基于免疫机理的侵测系统的研究.ppt

Outline Context of Network Security Problem Significance of Studying Intrusion Detection Technique Advance in IDS Advance in AIS and its application to computer security Main research work Study methodology and notion Innovations and features of the dissertation References Context of Network security Problem Context of network security Problem Context of network security Problem Context of network security Problem Significance of Studying Intrusion Detection Technique Significance of Studying Intrusion Detection Technique Significance of Studying Intrusion Detection Technique Significance of Studying Intrusion Detection Technique Significance of Studying Intrusion Detection Technique Significance of Studying Intrusion Detection Technique Advance in IDS technique Advance in IDS technique Advance in IDS technique Advance in IDS technique Advance in IDS technique Advance in AIS and its application in computer security field Advance in AIS and its application in computer security field Advance in AIS and its application in computer security field Advance in AIS and its application in computer security field 5. Main study work Main study work Main study work Main study work Main study work Main study work Research method and thought Research method and thought Research method and thought Research method and thought 7. Main innovation and features of dissertation References Thanks for your attendance! 二、在以往文献的克隆选择算法中，关于检测器（抗体）亲和力进化，只用到了变异和选择算子，所以论文欲研究抗体进化的免疫算法，首次提出在该算法中增加了多克隆算子（McAb Operator）和接种疫苗算子(Vaccination Operator)，目的是产生的检测器具有多样性、特异性、自学习性，能检测未知攻击。 三、在前面工作的基础之上，研究实现一个基于免疫机理的入侵检测系统，该检测系统不仅能检测网络层、传输层的攻击（IP探测、端口扫描、Dos攻击等），而且能检测应用层的攻击（如CGI、FTP、PHP注入漏洞攻击等）。在此过程中从理论上对检测率（detection rate）、漏检率(false positive error rate)、检测器覆盖(detector cover)、检测漏洞(detection hole)、检测器冗余进行分析。 四、在NIS中，“自我”是指机体的自身组成成份；在IDS中，“自我”是指合法的、可接受的操作模式或网络连接模式。利用免疫原理进行入侵检测研究的一个基础就是自我集的构造，根据negative selection算法的思想，检测器的产生依据就是自我集。在目前的研究中，自我集的构造是静态的，未考虑其动态进化，而且构造方法主要是在假定自我集的构造阶段不存在入侵事件的基础上，通过观察来定义。另外，由于自我集的构造是静态