改进的否定选择算法及其在入侵检测中的应用  被引量：5

作　　者：贾琳 杨超 宋玲玲 程镇 李琲珺 JIA Lin;YANG Chao;SONG Ling-ling;CHENG Zhen;LI Bei-jun(School of Computer and Information Engineering,Hubei University,Wuhan 430062,China;Hubei Provincial Education Information Engineering Technology Research Center,Wuhan 430062,China;Hubei Key Laboratory of Applied Mathematics,School of Mathematics and Statistics,Hubei University,Wuhan 430062,China)

机构地区：[1]湖北大学计算机与信息工程学院,武汉430062 [2]湖北省教育信息化工程技术研究中心,武汉430062 [3]湖北大学数学与统计学学院应用数学湖北省重点实验室,武汉430062

出　　处：《计算机科学》2021年第6期324-331,共8页Computer Science

基　　金：国家自然科学基金(61977021);应用数学湖北省重点实验室开放基金资助项目(HBAM201902)。

摘　　要：否定选择算法(Negative Selection Algorithm, NSA)作为人工免疫系统的典型算法被广泛应用于入侵检测中。针对传统否定选择算法在处理入侵检测问题时出现的准确率低、误报率高以及检测器集合冗余度高等问题,提出了一种改进的否定选择算法并将其应用到入侵检测中。其主要思想是:首先通过密度峰值聚类算法对非自体抗原进行聚类,生成一类已知检测器,该检测器可检测已知入侵行为;然后定义异常点并将其优先作为候选检测器中心,计算和生成未知检测器,该检测器可检测未知入侵行为,以此降低检测器生成的随机性。在实验阶段,选择准确率(Accuracy, AC)和误报率(False Alarm, FA)作为评价指标。分别在KDDCUP99和CSE-CIC-IDS2018数据集上进行了仿真实验,实验结果表明,所提算法在这两种数据集上均有较低的误报率和较高的准确率,这验证了其具有较好的检测效果。As a typical algorithm of artificial immune system,negative selection algorithm(NSA)is widely used in intrusion detection.Aiming at the problems of low accuracy,high false alarm rate and high redundancy of detector set in the traditional negative selection algorithm,an improved negative selection algorithm is proposed and applied to the intrusion detection.The main idea is as follows:first,non-self-antigens is clustered by density peak clustering algorithm to generate a known detector,which can detect the known invasion behavior.Then the abnormal point is defined and it is taken as the center of candidate detector preferentially to calculate and generate unknown detector,which can detect unknown intrusion behavior,so as to reduce the randomness of detector generation.In the experimental stage,AC(accuracy)and FA(false alarm)are selected as evaluation indexes.The algorithm has been simulated on the KDDCUP99 and CSE-CIC-IDS2018 data sets,and the experimental results show that the algorithm has lower false alarm rate and higher accuracy rate on the two data sets,which verifies the proposed improved method has a better detection effect.

关 键 词：人工免疫 入侵检测 否定选择 密度聚类 检测器 

分 类 号：TP309[自动化与计算机技术—计算机系统结构] TP393[自动化与计算机技术—计算机科学与技术]