Information Technology Reference
In-Depth Information
(2)Negative Selection
In immune system, negative selection is to protect body cells from mis-damage. In
other words, there can not exist any behavior vector in AI that is same or very similar
to ones in AN. In negative selection algorithms, the similarity between a element in
AI and the behavior set AN need to be calculated. Based on this similarity, the ele-
ments with a similarity equal to 1 or very close to 1 will be ruled out to avoid false
positive alerts. The steps are listed in Figure 3.
4 Synthesized Distance Model
4.1 Mathematic Modeling
As we described above, a network behave was abstracted into an n-dimensional
vector,
. It is called as a point in n-dimensional vector space. The col-
lection of all these points constitutes a behavior surface. In intrusion detection system,
we are concerned about abnormal behavior and normal behavior of collections. In or-
der to facilitate drawing, a collection of normal behaviors will be abstracted to a
“normal plane” in a three-dimensional space, and a collection of abnomal behaviors
will be abstract to a "abnormal plane". These two planes are shown in Figure 4 and
Figure 5. Here, P and Q represent two points in this space.
X
=
[
x
,
x
,
L
,
x
]
1
2
n
z
P
x
o
C
A
Q
D
y
V
B
U
Fig. 4. The simple distance model of behavior vector to abnormal plane
 
Search WWH ::




Custom Search