Immune Based Intrusion Detector Generating Algorithm

Immune-based intrusion detection approaches are studied. The methods of constructing self set and generating mature detectors are researched and improved. A binary encoding based self set construction method is applied. First, the traditional mature detector generating algorithm is improved to generate mature detectors and detect intrusions faster. Then, a novel mature detector generating algorithm is proposed based on the negative selection mechanism. According to the algorithm, less mature detectors are needed to detect the abnormal activities in the network. Therefore, the speed of generating mature detectors and intrusion detection is improved. By comparing with those based on existing algorithms, the intrusion detection system based on the algorithm has higher speed and accuracy.     

Intrusion detection based on rough set and artificial immune

In order to increase intrusion detection rate and decrease false positive detection rate , a novel intrusion detection algorithm based on rough set and artificial immune ( RSAI-IDA) is proposed. Using artificial immune in intrusion detection , anomaly actions are detected adaptively , and with rough set , effective antibodies can be obtained .A scheme , in which antibodies are partly generated randomly and others are from the artificial immune algorithm , is applied to ensure the antibodies di-versity.Finally, simulations of RSAI-IDA and comparisons with other algorithms are given .The ex-perimental results illustrate that the novel algorithm achieves more effective performances on anomaly intrusion detection , where the algorithm ’ s time complexity decreases , the true positive detection rate increases , and the false positive detection rate is decreased .     

WA-IDS： A Distributed Intrusion Detection System Based on Data Mining

Aiming at the shortcomings in intrusion detection systems (IDSs) used in commercial and research fields, we propose the MAIDS system, a distributed intrusion detection system based on data mining. In this model, misuse intrusion detection system (MIDS) and anomaly intrusion detcction system (AIDS) are combined. Data mining is applicd to raise detection performance, and distributed mechanism is employed to increase the scalability and efficiency. Host- and network based mining algorithms employ an improved Bayesian decision theorem that suits for real security environment to minimize the risks incurred by false decisions. We describe the overall architeeture of thc MA-IDS system, and discusss pecific design and implementation issue.     

A Dynamic Object Behavior Model and Implementation Based on Computational Reflection

A dynamic object behavior model based on computational reflection is proposed. This model consists of function level and meta level, the meta objects in meta level manage the base objects and behaviors in function level, including dynamic binding and unbinding of base ohject and behavior. We implement this model with RoleJava Language. which is our self linguistic extension of the Java Language. Meta Objects are generated automatically at compile-time, this makes the reflecton mechanism transparent to programmers. Finallyan example applying this model to a banking system is presented.     

Markov Graph Model Computation and Its Application to Intrusion Detection

Markov model is usually selected as the base model of user action in the intrusion detection system （IDS）. However, the performance of the IDS depends on the status space of Markov model and it will degrade as the space dimension grows. Here, Markov Graph Model （MGM） is proposed to handle this issue. Specification of the model is described, and several methods for probability computation with MGM are also presented. Based on MGM, algorithms for building user model and predicting user action are presented. And the performance of these algorithms such as computing complexity, prediction accuracy, and storage requirement of MGM are analyzed.     

A new method for detecting line spectrum of ship-radiated noise using Duffing oscillator

A detection scheme for line spectrum of ship-radiated noise is proposed using Duffing oscillator. The chaotic trajectory of Duffing oscillator is analyzed and the state equation of the system is improved to detect weak periodic signals in different frequencies. According to the simulation results, the phase transforms of Duffing oscillator are sensitive to periodic signals and immune to the random noise and the periodic interference signals which have larger angular frequency difference from the referential signal. By employing Lyapunov exponents in the field of detection as the criteria for chaos, the phase transforms of dynamic behaviors in quantity are successfully determined. Meanwhile, the threshold value in critical state has been evaluated more accurately. Based on the phase transforms of Duffing oscillator, a new method for detecting line spectrum of ship-radiated noise is given. Three types of ship-radiated noise signals are analyzed and the values of line spectrum are acquired successfully by this method. The experimental results show that this method has high sensitivity and high resolution.     

