The Research of Immune Based Adaptive Agent Applied in Network Intrusion Detection

The traditional intrusion detection system mostly employs misused detection method or anomaly detection method. Its miss rate and the false positive rate are quite high and its adaptability is less, so it is difficult to meet extensive security demand of the network. The paper describes an immune based adaptive distributed network intrusion detection system model; the model employs three types of Agent: predictor Agents are used for sniffing traffic and detect anomalies; assessor Agents weight the prediction of predictor Agents and draw a binary conclusion; manager Agents judge if the prediction from the assessor Agent was right or not, sending him back the results. The model not only can detect intrusions by predictor Agents but also can update the weights automatically and constantly according to the previous performance of each predictor Agent. Then the model improves the ability of detecting intrusions and the adaptability of the system.