| Artificial immunity has a wide range of applications in Web intrusion detection by simulating biological immune system to recognize foreign invasion.However,due to the increasing network traffic and the increasing complexity of the traffic composition,the commonly used negative selection detection(NSA)method has low detection efficiency and accuracy.Aiming at this problem,this paper proposes a multi-optimization intrusion detection model based on NSA,which improves the feature extraction of traffic and the optimization of detector distribution.The main work of this paper is as follows:Firstly,for the negative selection algorithm(NSA),when the detector is generated by the initial self-set,the feature of the traffic data is too complicated,resulting in low efficiency of the detector generation.So this paper proposes a feature extraction theory,including genetic algorithm and logistic regression and put forward a negative selection algorithm based on feature extraction.The algorithm applies genetic algorithm and logistic regression to feature extraction.In the feature extraction model,the genetic algorithm is used for feature search,logistic regression is used for classification,and the training and testing data sets are combined to extract the best feature subsets,which greatly reduces the dimension of the original data set and significantly improves the efficiency of generating detectors by negative selection algorithm.Then,when using the best feature subset obtained by the above-mentioned feature extraction method to select a random detector by negative selection,the detector utilization rate is not high because the random detector is unevenly distributed in the non-autogenous space.To solve this problem,this paper proposes a dynamic optimization algorithm for detector distribution.The algorithm optimizes the distribution of the detector generated by the negative selection,introduces a part of the abnormal sample,particleizes the detector,uses the local outlier factor(LOF)algorithm to calculate the fitness value,and guides the detectors to move towards the direction of abnormal sample aggregation,and processes the collision of detector particles,so that the detector can be evenly distributed in the non-self space,and the utilization rate is improved.Finally the proposed algorithm and model are tested in the same environment.Firstly,two-dimensional data is used to verify the dynamic optimization algorithm of detector distribution.Then use the UNSW-NB15 dataset to simulate the numerical tank Web system access data,and compare the NSA-based multi-optimal intrusion detection model designed in this paper with the original intrusion detection model in terms of detector efficiency,detection accuracy and false positive rate.Experiments show that the model performs well in detector generation efficiency,detection accuracy and false alarm rate,and has great application value in numerical tank system security strategy configuration. |
PDF Full Text Request