Journal of Xidian University ›› 2016, Vol. 43 ›› Issue (2): 126-131.doi: 10.3969/j.issn.1001-2400.2016.02.022

Previous Articles     Next Articles

Intrusion detection design of the impoved immune algorithm

WEI Mingjun;WANG Yueyue;JIN Jianguo   

  1. (College of Information Engineering, North China Univ. of Science and Technology, Tangshan  063009, China)
  • Received:2014-11-04 Online:2016-04-20 Published:2016-05-27
  • Contact: WEI Mingjun E-mail:weimj@ncst.edu.cn

Abstract:

In order to improve the detection efficiency of intrusion detection and reduce the rate of misstatement, on the basis of the multi-colony immune algorithm and clonal selection algorithm, the multi-colony clonal selection algorithm is put forward, the matching rule is improved and the 10% sampling data of KDDCUP99 data set is adopted as the test data of the simulation test. Each record has 41 fixed properties. Nine attributes based on the basic features of a single TCP connection are selected for study. According to the characteristics of the data set, in combination with the multi-colony clonal selection algorithm, four types of attack data which are encoded and de-weighed are regarded as the initial populations of multi-colony clonal selection algorithm for immune operation. Then, the optimal group is output. Based on the principle that normal data is greater than abnormal data, the test data set need to be filtered by the self-data set. The filtered data match the optimal group. Experimental results show that abnormal data can be effectively identified. Through comparison and analysis, the multi-colony clonal selection algorithm and the improved matching rule can improve the detection rate of intrusion detection.

Key words: intrusion detection, immune system, multi-colony clonal selection algorithm, matching, attributes

CLC Number: 

  • TP393