Zhang Yanchao,Que Xirong,Wang Wendong,Cheng Shiduan

DOI: https://doi.org/10.1109/ICII.2001.983489

2001-01-01

Abstract:Network intrusion detection is one of the most popular research topics. Existing network-based intrusion detection systems have drawbacks in many aspects, among of which the two outstanding problems are the high ratio of false alarms and the lack of self-adaptation. An overview of the human immune system is presented and its salient features that can contribute to the design of competent network-based IDS are analyzed. Then a network-based intrusion detection model is described, which is inspired by the human immune system, and its characteristics are analyzed in full

Chun XU,Xiao-jie LIU,Tao LI,Hui ZHAO,Nian LIU,Sun-jun LIU

DOI: https://doi.org/10.3969/j.issn.1009-3087.2007.05.023

2007-01-01

Abstract:A new denial of service intrusion detection model based on the immune danger theory was presented, according to the characteristic of denial of service intrusion. The model and the antibody evolution algorithm were designed and realized. In the model, antigen/antibody was classified by consanguinity, the procedure of antigen ap-optosis and necrosis were defined, and both danger signal and risk of network were calculated. This model can detect denial of service intrusion by the danger signal and risk of network. The results of the experiment showed that the method can not only keep the advantages of self-learning and self-adaptation of intrusion detection based on tradition artificial immune artificial immune, but also decrease the false positive rate by 87.5%.

Zhanfei Ma,Xuefeng Zheng

DOI: https://doi.org/10.1109/wgec.2008.56

2008-01-01

Abstract:Recently network intrusion detection is one of the hottest research topics. Existing network-based Intrusion Detection System (IDS) has drawbacks in many aspects, among of which the two outstanding problems are the high ratio of false alarms and the lack of self-adaptation. The powerful information processing capabilities of the biological immune system, such as feature extraction, pattern recognition, learning, memory, and its distributive multi-layer defence mechanisms provide rich metaphors for designing a computer immune defence system. In this approach, the authors propose a novel multi-layer defence mechanisms based on immunity, which is capable of detecting and identifying both known and unknown intrusions, elaborating a specialized response measure. Besides that, the proposed defence mechanisms have the same learning and adaptive capability of the biological immune system, and so it is able to monitor networked computer's activities at different levels, and to improve its response under subsequent exposures to the same attack. This on-going research effort is not to mimic simply the immunology characteristics but to explore and learn valuable lessons useful for self-adaptive immune intrusion prevention systems.

LIU Nian,LIU Yong,LI Tao,LIU Sun-jun

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.01.030

2009-01-01

Abstract:In order to change the current passive network security defense situation depending on traditional network security tools,such as firewall,network vulnerability scanning and intrusion detection etc,the artificial immune technology is applied to network security situation awareness.This technology adopts intrusion detection model based on immune to realize the detection of known and unknown intrusion behaviors,and establishes real-time and quantitative network risk evaluation model based on the corresponding relationship between the antibody concentration variation of biological immune system and the intrusion rate of pathogen.During the trend forecast of network security situation,ARMA model based on time series is adopted to make real-time and quantitative analysis and forecast on network security situation and its future trend,in this way,it can reduce the risk of network attack effectively and improve the emergency logistic support ability of network information system.The experiment result shows that this system can adjust network security strategy timely and efficiently,provide overall security guarantee for the system and is a good solution to active network security defense.

YU Feng,WANG Min,ZHAO Jian,GAO Xiang

DOI: https://doi.org/10.3969/j.issn.1000-7180.2006.10.036

2006-01-01

Abstract:The traditional intrusion detection system mostly employs misused detection method or anomaly detection method. Its miss rate and the false positive rate are quite high and its adaptability is less, so it is difficult to meet extensive security demand of the network. The paper describes an immune based adaptive distributed network intrusion detection system model; the model employs three types of Agent: predictor Agents are used for sniffing traffic and detect anomalies; assessor Agents weight the prediction of predictor Agents and draw a binary conclusion; manager Agents judge if the prediction from the assessor Agent was right or not, sending him back the results. The model not only can detect intrusions by predictor Agents but also can update the weights automatically and constantly according to the previous performance of each predictor Agent. Then the model improves the ability of detecting intrusions and the adaptability of the system.

