To detect more and more attacks effectively and solve problems of high false positives and false negatives in traditional Intrusion detection system (IDS), this paper presents a novel IDS model-Immune principle based intrusion detection system (IPIDS). With useful mechanisms of immune system, such as natural selection, negative selection and clone selection, IPIDS establishes normal rule pools. Data packets captured from network are abstracted and then matched to short sequences in the rules. We give an algorithm to measure the correlation degree between two rules in IPIDS. Data packets that deviate from normal rules are considered as anomaly. At worst, IPIDS alarms to the administrator, who gives conclusions whether the data packets are intrusive. In the end, our experimental results have proved that IPIDS proposed in this paper can improve the ability of real-time detection and accuracy of intrusion detection effectively.
展开▼