An Intrusion Detection Method Based on Changes of Antibody Concentration in Immune Response

Although the research of immune-based anomaly detection technology has made some progress, there are still some defects which have not been solved, such as the loophole problem which leads to low detection rate and high false alarm rate, the exponential relationship between training cost of mature detectors and size of selfantigens. This paper proposed an intrusion detection method based on changes of antibody concentration in immune response to improve and solve existing problems of immune based anomaly detection technology. The method introduces blood relative and blood family to classify antibodies and antigens and simulate correlations between antibodies and antigens. Then, the method establishes dynamic evolution models of antigens and antibodies in intrusion detection. In addition, the method determines concentration changes of antibodies in the immune system drawing the experience of cloud model, and divides the risk levels to guide immune responses. Experimental results show that the method has better detection performance and adaptability than traditional methods.

[1]  LiDeyi,et al.  Study on the Universality of the Normal Cloud Model , 2005 .

[2]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Dipankar Dasgupta,et al.  Artificial immune systems in industrial applications , 1999, Proceedings of the Second International Conference on Intelligent Processing and Manufacturing of Materials. IPMM'99 (Cat. No.99EX296).

[4]  Uwe Aickelin,et al.  Danger Theory: The Link between AIS and IDS? , 2003, ICARIS.

[5]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[6]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[7]  Julie Greensmith,et al.  Immune System Approaches to Intrusion Detection - A Review , 2004, ICARIS.

[8]  Stephanie Forrest,et al.  Immunity by design: an artificial immune system , 1999 .

[9]  Jonathan Timmis,et al.  Artificial immune systems as a novel soft computing paradigm , 2003, Soft Comput..

[10]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[11]  Jason Shifflet A TECHNIQUE INDEPENDENT FUSION MODEL FOR NETWORK INTRUSION DETECTION , 2005 .

[12]  Kevin P. Anchor,et al.  CDIS: Towards a Computer Immune System for Detecting Network Intrusions , 2001, Recent Advances in Intrusion Detection.