self-data set. The filtered data match the optimal group. Experimental results show that abnormal data can be effectively identified. Through comparison and analysis, the multi-colony clonal selection algorithm and the improved matching rule can improve the detection rate of intrusion detection.

Key words: intrusion detection, immune system, multi-colony clonal selection algorithm, matching, attributes

中图分类号: 

  • TP393