DONG Xiao-mei,YU Ge,XIAO Ke,XIANG Guang

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.10.013

2005-01-01

Abstract:The problems a computer security system faced and needed to solve is quite similar with those of a biological immune system. Immune based intrusion detection techniques can incorporate the advantages of both anomaly intrusion detection and misuse intrusion detection. In this paper, immune based intrusion detection approaches are studied. The methods of constructing self set and generating valid detectors are researched and improved. A novel valid detector generation algorithm is proposed based on the negative selection mechanism. According to the new algorithm, less valid detectors are needed to detect the abnormal activities in the network. Therefore, the speed of generating valid detectors and intrusion detection is improved. By comparing with those based on existing algorithms, the intrusion detection system based on the new algorithm has higher speed and is accuracy.

Yu-Fang Zhang,Gui-Hua Sun,Zhong-Yang Xiong

DOI: https://doi.org/10.1109/ICMLC.2006.258837

2006-01-01

Abstract:This paper presents a novel method of intrusion detection based on artificial immune system. Adopting the constraint-based detectors and any-r intervals matching rule, a novel solution is presented to encode the antibody-antigen. Some immune related concepts are introduced. In order to accelerate the accessing of the normal IP packets, the self-pattern class is proposed. Using the data sets of KDD CUP1999, the experiment results show that the proposed method can achieve a faster running speed and better detecting rates. It also can adapt to dynamically changing environments

GAO Zhiqiang,HU Xiaoqin

DOI: https://doi.org/10.11772/j.issn.1001-9081.2013.10.2842

2013-01-01

Journal of Computer Applications

Abstract:The system adopted artificial immune theory.Through analyzing the detection results of the traditional realtime intrusion detection system Snort,and according to the characteristic that antibody concentration dynamically changes with the network intrusion intensity,the current risk value of network was calculated to reflect all kinds of attacks and overall risk profile.Snort relies on the rule matching to detect data packets.The detection process does not take into account the current network risk,resulting in the problem of high false positives rate.This system set pass threshold and dropped threshold based on different degree of attack danger to reduce the false alarm rate of Snort,and took pass,alarm,discard packet,etc. as response measures according to the risk value.The experimental results show that the system can calculate the real-time risk faced by the host and network accurately,reduce the false positive rate and take response measures according to risk value effectively.

RF Li,C Wang,XY Tu

DOI: https://doi.org/10.1109/icnsc.2005.1461170

2005-01-01

Abstract:Natural immune system has many features for inspirations to computer security. From this paradigm, a new multi-agent model for network-based intrusion detection system is presented. We briefly summarize the main mechanisms of immunology from information processing perspective and concisely review the related works. Moreover, some mechanisms, including cloning with hyper-mutation, affinity maturation, and stigmergy are incorporated to this new model for network intrusion detection. Its conceptual view and working mechanism are described, and its characteristics, autonomous, robust, adaptable, and lightweight, are discussed.

Ruijuan Zheng,Huiqiang Wang

DOI: https://doi.org/10.1109/IMSCCS.2006.144

2006-01-01

Abstract:The principle and development of bio-inspired Computer Immune System are surveyed. A computer network immune system model intending to remove the three hidden perils of computer security (Intrusion, Virus, Abnormity) .. LAN Immune System Model based on Host(LISMH) is presented. The workflow of virus detection and removal in LISMH are emphasized and its strongpoint comparing to other computer immune system models is discussed. The future work on LISMH is prospected.

