The authors design and develop an immune-based network intrusion detection system--AINIDS, which includes a data collector component, a packet head parser and feature extraction component, antibody generation and antigen detection component, co-stimulation and report component and rule optimization component. The antibody generation and antigen detection component is the key module of AINIDS. In the component the passive immune antibodies and the automatic immune antibodies that include memory automatic immune antibodies and fuzzy automatic immune antibodies are proposed by analogy with natural immune system. The passive immune antibodies inherit available rules and can detect known intrusion rapidly. The automatic immune antibodies integrate statistic method with fuzzy reasoning system to improve the detection performance and can discover novel attacks. AINIDS is tested by the data collected from the LANs and by the data from 1999 DARPA intrusion detection evaluation data sets. Both experiments prove AINIDS that includes antibody generation and antigen detection component has good detection rate for old and new attacks.