Abstract
Inspired by the relationship between the antibody concentration and the intrusion network traffic pattern intensity, we present a Novel Intrusion Detection Approach learned from the change of Antibody Concentration in biological immune response (NIDAAC) to reduce false alarm rate without affecting detection rate. In NIDAAC, the concepts and formal definitions of self, nonself, antibody, antigen and detector in the intrusion detection domain are given. Then, in initial IDS, new detectors are generated from the gene library and tested by the negative selection. In every effective IDS node, according to the intrusion network traffic pattern intensity, the change of antibody number is recorded from the process of clone proliferation based on the detector evolution. Finally, building upon the above works, a probabilistic calculation model for intrusion alarm production, which is based on the correlation between the antibody concentration and the intrusion network traffic pattern intensity, is proposed. Compared with Naive Bayes (NB), Multilevel Classifier (AdaBoost) and Hidden Markov Model (HMM), the false alarm rate of NIDAAC is reduced by 8.66%, 4.93% and 6.36%, respectively. Our theoretical analysis and experimental results show that NIDAAC has a better performance than previous approaches.
Similar content being viewed by others
References
Li T (2005) An introduction to computer network security. Publishing House of Electronics Industry, Beijing
Kemmerer RA, Vigna G (2005) HI-DRA: Intrusion detection for Internet security. Proc. IEEE 93(10):1848–1857
Hamsici OC, Martinez AM (2008) Bayes optimality in linear discriminant analysis. IEEE Trans Pattern Anal Mach Intell 30(4):647–657
Hu WM, Hu W, Maybank S (2008) Adaboost-based algorithm for network intrusion detection. IEEE Trans Syst Man Cybern Part B—Cybern 38(2):577–583
Hu JK, Yu XH, Qiu D (2009) A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection. IEEE Netw 37(2):373–384
Forrest S, Hofmeyr SA (1997) Computer immunology. Commun ACM 40(10):88–96
Li T (2004) Computer immunology. Publishing House of Electronics Industry, Beijing
Forrest S, Perelson AS (1994) Self-nonself discrimination in a computer. In: Proceedings of IEEE international symposium on security and privacy, Oakland, pp 202–212
Kim J, Bentley P (2002) Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection. In: Proceedings of IEEE congress on evolutionary computation, Honolulu, pp 1015–1020
Li T (2005) An immune based dynamic intrusion detection model. Chin Sci Bull 50(22):2650–2657
Mullighan CG, Philips LA, Su XP (2008) Genomic analysis of the clonal origins of relapsed acute lymphoblastic leukemia. Science 322(5906):1377–1380
Burnet FM (1959) The clonal selection theory of acquired immunity. Cambridge University Press, New York
Han BR, Herrin BR, Cooper MD (2008) Antigen recognition by variable lymphocyte receptors. Science 321(5897):1834–1837
Wrammert J, Smith K, Miller J (2008) Rapid cloning of high affinity human monoclonal antibodies against influenza virus. Nature 453(7195):667–672
Jerne NK (1974) Towards a network theory of the immune system. Ann Immunol (Inst Pasteur) 125C:373–389
Lee KH, Holdorf AD, Dustin ML (2002) T cell receptor signaling precedes immunological synapse formation. Science 295(5559):1539–1542
Kim J (2002) Integrating artificial immune algorithms for intrusion detection. Dissertation, University of London
Perelson AS, Weisbuch G (1997) Immunology for physicists. Rev Mod Phys 69(4):1219–1267
Li T (2008) Dynamic detection for computer virus based on immune system. Sci China Ser F 51(10):1475–1486
Aydin MA, Zaim AH, Ceylan KG (2009) A hybrid intrusion detection system design for computer network security. Comput Electr Eng 35(3):517–526
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zeng, J., Liu, X., Li, T. et al. A novel intrusion detection approach learned from the change of antibody concentration in biological immune response. Appl Intell 35, 41–62 (2011). https://doi.org/10.1007/s10489-009-0202-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10489-009-0202-y