Rong Deng,Xiu Yin Zhang

DOI: https://doi.org/10.4028/www.scientific.net/AMR.121-122.482

2010-01-01

Abstract:In this article an Immune Based Intrusion Detection Model (IBIDM) was built to simulate the dynamic relationships between the intrusion antigen intensity and the antibody concentration in the biological immune systems. In IBIDM, traditional detection rules and network traffic patterns are mapped to antibodies and antigens respectively. The network security situation is presented in the form of detector numbers to help reduce false alarm rate. Computer simulations show that the proposed model is effective for intrusion detection.

段丹青,陈松乔,杨卫平

DOI: https://doi.org/10.3969/j.issn.1673-629X.2004.08.036

2004-01-01

Abstract:The concepts of Intrusion Detection System (IDS) has been introduced,and the main weaknesses in current IDS has been pointed out.In order to solve the problems in existing IDS,the artificial immunology is introduced in our network-based IDS.According to the feature of human immune system,a multi-agent network-based intrusion detection system based on artificial immunology has been proposed.The system adopts the distributed architecture based on multi-agent,employs the artificial immune mechanism including negative selection,clonal selection,gene library evolution,associative memory and so on,therefore,the system has the features of adaptability,being distributed,self-recognition and extendibility.

Wenjian Luo,Xianbin Cao,Xufa Wang

DOI: https://doi.org/10.1007/3-540-45600-7_40

2001-01-01

Abstract:Current network intrusion detection systems are of low intelligence level and have the main deficiency as being unable to detect new intrusive behaviors of unknown signatures.The protection mechanism of natural immune system has brought us inspirations to design a novel network intrusion detection system. The research on modeling a NIDS with natural immune system just started, including the negative selection algorithm proposed by S. Forrest and the basic system model proposed by J. Kim. Based on their works, this paper proposed a novel system structure including affinity mutation, which was used to improve the performance of anomaly detection, and established an basic system based on artificial immunology. This paper stressed on the novel construction and testing experiments. Result of the experiments proved that the application of the protection mechanism of natural immune system to network intrusion detection system has an exciting perspective.

XR Yang,JY Shen,R Wang

DOI: https://doi.org/10.1109/icmlc.2002.1176712

2002-01-01

Abstract:A network intrusion detection model based on artificial immune theory is proposed in this paper. In this model, self patterns and non-self patterns are built upon frequent behaviors sequences, then a simple but efficient algorithm for encoding patterns is proposed. Based on the result of encoding, another algorithm for creating detectors is presented, which integrates a negative selection with the clonal selection. The algorithm performance is analyzed, which shows that this method can shrink each generation scale greatly and create a good niche for patterns evolving.

Yan Zhang,Caiming Liu

DOI: https://doi.org/10.1109/cis54983.2021.00059

2021-01-01

Abstract:Biological immune mechanism may resist the invasion of pathogens. Its application in network security research can improve the ability of network security protection. Through simulating the biological immune mechanism, an immune algorithm for network security data detection is designed and implemented in this paper. The variables in the immune environment and the parameter variables required by the system environment are defined to ensure the effective operation of the proposed algorithm. Four sub immune algorithms are designed, which include immune environment initialization, feature extraction, immune evolution and immune detection. They are used to realize the sub processes of network data security detection. The overall algorithm is designed to integrate each sub algorithm, and make the network data feature extraction, immune evolution and immune detection run at the same time through multithreading. The prototype system of the proposed algorithm is programmed and tested. Test results show that the proposed algorithm can effectively simulate the evolution and recognition mechanism of biological immune system, and can detect the security problems in network data in real time.

