基于粗糙集和人工免疫的集成入侵检测模型

doi:10.3969/j.issn.1000-436x.2013.09.020

Abstract

Abstract:

According to the problems of intrusion detection,an integrated intrusion detection model based on rough set and artificial immune (RSAI-IID) was proposed by using rough set and integrating misuse detection and anomaly detection.The rough set method was used to achieve the vaccine which was injected in the model,to get better vaccine,and to optimum the performances of detection; misuse detection was used to get off the known intrusions; anomaly detection was used to detect the novel intrusions.RSAI-IID model was validated on KDD 99 dataset.The experimental results show its feasibility and effectiveness.

Key words: rough set;, artificial immune system, misuse detection, anomaly detection, integrated intrusion detection model based on rough set and artificial immune

Ling ZHANG,Zhong-ying BAI,Shou-shan LUO,Kang XIE,Guan-ning CUI,Mao-hua SUN. Integrated intrusion detection model based on rough set and artificial immune[J]. Journal on Communications, 2013, 34(9): 166-176.

Figures/Tables 13

算法名称	时间复杂度	空间复杂度
DCA	$O (35 N_{2}^{2})$	O(500(L+1))
NSA	O(LN₂K)	O((L+1)K )
RSA	O(M(M+1)N₁)	O(MN₁K₁L)
IAIS	O(N(L₁N₂+LNK))	O(MN₁K₁L)
RSAI-IIDA	O(N₂(L₁N₂₂+LN₂K))	O(MN₁K₁)

References 26

[1]	ANDERSON J P . Computer Security Threat Monitoring and illance[R]. Pennsylvania, 1980.
[2]	卿斯汉, 蒋建春, 马恒太 . 入侵检测技术研究综述[J]. 通信学报, 2004,24(7): 19-29. QING S H , JIANG J C , MA H T . Research on intrusion detection techniques:a survey[J]. Journal on Communications, 2004,24(7): 19-29.
[3]	DENNING DOROTHY E . An intrusion deteetion model[J]. IEEE Transaction on Software Engineer on Software Engineering, 1987,13(2): 222-232.
[4]	FORREST S , PERELSON A , ALLEN L ,et al. Self-nonself diserimination in a computer[A]. Proeeedings of the 1994 IEEE Symposium on Research in Security and Privacy[C]. Los Alamitos, 1994. 202-212.
[5]	HOFMEYR S , FORREST S . Architecture for an artificial i mune system[J]. Evolutionary Computation, 2000,8(4): 443-473.
[6]	YANG H , GUO J H , DENG FQ . Collaborative RFID intrusion detection with an artificial immune system[J]. Journal of Intelligent Information Systems, 2011,36(1): 1-26.
[7]	梁可心, 李涛, 刘勇 . 一种基于人工免疫理论的新型入侵检测模型[J]. 计算机工程与应用, 2005,41(2): 129-133. LIANG K X , LI T , LIU Y . A new model of intrusion detecti based on artificial immune theory[J]. Computer Engineering and Applications, 2005,41(2): 129-133.
[8]	OU C M . Host-based intrusion detection systems adapted from agent-based artificial immune systems[J]. Neuro Computing, 2011,88(1): 1-9.
[9]	陈岳兵, 冯超, 张权 . 面向入侵检测的集成人工免疫系统[J]. 通信学报, 2012,33(2): 125-131. CHEN Y B , FENG C , ZHANG Q . Integrated artificial immune system for intrusion detection[J]. Journal on Communications, 2012,33(2): 125-131.
[10]	ZENG J , LIU X J , LI T ,et al. A novel intrusion detection approach learned from the change of antibody concentration in b logical immune response[J]. Springer Applied Intelligence, 2011,35(1): 41-62.
[11]	LI Y Z , JING C W , XU J . A New Distributed Intrusion Detection Method Based on Immune Mobile Agent[R]. Berlin Springe, 2010.233-243.
[12]	PAWLAK Z . Rough sets[J]. International Journal of Comp and Information Science, 1982,11(5): 341-356.
[13]	PAWLAK Z , GZYMALA BUSSE J , SLOWINSKI R . Rough sets[J]. Communications of the ACM, 1995,38(11): 88-95.
[14]	GU C H , ZHANG X Q . A rough set and SVM based intrusion detection classifier[A]. 2009 the Second International Workshop Computer Science and Engineering[C]. Qingdao,China, 2009.155: 106-110.
[15]	朱有产, 熊伟, 静永文 . 基于Rough Set 理论的综合分类器设计与实现[J]. 通信学报, 2006,24(11): 63-67. ZHU Y C , XIONG W , JING Y W . Design and realization of integrated classifier based on Rough Set[J]. Journal on Communications, 2006,24(11): 63-67.
[16]	LI L , ZHAO K N . A new intrusion detection system based on rough set theory and fuzzy support vector machine[A]. IEEE I lligent Systems and Applications (ISA)[C]. Wuhan,China, 2011. 1-5.
[17]	前进, 苗夺谦, 张泽华 . 云计算下知识约简算法[J]. 计算机学报, 2011,34(12): 2332-2343. QIAN J , MIAO D Q , ZHANG Z H . Knowledge reduction algor thms in cloud computing[J]. Chinese Journal of Computers, 2011,34(12): 2332-2343.
[18]	苗夺谦, 李道国 . 粗糙集理论、算法及应用[M]. 北京: 清华大学出版社, 2008. MIAO D Q , LI D G . Rough Sets Theory Algorithms and Applications[M]. Beijing: Tsinghua University PressPress, 2008.
[19]	GONZALEZ F A , DASGUPTA D . Anomaly detection using realvalued negative selection[J]. Genetic Programming and Evolvable Machine, 2003,4(4): 383-403.
[20]	GREENSMITH J , TWYCROSS J , AICKELIN U . Dendritic cells for anomaly detection[A]. IEEE Congress on Evolutionary Computation (CEC2006)[C]. Vancouver,Canada, 2006. 664-671.
[21]	GU F , GREENSMITH J , AICKELIN U . Further exploration of the dendritic cell algorithm[A]. International Conference n Artificial Immune System[C]. Phuket Thailand, 2008. 142-153.
[22]	HU W M , HU W , MAYBANK S . Adaboost-based algorithm for network intrusion detection[A]. IEEE Trans Syst Man Cybern Part B-Cybern[C]. Beijing,China, 2008. 577-583.
[23]	KAYACIK H G,ZINCIR-HEYWOOD A N , HEYWOOD M I . Selecting features for intrusion detection:a feature relevance analysis on KDD 99 intrusion detection datasets[A]. The Third Annual Conference on Privacy,Security and Trust[C]. New Brunswick,Canada, 2006. 85-89.
[24]	邬书跃, 田新广 . 基于隐马尔可夫模型的用户行为异常检测新方法[J]. 通信学报, 2007,28(4): 38-43. WU S Y , TIAN X G . Method for anomaly detection of user behaviors based on hidden Markov models[J]. Journal on Communications, 2007,28(4): 38-43.
[25]	AGARWAL R , JOSHI M V . PNrule:a new framework for lear ing classifier models in data mining (a case-study in network intrusion detection)[A]. The First SIAM Conference on Data Mining[C]. Chicago,USA, 2001. 1-17.
[26]	SHINGO M , CHEN C , LU N N . Intrusion-detection model based on fuzzy class-association-rule mining using genetic programming network[J]. IEEE Transactions on Systems,Man,and Cybernetics, 2011,41(1): 130-139.

