Research on Situation Evaluation Based on Artificial Immune for Network Security

As a new research area of network security, network security situation evaluation is significant for achieving large-scale network security monitoring. In this paper, the artificial immune technology is applied to the study of situation evaluation for network security. Mathematical expressions of immune elements such as antibodies, antigens are established, and basic immune mechanism such as self-tolerance, clone selection, immune memory are achieved. According to the relationships between concentration changes of antibodies and attack intensity of pathogens in biological immune system, a situation evaluation model for network security is proposed. In addition, this paper adopts the uncertainty reasoning method in the cloud theory to make multi-granularity analysis for network security situation. By modeling the security situation indicator, and using cloud rules generator and reverse cloud generator, we can get qualitative results of hosts and network's security situation. Theoretical analysis and experimental results show that the model is effective to evaluate situation for network security with advantages of real-time, adaptability and high accuracy.