ISS： Efficient Search Scheme Based on Immune Method in Modern Unstructured Peer-to-Peer Networks

Flooding is the most famous technique for locating contents in unstructured P2P networks. Recently traditional flooding has been replaced by more efficient dynamic query （DQ） and different variants of such algorithms. Dynamic query is a new flooding technique which could estimate a proper time-to-live （TTL） value for a query flooding by estimating the popularity of the searched files, and retrieve sufficient results under controlled flooding range for reducing network traffic. However, all DQ-like search algorithms are ＂blind＂ so that a large amount of redundant messages are caused. In this paper, we proposed a new search scheme, called Immune Search Scheme （ISS）, to cope with this problem. In ISS, an immune systems inspired concept of similarity-governed clone proliferation and mutation for query message movement is applied. Some assistant strategies, that is, shortcuts creation and peer traveling are incorporated into ISS to develop ＂immune memory＂ for improving search performance, which can make ISS not be blind but heuristic.     

Event-driven Dynamic and Intelligent Scheduling for Agile Manufacturing Based on Immune Mechanism and Expert System

Based on the biological immune concept, immune response mechanism and expert system, a dynamic and intelligent scheduling model toward the disturbance of the production such as machine fault, task insert and cancel etc. is proposed. The antibody generation method based on the sequence constraints and the coding rule of antibody for the machining procedure is also presented. Using the heuristic antibody generation method based on the physiology immune mechanism, the validity of the scheduling optimization is improved, and based on the immune and expert system under the event-driven constraints, not only Job-shop scheduling problem with multi-objective can be solved, but also the disturbance of the production be handled rapidly. A case of the job-shop scheduling is studied and dynamic optimal solutions with multi-objective function for agile manufacturing are obtained in this paper. And the event-driven dynamic rescheduling result is compared with right-shift rescheduling and total rescheduling.     

Stator Winding Turn Faults Diagnosis for Induction Motor by Immune Memory Dynamic Clonal Strategy Algorithm

Quick detection of a small initial fault is important for an induction motor to prevent a consequent large fault.The mathematical model with basic motor equations among voltages,currents,and fluxes is analyzed and the motor model equations are described.The fault related features are extracted.An immune memory dynamic clonal strategy （IMDCS） system is applied to detecting the stator faults of induction motor.Four features are obtained from the induction motor,and then these features are given to the IMDCS system.After the motor condition has been learned by the IMDCS system,the memory set obtained in the training stage can be used to detect any fault.The proposed method is experimentally implemented on the induction motor,and the experimental results show the applicability and effectiveness of the proposed method to the diagnosis of stator winding turn faults in induction motors.     

A new complex Duffing oscillator used in complex signal detection

In view of the fact that complex signals are often used in the digital processing of certain systems such as digital communication and radar systems,a new complex Duffing equation is proposed.In addition,the dynamical behaviors are analyzed.By calculating the maximal Lyapunov exponent and power spectrum,we prove that the proposed complex differential equation has a chaotic solution or a large-scale periodic one depending on different parameters.Based on the proposed equation,we present a complex chaotic oscillator detection system of the Duffing type.Such a dynamic system is sensitive to the initial conditions and highly immune to complex white Gaussian noise,so it can be used to detect a weak complex signal against a background of strong noise.Results of the Monte-Carlo simulation show that the proposed detection system can effectively detect complex single frequency signals and linear frequency modulation signals with a guaranteed low false alarm rate.     

基于免疫的自适应性网络入侵检测模型设计

自然免疫系统与计算机安全问题有很多相似性,两者主要工作都是如何区分“自我”与“非我”。文章根据人工免疫的原理、体系结构,建立了一种基于免疫原理的自适应性网络入侵检测系统模型,以改进现有网络入侵检测系统的性能;详细给出了该模型在计算机中的数学描述、系统结构及具体实现;并在网络环境下完成了模拟攻击实验。     

基于免疫接种的多代理分布式入侵检测技术研究

根据入侵检测与人工免疫机理之间的相似性,提出一种基于人工免疫系统的入侵检测分布式代理模型.该模型描述了代理在网络安全中分布式信息和安全防护的应用.提出了一种智能代理的层次式结构及动态进化模型,给出了自我集、抗原、免疫耐受、成熟代理的生命周期及免疫记忆等相应的递归公式.实验证明该模型具有较强的实时处理能力,可以有效地提高网络入侵检测的性能.     