Metrics

Recommended 0

No Suggested Reading articles found!

类型	优点	缺点
异常检测	对未知攻击检测有效	虚警率高
异常检测	对冒充合法用户的入侵检测率高	需要实时地建立和更新系统或用户的特征轮廓，计算量大
	技术比较成熟	不能检测未知入侵
误用检测	对已知攻击检测率高，虚警率低	漏警率比较高特征库必须不断更新
误用检测	采用匹配模式，计算量小	对于系统内部攻击的越权行为，很难检测

生物免疫系统(BIS)	人工免疫系统(AIS)
抗原	采集的在线数据
B细胞、T细胞	检测器
抗体对抗原的识别	抗体和抗原的绑定
记忆细胞	记忆细胞
协同刺激	人工确认信号
注射疫苗	更新特征库
抗原检测/免疫应答	抗原检测/应答

文献	贡献
文献[7,8,9,10,11]	使用人工免疫原理进行异常检测，能有效地对未知攻击进行检测，系统具有自适应能力
文献[14,15]	将粗糙集算法用于异常检测中，可以有效地获取决策规则
文献[16]	将支持向量机和粗糙集方法进行结合研究，结合不同的机器学习方法

数据域	转换	位数
2	TCP、UDP和ICMP分别为01、11、11表示	2
3	按首字母编号1~66，转换成二进制	7
4	按首字母编号1~11，转换成二进制	4
{7,12,14,15,21,22}	编码不变，分别为0和1	1
8	转化成二进制	2
9	转化成对应的二进制	2
11	共含5类，用0~4的二进制表示	3
17	转化成二进制	4
18	转化成二进制	2
19	转化成二进制	3
31	原始值乘以100，再转化成二进制	7
其他	按低00，中01，高10和极高11分类	2

W(权值)	协同刺激信号(CSM)	半成熟信号（SEMI）	成熟信号（MAT）
PAMP(P)	2	0	2
安全信号(S)	1	0	1
危险信号(D)	2	3	-3

