四、研究方案、论文进度安排及预期达到的目标

研究方案及进度安排：

(1)2009年9月—2010年1月

实际与理论相结合立题，广泛收集国内外相关领域的文献资料并做分析研究，熟悉相关知识，掌握相关技术要点;

(2)2010年3月—2010年9月

在先前工作的基础上，在协同进化算法中，有一个重要的步骤就是解种群和测试种群的划分。如果能有一个好的划分方案，那么将使协同进化算法的性能达到最大。针对这个问题，主要是采用从各子群中选择最优的个体和任意一个其他个体，分别于待评价个体结合，构成两个合作团体，分别对其进行评价，并选择适应度较大者作为待评价个体的适应值，同时编制出一般性程序;

(3)2010年10月—2010年12月

进一步完善理论和程序，根据协同进化算法的步骤，结合现在已有的遗传算法中的交叉变异的方法，通过大量实验来得到在setp2中的交叉和变异的中最优的方法。并实际应用到IDS系统中。

(4)2011年1月—2011年3月

撰写毕业论文、准备答辩。

预期达到的目标：

(1) 基于协同进化算法的研究成果，通过提高IDS中检测器的检测率、减少误报率，改善系统的综合性能，能够使系统满足网络实时要求的需要。

(2) 在国内或国际期刊上发表相关文章只少一篇。

(3) 在IDS中应用本论文的研究成果，在真实的环境中运行系统，使系统能够高效率、高检测率的运行。

五、预计研究过程中可能遇到的困难和问题以及解决的措施

1.自体/检测器的表示方法是人工免疫算法中的一个难点。目前流行的检测器表示方法有两种：二进制表示法和实值表示法。这两种表示方法各有优缺点：二进制表示为异常检测提供了一种易于分析的有限问题空间，却很难处理那些本身适合使用实值表示的应用，并产生很高的误报率;采用实值表示能够增加检测器的多样性、改善算法的可扩展性并且能够从生成的检测器中提取高级别知识，却易受到空间维数的影响。因此，需要一种新的检测器表示方法去解决这些问题。对此，拟采用空间中互不相交的邻域表示检测器，利用部分匹配法生成成熟检测器集合。

2.在合作型协同进化遗传算法中，代表个体起到了非常重要的作用。那么如何选择一个代表个体，这是一个很难的问题。对此采用这种方法：选择其他种群中的最优个体作为代表个体，对于初始字种群的个体评价，由于无法驱动最优个体，代表个体随机选择，该方法简单易行，计算量小，适用于决策变量的各分量之间连接不强的情况。

3.在合作型协同进化遗传算法中，由于其是建立在种群分割的基础上的。在于种群分割时，如何决策变量进行客观而非人为的分解，从而形成一定数量的协同进化种群，没有一个很好的方法。对此只有通过大量的实验数据和自己的经验来进行。

六、主要参考文献

[1] Hart E, Timmis J. Intelligence Approach [M]. Berlin: Springer, 2002:23-50.

[8] Esponda F, Ackley E S, Forrest S and et al. Online negative databases[C].In Proceedings of 3rd International Conference on Artificial Immune System. Catania, Italy, 2004:175-188.

[9] 焦李成,杜海峰. 人工免疫系统进展与展望[J]. 电子学报，2003，31(10)：1540-1547.

[10] Forrest S, Perelson A S, Allen L. Self-nonself discrimination in a computer [C].In Proceedings of IEEE Society Symposium on Research in Security and Privacy and Privacy 1994, Massachusetts, USA, 1994: 202-212.

[11] Chao D L, Davenport M P, Forrest S and et al. Modelling the impact of antigen kinetics on T-cell activation and response [J]. Immunology and Cell Biology. 2004, 82(1): 55-61.

[12] D’haeseleer P. An immunological approach to change detection: theoretical results [C]. In Proceedins of Computer Security Foundation Workshop 1996, Kenmare, Ireland, 1996: 18-26.

[13] D’haeseleer P, Forrest S, Helman P. An immunological approach to change detection: algorithm, analysis and implications [C]. In Proceedings of IEEE Symposium of Security and Privacy 1996, Oakland, CA, USA, 1996: 110-119.

[14] Hamfeyr S A , Forrest S. Immunity by design: an artificial immune system[C]. In proceedings of Genetic and Evolutionary Computation Conference 1999, San Francisco, USA, 1999: 1289-1296.

[15] Balthrop J, Forrest S, Clickman M. Revisiting lisys: parameters and normal behaviour [C]. In proceedings of Congress on Evolutionary computation 2002, Honolulu, HI, USA, 2002: 1045-1050.

[16] Gonzalez F, Dasgupta D. Anomaly detection using real-valued negative selection [J]. Journal of Genetic Programming and Evolvable Machines. 2003, 4(4): 383-403.

