基于免疫机理的自适应Agent在网络入侵检测系统中的应用

传统的入侵检测系统主要采用的是异常检测和误用检测的方法，误报率和漏报率较高，自适应性较差．难以满足当前的网络安全需求。文章针对当前入侵检测系统存在的这些问题提出了一种基于免疫机理的．利用自适应Agent技术实现的入侵检测系统模型，该系统采用了三种Agent．一种是预警Agent．它们通过监听流量发现异常，发出入侵预警警报；一种是评估Agent，它们通过收集各个Agent对于当前事件的预测建议得出是否是入侵的结论；管理Agent处于系统的最高层，在进行系统训练时发挥作用，判定评估Agent的结论是否正确．并给出反馈意见，评估Agent根据管理Agent的反馈意见对预警Agent的权值进行修正．该系统结合了异常检测和误用检测的优点，具备在线升级自身的抗体权值的能力．从而提高了系统抵御攻击的能力和自适应性。

The Research of Immune Based Adaptive Agent Applied in Network Intrusion Detection

The traditional intrusion detection system mostly employs misused detection method or anomaly detection method. Its miss rate and the false positive rate are quite high and its adaptability is less, so it is difficult to meet extensive security demand of the network. The paper describes an immune based adaptive distributed network intrusion detection system model; the model employs three types of Agent: predictor Agents are used for sniffing traffic and detect anomalies; assessor Agents weight the prediction of predictor Agents and draw a binary conclusion; manager Agents judge if the prediction from the assessor Agent was right or not, sending him back the results. The model not only can detect intrusions by predictor Agents but also can update the weights automatically and constantly according to the previous performance of each predictor Agent. Then the model improves the ability of detecting intrusions and the adaptability of the system.