A novel intrusion detection approach learned from the change of antibody concentration in biological immune response

Authors:
Jie Zeng;Xiaojie Liu;Tao Li;Guiyang Li;Haibo Li;Jinquan Zeng
Affiliations:
Department of Computer Science, Sichuan University, Chengdu, China;Department of Computer Science, Sichuan University, Chengdu, China;Department of Computer Science, Sichuan University, Chengdu, China;Department of Computer Science, Sichuan University, Chengdu, China;Department of Computer Science, Sichuan University, Chengdu, China;School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China
Venue:
Applied Intelligence
Year:
2011

Citing 7
Cited 3

Computer immunology

Communications of the ACM
Self-Nonself Discrimination in a Computer

SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection

CEC '02 Proceedings of the Evolutionary Computation on 2002. CEC '02. Proceedings of the 2002 Congress - Volume 02
Bayes Optimality in Linear Discriminant Analysis

IEEE Transactions on Pattern Analysis and Machine Intelligence
A hybrid intrusion detection system design for computer network security

Computers and Electrical Engineering
A simple and efficient hidden Markov model scheme for host- based anomaly intrusion detection

IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
AdaBoost-Based Algorithm for Network Intrusion Detection

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection

Applied Intelligence
An intrusion detection and alert correlation approach based on revising probabilistic classifiers using expert knowledge

Applied Intelligence
A distance sum-based hybrid method for intrusion detection

Applied Intelligence

Quantified Score

Hi-index	0.00

Visualization

Abstract

Inspired by the relationship between the antibody concentration and the intrusion network traffic pattern intensity, we present a Novel Intrusion Detection Approach learned from the change of Antibody Concentration in biological immune response (NIDAAC) to reduce false alarm rate without affecting detection rate. In NIDAAC, the concepts and formal definitions of self, nonself, antibody, antigen and detector in the intrusion detection domain are given. Then, in initial IDS, new detectors are generated from the gene library and tested by the negative selection. In every effective IDS node, according to the intrusion network traffic pattern intensity, the change of antibody number is recorded from the process of clone proliferation based on the detector evolution. Finally, building upon the above works, a probabilistic calculation model for intrusion alarm production, which is based on the correlation between the antibody concentration and the intrusion network traffic pattern intensity, is proposed. Compared with Naive Bayes (NB), Multilevel Classifier (AdaBoost) and Hidden Markov Model (HMM), the false alarm rate of NIDAAC is reduced by 8.66%, 4.93% and 6.36%, respectively. Our theoretical analysis and experimental results show that NIDAAC has a better performance than previous approaches.