信息网络安全 ›› 2020, Vol. 20 ›› Issue (12): 19-27.doi: 10.3969/j.issn.1671-1122.2020.12.003

• 技术研究 • 上一篇    下一篇

基于改进V-detector算法的入侵检测研究与优化

何泾沙1, 韩松2(), 朱娜斐1, 葛加可3   

  1. 1.北京工业大学信息学部,北京 100124
    2.国核电力规划设计研究院有限公司,北京 100095
    3.中国人民大学信息学院,北京 100872
  • 收稿日期:2020-07-13 出版日期:2020-12-10 发布日期:2021-01-12
  • 通讯作者: 韩松 E-mail:418594110@qq.com
  • 作者简介:何泾沙(1961—),男,陕西,教授,博士,主要研究方向为网络安全、测试与分析、云计算|韩松(1994—),男,陕西,硕士,主要研究方向为信息安全|朱娜斐(1981—),女,河南,副教授,博士,主要研究方向为网络安全、隐私保护和区块链|葛加可(1993—),男,山西,博士研究生,主要研究方向为信息安全
  • 基金资助:
    国家自然科学基金(61602456)

Research and Optimization of Intrusion Detection Based on Improved V-detector Algorithm

HE Jingsha1, HAN Song2(), ZHU Nafei1, GE Jiake3   

  1. 1. Department of Information Science, Beijing University of Technology, Beijing 100124, China
    2. State Nuclear Electric Power Planning Design & Research Institute Co., LTD., Beijing 100095, China
    3. School of Information, Renmin University of China, Beijing 100872, China
  • Received:2020-07-13 Online:2020-12-10 Published:2021-01-12
  • Contact: HAN Song E-mail:418594110@qq.com

摘要:

随着互联网用户数量的剧增,网络威胁也在迅速增长,传统的被动防御措施不足以防御日益多变的网络入侵。传统入侵检测系统原理是收集病毒特征再进行特征匹配,对于未知病毒,传统检测机制存在滞后性。面对日益繁杂的网络安全环境,研究基于人工免疫理论的入侵检测系统具有重要意义。文章首先介绍人工免疫理论的核心思想否定选择算法,进而介绍实值否定选择算法和V-detector算法。针对V-detector算法的不足,进行3个方面的改进:提出基于定距变异的克隆选择算法提高检测器生成效率;提出去冗算法减少检测器冗余,加快算法收敛;引入并改进假设检验方法,对检测器集合的覆盖率进行评估。实验证明,文章提出的改进V-detector算法能有效提升检测精度,减少检测黑洞,并大大缩减检测时间。

关键词: 入侵检测, V-detector算法, 假设检验

Abstract:

With the rapid increase in the number of Internet users, network threats are also growing rapidly. Traditional passive defense measures are not enough to defend against the ever-changing network intrusions. The principle of traditional intrusion detection system is to collect virus features and then match them. For unknown viruses, the traditional detection mechanism lags behind. Facing the increasingly complex network security environment, it is of great significance to study intrusion detection system based on artificial immune theory. This paper first introduces the core idea of artificial immune theory, which is negative selection algorithm, and then introduces real value negative selection algorithm and V-detector algorithm. In view of the shortcomings of V-detector algorithm, three improvements are made. The clonal selection algorithm based on distance variation is proposed to improve the efficiency of detector generation. The de-redundancy algorithm is proposed to reduce detector redundancy and accelerate algorithm convergence. The improved hypothesis testing method is used to evaluate the coverage of the detector set. Experiments show that the improved V-detector algorithm can effectively improve the detection accuracy, reduce the detection of black holes, and greatly reduce the detection time.

Key words: intrusion detection, V-detector algorithm, hypothesis testing

中图分类号: