借鉴免疫危险理论,利用抗体浓度,提出了一种网络入侵风险检测和定量评估方法。首先,为了更准确地检测出入侵,建立了抗原、各类抗体(未成熟抗体、成熟抗体、记忆抗体)的动态演化方程;其次,为了正确评估入侵风险,建立了每类攻击的抗体浓度的定量表示方法;依据每类攻击的危害性以及每台主机的重要性不同,给出了某个主机以及整个网络面临攻击时的风险值计算方程;最后进行了仿真和对比实验。实验结果表明,该方法可以高效检测出网络入侵,并能正确评估每一台主机和网络整体面临任何一类攻击及全部攻击时的风险。
An immune antibody concentration based method was proposed for detection and quantitative assessment of network intrusion risk. First, in order to detect the intrusion accurately, the dynamic evolution equations of Ag and various Alas (inunature Ab, mature Ab and memory Ab) were designed. Second, the quantitative equations of Ab concentration were established for each type of attack in order to assess the intrusion risk. Based on different dangers of each attack and the impo~_nce of each host, the risk equations for a given host and the whole network were presented. Finally, the simulation and comparison experiments were done to test the method. The experimental results prove that using the method, the intrusion attacks can be dected effectively, and the risk that the host and network will bear when they face each attack and the whole attacks can be also evaluated.