关键词: 入侵检测系统 误用检测 异常检测 粒子群优化 人工免疫

Abstract:

Currently, the false positive and false negative rates of Intrusion Detection Systems（IDS） are very high. They are always the key problems in IDSs.   But anomaly detection and misuse detection are two main technologies applied in IDSs. Because both the technologies have their own advantages and complementarity, this paper presents a model of IDS based on the combination of misuse detection and anomaly detection. In this model, misuse detection is bas ed on particle swarm opti- mization （PSO） and anomaly detection is based on artificial immunology. Furthermore, this model takes advantage of feature   selection to reduce the dimension of the problem and improve the performance. The experiments illustrate that the proposed hybrid detection system can get a high detection rate with a low false alarm rate and can update the rules automatically, which shows its efficiency.

Key words: IDS, misuse detection, anomaly detection, particle swarm optimization, artificial immunology