| The content of this article is base on the artificial immune model of intrusion detection. We developed an IDS based on the artificial immune model. In this model,there exists one primary IDS (It is in charge of rule generating.) and several secondary IDS (They receive the rule form primary IDS and detect the intrusion.). This article set the focus on the primary IDS,and try to make the rule set of the primary IDS.For the exists of false alarm and trying to release the system burden,and for the exist of what we call base-rate fallacy,we try to construct a security adaptation system for the primary IDS. The primary IDS decide the criticality of the network environment,and give the order on switch the detection policy to the secondary IDS.We have a full discussion on the construction and the option of the adaptation space. An adaptation space consists of a condition space and a tactic space. In this paper there is an analysis on the character and relationship between the two kind of spaces. And in the next part,we use the method to construct a real system,with the analysis of several real intrusion mode.We think it impossible to construct the whole tactic automatically,but possible to replace human being in some way. So we turn to the artificial intelligence method. To detect the unknown intrusion,we adopt some method in machine learning to construct the tactic by the computer automatically. |
PDF Full Text Request