An Immune Based Model for Network Monitoring

In a traditional computer immune system(CIS),the detector training efficiency is very low,and,there is no dynamic evolutionary mechanism for self/nonself definition,resulting a lower self-adaptability,therefore,not satisfying the requirements of network monitoring in a real network environment.To solve this problem,a new immune based model,which is called AINM for computer network monitoring,is proposed.The concepts and the formal definitions of self,nonself,antigen,detector and digital evidence are introduced.Furthermore,the dynamic evolutive models and the recursive equations to the self,antigen,dynamic computer forensics,immunological tolerance,and the detector lifecycle are presented. The simulation for this model has been given.The experiment result shows that the new model has the capability of real-time,self-learning,self-adaptive and diversity.