Abstract: This paper proposes an intrusion detection model based on Artificial Immune System(AIS)/Self Organizing Map(SOM). It detects anomaly attack by AIS, and applies SOM to the detected-anomaly classification. This model can detect the unknown attaction and get more information about intrusion due to the combinition with the advantages of misuse detection and anomaly detection, and simulates it with KDDCUP 99 data. Experimental results show that the method is effective, which can classify the detected anomaly connections and give more information about such anomaly connection with low false rate and high positive rate.

Key words: Artificial Immune System(AIS), Self Organizing Map(SOM), intrusion detection, Genetic Algorithm(GA), anomaly detection

摘要： 针对异常检测信息获取不足的缺点，提出基于混合人工免疫系统(AIS)/自组织映射(SOM)的入侵检测模型。该模型采用人工免疫系统检测网络异常，对检测到的异常连接用自组织映射进行分类，应用KDDCUP99实验数据集进行仿真。结果表明该检测方法是有效的，能够将检测到的异常连接分类并给出异常连接的更多信息，检测和分类效率较高、误报率低。

关键词: 人工免疫系统, 自组织映射, 入侵检测, 遗传算法, 异常检测

CLC Number: 

• TP309