Share Email Print
cover

Proceedings Paper

AINIDS: an immune-based network intrusion detection system
Author(s): Qiao Yan; Jianping Yu
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

Intrusion detection can be looked as a problem of pattern classification. Since intrusion detection has some intrinsic characteristic such as high dimensional feature spaces, linearity non-differentiation, severe unevenness of normal pattern and anomaly pattern, it is very difficult to detection intrusions directly by use of classical pattern recognition method. Nature immune system is a self-adaptive and self-learning classifier, which can accomplish recognition and classification by learning, remembrance and association. First we use four-tuple to define nature immune system and intrusion detection system, then we give the mathematic formalization description of performance index of intrusion detection system. Finally we design and develop an immune-based network intrusion detection system-- AINIDS, which includes a data collector component, a packet head parser and feature extraction component, antibody generation and antigen detection component, co-stimulation and report component and rule optimization component. The antibody generation and antigen detection component is the key module of AINIDS. In the component the passive immune antibodies and the automatic immune antibodies that include memory automatic immune antibodies and fuzzy automatic immune antibodies are proposed by analogy with natural immune system. The passive immune antibodies inherit available rules and can detect known intrusion rapidly. The automatic immune antibodies integrate statistic method with fuzzy reasoning system to improve the detection performance and can discover novel attacks. AINIDS is tested by the data that we collect from our LANs and by the data from 1999 DARPA intrusion detection evaluation data sets. Both experiments prove AINIDS has good detection rate for old and novel attacks.

Paper Details

Date Published: 18 April 2006
PDF: 9 pages
Proc. SPIE 6241, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2006, 62410U (18 April 2006); doi: 10.1117/12.664752
Show Author Affiliations
Qiao Yan, Shenzhen Univ. (China)
Tsinghua Univ. (China)
Jianping Yu, Shenzhen Univ. (China)


Published in SPIE Proceedings Vol. 6241:
Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2006
Belur V. Dasarathy, Editor(s)

© SPIE. Terms of Use
Back to Top