基于生物免疫学的入侵监测及在计算机安全中的应用-计算机应用专业论文.docxVIP

南京耻1二火学f{!；|I：论殳 南京耻1二火学f{!；|I：论殳 l^1二生物钯疫学的入侵愉测垃m计算机立争中的心用 摘 要 本项研究对生物免疫系统辨别自身物质的机理非常感兴趣，主要的工作是探索生物 免疫系统与计算机安全系统的相似性。通过借鉴生物免疫系统的检测特性，建立适合计 算机安全的检测方法。通过对入侵检测与生物免疫学领域中已有成果的研究和文献资料 的收集整理，理清了入侵检测系统领域诸多算法的研究发展脉络，提出了一种基于生物 免疫学的入侵检测模型，探讨了其在入侵检测方面的应用价值。在分析建立检测模型过 程中．在模型框架中引入了分川j式概念。使系统具有较好的可扩充性和稳定性。为了实 现系统的通用性和跨平台性，本文还就检测系统行为分别在LINUX和WINDOWS平台上探 讨了获取系统调用序列的几种方法，并比较了各种方法的优缺点。最后将该模型应用于 基于主机的入侵检测。系统不仅可以检测新的入侵手段(基于异常入侵检测)．而且根 据以往记忆IjJA侵模式．当再次采用该利，方式攻击系统州，可高效、快速地检测出入侵 基于模式的检测。本文的最后还论述了iJ_以用上述方法检测计算机病毒可行性。 关键字： 入侵检测，生物免疫学，I冽络安全，系统调用序列，病毒 坐坚竺!!查竺竺!!：堡苎 坐坚竺!!查竺竺!!：堡苎 竺!!!!竺堡竺竺垒垡竺型竖i：生望!!兰竺尘坚坐!! Abstract This paper focuses the principle of how immunology system identifies its own materials．The main iob iS to explore the similarity between the immunology system and the computer security system．According to the detection traits ofthe immunology system，we set up detection method fits tO the computer security．Through the investigations of the extensive research productions and documents，the development process and the mutuality of related important algorithms in this field tided up and presented in this paper,and together with ilnmunology based intrusion detection modal，and its value in the intrusion detection field．1n the process of analysing and building the detection modal，we put the distribution concept into the modal frame in order to give the systeln good stability and extensibility．In order to implement the generality and crossing—platforms，the discussion about how to get the system calls sequences t11e dil沁rent platforms such LINUX and WINDOWS is still made；and with comparison of their goods and bads．At the end of the paper；we implement the modal into the mainfiame based detection system，The system not only detect the new intrusion method，but also rapidly detect the intrusions which all’eady known by the detection system． In the end，we discuss the feasibility of detecting the computer virus due to the method discussed above． Keyword：Intrusion detection，hnlnunology，Network Sec