[17] Gonzalez F, Dasgupta D, Nino L F. A randomized real-valued negative selection algorithm [C]. In Proceedings of Second International Conference on Artificial Immune Systems 2003. Edinburgh, UK, 2003: 261-272.

[18] Balthrop J, Esponda F, Forrest S and et al. Coverage and generalization in an artificial immune system [C]. In Proceedings of first International Conference on Artificial Immune System 2002, Canterbury, UK, 2002: 3-10.

[19] Gao X Z, Ovaska S J, Wang X. Genetic algorithm based detector generation in negative selection algorithm [C]. In Proceedings of Adaptive and Learning Systems 2006. Logan, USA, 2006: 133-137.

[20] Amaral J L M, Amaral J F M, Morin D and et al. An immune fault detection system with automatic detector generation by genetic algorithm [C]. In Proceedings of the Seventh International Conference on Intelligence Systems Design and Applications 2007. Rio de Janeiro, Brazil, 2007: 283-288.

[21] Zhou Ji, Dasgupta D. Real-valued negative selection algorithm with variable-sized detectors. In Proceedings of the Conference on Genetic and Evolutionary Computation 2004. Seattle, New York, USA, 2004: 287-298.[22] Zhou Ji, Dasgupta D. Estimating the detector coverage in a negative selection algorithm. In Proceedings of the Conference on Genetic and Evolutionary Computation 2005. Washington DC, USA, 2005: 281-288.

[23] Zhou Ji. A boundary-aware negative selection algorithm [C]. In Proceedings of Artificial Intelligence and Soft Computation 2005. Benidom, Spain, 2005: 12-14.

[24] Zhou Ji, Dasgupta D. V-Detector: An Efficient Negative Selection Algorithm with “Probably Adequate” Detector Coverage [J]. Information Science. 2009, 179(10): 1390-1406.

[25] Hu Zhengbin, Zhou Ji, Ma Ping. A novel anomaly detection algorithm based on real-valued negative selection [C]. In Proceedings of First International Workshop on Knowledge Discovery and Data Mining 2008. Adelaide, Australia, 2008: 499-502.

[26] Gonzalez L J, Cannady J. A self-adaptive negative selection approach for anomaly detection [C]. In Proceedings of Evolutionary Computation 2004. In Proceedings of Congress on Evolutionary Computation 2004. Poland, OR, 2004: 19-23.

[27] Amaral J L M, Amaral J F M, Tanscheit R. Real-valued Negative Selection Algorithm with a Quasi-Monte Carlo Genetic Detector Generation [C]. In Proceedings of 6th International Conference on Artificial Immune System 2007. Santos, Brazil, 2007: 156-167.

[28] Lee H M, Mao C H. A self-adaptive evolutionary negative selection approach for home anomaly events detection [C]. In Proceedings of Knowledge-Based Intelligent Information and Engineering Systems 2007. Vietri sul Mare, Italy, 2007: 325-332.

[29] 蔡涛，鞠时光，仲魏等. 基于切割的检测器生成算法[J]. 电子学报, 2009, 37(4A): 131-134.

[30] Gonzalez F, Dasgupta D, Kozma R. Combining negative selection and classification technique for anomaly detection [C]. In proceedings of Congress on Evolutionary computation 2002, Honolulu, HI, USA, 2002: 705-710.

[31] Gonzalez F, Dasgupta D. An immunity-based technique to characterize intrusions in computer networks [J]. IEEE Transactions on Evolutionary Computation, 2002, 6(3): 281-291.

[32] Chmielewski A, Wierzchon S T. Simple method of increasing the coverage of nonself region for negative selection algorithms [C]. In Proceedings of the 6th International Conference on Computation Information Systems and Industrial Management Applications 2007. Elk Poland, 2007: 155-160.

[33] Chmielewski A, Wierzchon S T. V-Detector algorithm with tree-based structures [C]. In Proceedings of the International Multiconference on Computer Science and Information Technology 2006. Wisla Poland, 2006: 11-16.

[34] 蔡涛，鞠时光，牛德姣. 快速否定选择算法的研究与分析[J]. 小型微型计算机系统, 2009, 30(6): 1171-1174.

[35] Luo Wenjian, Zhang Zeming, Wang Xufa. A heuristic detector generation algorithm for negative selection algorithm with hamming distance partial matching rule [C]. In Proceedings of International ConferenApplication areas of AIS: the past, the present and the future [J]. Applied Soft Computing, 2005, 8(1): 191-201.

[2] Branco P J C, Dente J A. Using immunology principle for fault detection[J]. Industrial Electronics. 2003, 50(2): 362-373.

[3] Boukerche A, Machado R B, Juca R L. An agent based and biological inspired real-Time intrusion detection and security model for computer network operations [J].Computer Communications, 2007, 30(13): 2649-2660.

ce on Artificial Immune System 2006, Oeiras, Portugal, 2006: 229-243.