Design And Implementation Of Real-Time Intrusion Detection System Based On Immune Computation

In recent years, with the rapid development of Internet technology, the structure of computer network is becoming more and more complex and the scale is increasing. This will greatly increase the risk of invasion. Traditional encryption and firewall technology and other passive defense technology can not fully meet the needs of current network security, then, intrusion detection technology steps into people’s horizon and becomes a hot research point in the field of network security. Immune system is distributed, self-organized, self-adapted and multi-leveled, these features are needed in intrusion detection system, if biological immune theory can be properly applied to intrusion detection technology, intrusion detection system will have these features.First, this paper proposed an improved negative selection algorithm which is derived from immune theory. Then, this paper proposed a real-time network communication features’ extraction method based on WinPcap. Eventually, this paper united these two parts, designed and implemented a real-time intrusion detection system based on immune computation.In the second chapter, this paper described the defect of negative selection algorithm, that the self region formed by setting constant radius to self samples can not expressed the self space well, then the detector set generated outside the self region can not cover non-self space well, finally, the test result can not be good enough. The self region formed by setting variable-sized radius to self samples can express self space more accurately, so that detection rate will increase and false alarm rate will reduce, especially when the training samples are not enough, this effect will be more apparent.In the third chapter, this paper focused on WinPcap, network communication packet’s types and structures, and proposed a method to extract the required network traffic features by using WinPcap to capture real-time network communication packets and analyzing the contents of the packets.In the fourth chapter, the improved negative selection algorithm is applied to intrusion detection. Then we designed and implemented a real-time network intrusion detection system by using WinPcap to capture real-time data packets in network and analyzing the contents of the packets to extract the current network traffic features, in order to detect real-time network communication status.This work was supported by the National High Technology Research and Development Program (863Program) of China (Grant No.2009AA12Z210), the Program for New Century Excellent Talents in University (Grant No. NCET-08-0811), the Program for New Scientific and Technological Star of Shanxi Province (Grant No.2010KJXX-03), and the Fundamental Research Funds for the Central Universities (Grant No. K50510020001).