Almotasem Bellah Alajlouni

DOI: https://doi.org/10.48550/arXiv.1707.07226

2017-07-22

Networking and Internet Architecture

Abstract:The human body has a very effective Immune system used to protect the body from dangerous foreign pathogens. This paper aims at studying the immunology and understanding how it works, it also shaded light on the usage of the immunology principles in the computer network security. It also suggested a new network security model which detects attacks that invades the LANs. This study based on human immune system (IS). This model help protecting the datalink layer by suggesting solution to detect the foreign frames in computer network traffic. In this model, the frame format is changed in a way that prevents the sender from sending his MAC address, and he send a unique identifier (ID) instead. Moreover, a special network switch will replace the sender ID with the corresponding MAC address and forward the packets to their right destination.

MA Zhan-fei,ZHENG Xue-feng

DOI: https://doi.org/10.3969/j.issn.1001-3695.2008.03.072

2008-01-01

Abstract:Drawing the inspiration from biology immune mechanism,a novel distributed agent intrusion detection system(DAIDS) model was given based on its principle and architecture to improve the capability of detection of current network intrusion detection systems.The real-time detection of the host network was realized by the multi-agents collaboration of this model,which had such characteristics as diversity,distributed,self-adaptability,tolerance,dynamic and expansibility,and so on.In the design process,the better algorithm and model based on biological immunity characteristic was discussed.The agent mechanism was considered as a method of communication and monitor,as far as possible few takes the system resource,enhanced the system efficiency,and guaranteed the higher security level.At the same time,a novel intrusion detection opinion was proposed in the network security fields.

CHEN Hui-ming,CHEN Wen,LIANG Gang

DOI: https://doi.org/10.3969/j.issn.1671-0428.2012.10.003

IF: 5.105

2012-01-01

Computers & Security

Abstract:Traditional intrusion detection system faces the defects of huge alarm quantity and high false positives rate.In order to overcome the defects,a network security risk assessment-based intrusion detection method is proposed in this article.The method calculates network security risk uses the latest research results of artificial immune theory,which mainly include that the antibody concentration changes dynamic with strength of invasion.Then dynamicly set the alarm strategy based on real-time security risks faced by the current network.The experimental results show that the model can calculate host and network risk in real time and quantitative,the alarm quantity and the false positives rate is greatly reduced.

Lei Deng,De-yuan Gao

DOI: https://doi.org/10.1109/nswctc.2009.87

2009-01-01

Abstract:Intrusion Detection Systems (IDSs) are increasingly a key part of systems defense. Various approaches to Intrusion Detection are currently being used, but they are relatively ineffective. Recently applying Artificial Intelligence, machine learning and data mining techniques to IDS are increasing. Artificial Intelligence plays a driving role in security services. This paper proposes an Immune based Adaptive Intrusion Detection System Model (IAIDSM). Analyzing the training data obtaining from internet, the self behavior set and nonself behavior set can be obtained by the partitional clustering algorithm, then it extracts Self and nonself pattern sets from these two behavior sets by association rules and sequential patterns mining. The Self and nonself sets can update automatically and constantly online. So IAIDSM improves the ability of detecting new type intrusions and the adaptability of the system.

Tieshan Zhao,Zengzhi Li,Zemin Wang,Xiaofen Lin

DOI: https://doi.org/10.1109/isda.2006.253760

2006-01-01

Abstract:Intrusion detection systems' adaptability and diversity have been researched for long time. With the development of computer immunology, the dynamic clonal selection algorithm is tried to solve the problem. Based on some improved dynamic clonal selection algorithms, an adaptive intrusion detection algorithm is presented in this paper. According to the algorithm, an intrusion detection system is composed of a self-body antigen set, a memorial immunocyte set, a mature immunocyte set and an immature immunocyte set. An immature immunocyte grows into a mature one if it goes through self-tolerance. A mature immunocyte grows into a memorial one if it matches enough non-self-body antigens in limited time and it goes through co-stimulation. A memorial immunocyte doesn't die until it can't go through co-stimulation. Immature immunocytes are generated with clone and hypermutation methods when necessary. The self-body antigen set is renewed during above co-stimulation. Simulation experiments prove that the algorithm have good adaptability and diversity