The method of constructing a dynamic and self-adaptive virtual network is suggested to puzzle adversaries, delay and
divert attacks, exhaust attacker resources and collect attacking information. The concepts of Honeypot and Honeyd,
which is the frame of virtual Honeypot are introduced. The techniques of network scanning including active fingerprint
recognition are analyzed. Dynamic virtual network system is designed and implemented. A virtual network similar to real
network topology is built according to the collected messages from real environments in this system. By doing this, the
system can perplex the attackers when Hackers attack and can further analyze and research the attacks. The tests to this
system prove that this design can successfully simulate real network environment and can be used in network security
Snort can only give an alarm about the attack in windows platform, but it can not linkage firewall in real-time, so this
paper propose a novelty method of building a distribution internet security defense system which based on windows
IPSec and IDS in this paper. This method combines two of them successfully by adding keywords, new rules and
making new IP security policy; Besides, an encryption algorithm named twofish is applied to encrypt the data which can
effective protect host. At last, an attack experiment is shown.
To speed algorithm convergence and avoid early-maturing, the theory of Uniform Design Sampling (UDS) is used to
redesign the crossover operation of Genetic Algorithm and to improve the similarity of cyber-chromosome which is
correlated with Detector Redundancy. A new detector prioritization scheme is built on the basis of the combination of
partial searching strategy and a new method to evaluate the data of redundancy. Simulation experiment demonstrates that
this scheme maintains the variety, efficiency and sufficiency of the detector. Our scheme has a better performance in
searching velocity, global optimal ability. Detection rate is increased and false alarm rate is decreased to a certain degree.
To improve detecting rates and reduce false detection of distributed network intrusion detection system, and to improve
parallel processing ability of distributed intrusion detection system,co-evaluation computation-based distributed intrusion
detection system is proposed. Optimized immune detecting method is used to reduce redundancy of detector. Multiagents
evaluation computation is used to enhance self-learning ability and self-adaptation ability of network intrusion
detection. Co-evaluation technology is used to speed co-evaluating of multi-agents in network intrusion detection system
and then improve evaluating ability of distributed system. Experiments verify the validity of the method.
Antibody had a detecting effect in immune system. Simulating the generating and evolution and working process of the antibody in immune system is the key to build an immune-based intrusion detection system (IDS). This paper proposes a clone selection immune algorithm based on T-cell immunity. In this algorithm we adopt novel genotype and phenotype representations integrated with matching rule, which can show flexibly the 'or' relation between the rules for classifying. Besides, it makes generating detector more effective by introducing negative selection operator.
The traditional intrusion detection systems mostly adopt the analysis engine of the concentrating type, so the misinformation rate is higher and lack of self-adaptability, which is already difficult to meet increasing extensive security demand of the distributed network environment. An immunity-based model combining immune theory, data mining and data fusion technique for dynamic distributed intrusion detection is proposed in this paper. This system presents the method of establishing and evolving the set of early gene, and defines the sets of Self, Nonself and Immunity cells. Moreover, a detailed description is given to the architecture and work mechanism of the model, and the characters of the model are analyzed.
Computational Intelligence is the theory and method solving problems by simulating the intelligence of human using computer and it is the development of Artificial Intelligence. Fuzzy Technique is one of the most important theories of computational Intelligence. Genetic Fuzzy Technique and Neuro-Fuzzy Technique are the combination of Fuzzy Technique and novel techniques. This paper gives a distributed intrusion detection system based on fuzzy rules that has the characters of distributed parallel processing, self-organization, self-learning and self-adaptation by the using of Neuro-Fuzzy Technique and Genetic Fuzzy Technique. Specially, fuzzy decision technique can be used to reduce false detection. The results of the simulation experiment show that this intrusion detection system model has the characteristics of distributed, error tolerance, dynamic learning, and adaptation. It solves the problem of low identifying rate to new attacks and hidden attacks. The false detection rate is low. This approach is efficient to the distributed intrusion detection.
Traditional IDS (Intrusion Detection System) performs detection by matching the sample pattern with the intrusion pattern that has been defined, as a result the IDS loses the diversity and the self-adaptation and can not detect the variation intrusion and the unknown intrusion. This paper gives a distributed intrusion detection approach based on the Artificial Immune System. It defines the Self, Nonself and immune cell and builds an intrusion detection model composed of memory cell, mature cell and immature cell and also gives the environment definition, matching rule, training detection system, immune regulation and memory, monitor generation and so on. The result of the experiment show that this intrusion detection system model has the characters of distributed, error tolerance, dynamic learning, adaptation and this approach is efficient to the network intrusion detection.