一种改进的计算机免疫模型

通过对生物免疫系统和计算机免疫系统的比较,提出了一种改进的计算机免疫模型.该模型针对计算机免疫系统中自体动态变化比生物体更为频繁的特点,提出了成熟免疫细胞的否定选择机制,并给出了成熟细胞的否定选择算法;同时模型还针对计算机免疫系统中非自体的多样性和广泛性,提出了对记忆细胞的动态降职机制,并给出了记忆细胞动态降职算法.将该模型运用于网络入侵检测应用的实验表明,模型具有更强的动态特征和鲁棒性.     

基于人工免疫的NIDS研究进展

现有网络入侵检测系统的关键不足在于不能识别未知模式的入侵，智能水平低。生物免疫系统的自我保护机制对设计新的网络入侵检测系统具有很好的借鉴意义。论文通过抽取生物免疫系统中所蕴涵的各种信息处理机制，将网络数据传输行为分为正常和异常行为，分别对应为网络的自我与非我，建立了一个基于人工免疫的网络入侵检测系统原型。系统中蕴涵的生物免疫机制主要有非我识别机制、免疫进化机制等。本文着重介绍此原型系统的结构和特征、免疫识别算法，并进行了实际检测实验。实验结果表明生物免疫的自我保护机制在网络入侵检测系统方面具有很强的应用前景。     

基于生物免疫特性的主机免疫模型

针对传统计算机安全防护理论的不足,提出了一种采用生物免疫思想解决主机安全问题的方法.该方法确定了主机免疫系统的目标,即实现自适应分布式主机安全防护,设计了主机免疫系统的结构框架,对各组成部分进行定义和描述,同时给出了生物免疫系统与主机免疫模型组件映射关系表,在此基础上提出了系统的数学模型并讨论了模型的重要特征,重点对分布式特性、协同刺激和多样性进行了分析.讨论与仿真结果表明,该设计基本达到主机免疫系统模型的5项设计目标.     

基于危险理论的入侵检测系统模型

入侵检测是网络安全技术研究中热点问题之一．现有入侵检测系统模型大多报警量巨大,另外不能对系统当前所面临的攻击进行实时定量危险评估,为解决这两个问题,提出了一种基于危险理论的入侵检测系统模型DTIDS．对网络活动中自体、非自体、免疫细胞、记忆检测器、成熟检测器和未成熟检测器进行了形式化描述,建立了主机实时危险定量计算方程...     

一种改进的动态克隆选择免疫算法在入侵检测中的应用研究

给出自体、非自体、抗原、抗体、免疫细胞的定义,改进亲和力计算公式,提出可控变异和随机变异方法并以此改进动态克隆选择算法。设计并实现基于该改进免疫算法的入侵检测系统(IDS)模型,仿真实验表明,改进后的算法有效提高入侵检测系统的自适应性。     

基于免疫赦免的入侵检测方法研究

针对现有网络安全技术的缺陷,将生命医学中的免疫赦免原理引入到入侵检测领域,提出了入侵免疫赦免的概念,给出了入侵免疫赦免系统模型及其各个功能模块的形式化定义,并说明了构建该模型时所需要的技术与机制.重点研究了入侵免疫赦免系统的赦免机制及原理,并给出了一个与免疫机制协同工作的入侵赦免触发器（赦免植入Agent,IPAT）.     

基于人工免疫机制的入侵检测技术

现有网络入侵检测系统的大都不能识别未知模式的入侵，智能水平低，生物免疫系统提供了一种的健壮的、自组织、分布式的防护体系，对设计新的网络入侵检测系统具有很好的借鉴意义，详细介绍了对当前入侵检测中所应用的免疫机制。