Integrated intrusion detection model based on rough set and artificial immune

RichHTML

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

Figures/Tables 13

References 26

Related Articles 15

Metrics

Recommended 0

规则数	约简前	约简后
自体规则数	15 100	1 341
非自体规则数	62 600	820

类别	方法	文献	检测率	虚警率
免疫原理	RFID	[6]	约0.98	约0.006
	克隆免疫	[7]	大于0.95	约0.14
	IAIS	[9]	0.969 1	0.032 1
	NIDAAC	[10]	0.956 2~0.960 6	0.019 5~0.040 4
	免疫代理	[11]	0.084~0.995	无
	NSA	[19]	约0.95	约0.01
	DCA	[21]	约0.75	约0
粗糙集	RSSVM	[19]	约0.98	约0.05
	综合分类算法	[21]	94.24	0.28
	RS-FSVM	[16]	0.90	14.24
其他算法	AdaBoost	[22]	0.900 4~0.908 8	0.065 5~0.089
	K-NN	[23]	0.910 0	0.080 0
	HMM	[24]	0.951 6（平均）	0.013 2（平均）
	PNrule	[25]	0.911 0	0.004 0
	FSA	[26]	0.987(误用)	0.042 8
			0.944(异常)	0.122
	RSAI-IID	本文	0.978 6	0.026 8

类别	样本数	类型	明细	TP	平均TP
正常	85	Normal	85	1.00
		Probe	3	1.00
		R2L	5	0.60	0.958
攻击数据	35	Vulnerability	13	0.923	0.958
		Dos	6	0.677
		U2R	8	1.00

[1]	Weigang HUO, Rui LIANG, Yonghua LI. Anomaly detection model for multivariate time series based on stochastic Transformer [J]. Journal on Communications, 2023, 44(2): 94-103.
[2]	Jianxin LIAO, Xiaoyuan FU, Qi QI, Jingyu WANG, Haifeng SUN. 6G-ADM: knowledge based 6G network management and control architecture [J]. Journal on Communications, 2022, 43(6): 3-15.
[3]	Xueyuan DUAN, Yu FU, Kun WANG. Multi-dimensional time series anomaly detection method based on VAE-WGAN [J]. Journal on Communications, 2022, 43(3): 1-13.
[4]	Ping WU, Chaowen CHANG, Zhibin ZUO, Yingying MA. Address overloading-based packet forwarding verification in SDN [J]. Journal on Communications, 2022, 43(3): 88-100.
[5]	Haili SUN, Xiang LONG, Lansheng HAN, Yan HUANG, Qingbo LI. Overview of anomaly detection techniques for industrial Internet of things [J]. Journal on Communications, 2022, 43(3): 196-210.
[6]	Zhuo CHEN, Miao ZHU, Junwei DU. Multi-view graph neural network for fraud detection algorithm [J]. Journal on Communications, 2022, 43(11): 225-232.
[7]	Xueyuan DUAN, Yu FU, Kun WANG, Taotao LIU, Bin LI. Network traffic anomaly detection method based on multi-scale characteristic [J]. Journal on Communications, 2022, 43(10): 65-76.
[8]	Tieming CHEN,Chengqiang JIN,Mingqi LYU,Tiantian ZHU. Intelligent detection method on network malicious traffic based on sample enhancement [J]. Journal on Communications, 2020, 41(6): 128-138.
[9]	Qi QI,Runye SHEN,Jingyu WANG. GAD:topology-aware time series anomaly detection [J]. Journal on Communications, 2020, 41(6): 152-160.
[10]	Xiaohui YANG,Shengchang ZHANG. Anomaly detection model based on multi-grained cascade isolation forest algorithm [J]. Journal on Communications, 2019, 40(8): 133-142.
[11]	Yi-wei GAO,Rui-kang ZHOU,Ying-xu LAI,Ke-feng FAN,Xiang-zhen YAO,Lin LI. Research on industrial control system intrusion detection method based on simulation modelling [J]. Journal on Communications, 2017, 38(7): 186-198.
[12]	Zhi-jun WU,Jing-an ZHANG,Meng YUE,Cai-feng ZHANG. Approach of detecting low-rate DoS attack based on combined features [J]. Journal on Communications, 2017, 38(5): 19-30.
[13]	Ying-xu LAI,Zeng-hui LIU,Xiao-tian CAI,Kai-xiang YANG. Research on intrusion detection of industrial control system [J]. Journal on Communications, 2017, 38(2): 143-156.
[14]	Tai-ming ZHU,Yuan-bo GUO,An-kang JU,Jun MA. Business process mining based insider threat detection system [J]. Journal on Communications, 2016, 37(Z1): 180-188.
[15]	. Research on network anomaly detection based on one-class SVM and active learning [J]. Journal on Communications, 2015, 36(11): 136-146.