A Danger-Theory-Based Abnormal Traffic Detection Model in Local Network

To solve the problem that abnormal traffic including Internet worm and P2P downloading has occupied the LANpsilas bandwidth, a danger-theory-based model to detect anomaly traffic in LAN is presented in this paper. The definition is given, in this paper, to such terms as dangerous signal, antigens, antibodies and memory antibodies. Besides, matching rule between antigen and antibody is improved. Experiments show the outstanding performance of the proposed model in real-time property, high detection rate and unsupervised learning.

[1]  R. Gray Entropy and Information Theory , 1990, Springer New York.

[2]  P. Matzinger,et al.  Essay 1: The Danger Model in Its Historical Context , 2001, Scandinavian journal of immunology.

[3]  Li Tao An Immune Based Model for Network Monitoring , 2006 .

[4]  F. Burnet The clonal selection theory of acquired immunity , 1959 .

[5]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.