Artificial Immune Algorithm Based Intrusion Detection System Research

This thesis focuses on the combination of a set of artificial immune algorithms and their application to intrusion detection. Three evolutionary algorithms are investigated, each based on one process from the human immune system. It is demonstrated that these three algorithms, negative selection, clone selection and gene library evolution, lead to self-organization in the artificial immune intrusion detection system. In addition, the attributes required for effective intrusion detection are analyzed in depth.This thesis makes the following six main contributions. 1) The components of human immune systems that are crucial to the improvement of AIS for intrusion detection are identified. 2) An improved systematic framework for AIS for network intrusion detection is introduced by combining three evolutionary stages: negative selection, clone selection and gene library maintenance. It is demonstrated that this framework can fulfill the role of a network-based intrusion detection system. 3) It is demonstrated that the negative selection algorithm employed for this thesis has a severe scaling problem when applied in a real network environment. 4) It is demonstrated that a static clonally selection algorithm with a negative selection operator achieves efficient niche maintenance and acceptable self-tolerance. 5) A dynamic clonally selection algorithm that combines three evolutionary stages allows the AIS to be adaptable to dynamically changing antigen behaviors. The effect of three parameters on the behavior of the dynamic clonally selection algorithm is analyzed. These parameters are: tolerance period, activation threshold and life span. Satisfactory TP and FP rates are obtained by setting these parameters to appropriate values. 6) It is demonstrated that the extended dynamic selection algorithm which simulates the gene library evolution using hypermutation further advances the performance of AIS.These contributions support the conclusion of this thesis: that an artificial immune model harnessing the three evolutionary stages demonstrates adaptability to continuously changing environments, dynamically learning the fluid patterns of 'self, and detecting new patterns of non-self.