Multi-agent Artificial Immune System for Network Intrusion Detection and Classification

  • Amira Sayed A. AzizEmail author
  • Sanaa El-Ola Hanafi
  • Aboul Ella Hassanien
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 299)


A multi-agent artificial immune system for network intrusion detection and classification is proposed and tested in this paper. The multi-layer detection and classification process is proposed to be executed on each agent, for each host in the network. The experiment shows very good results in detection layer, where 90% of anomalies are detected. For the classification layer, 88% of false positives were successfully labeled as normal traffic connections, and 79% of DoS and Probe attacks were labeled correctly. An analysis is given for future work to enhance results for low-presented attacks.


Data Item Intrusion Detection Anomaly Detection Main Agent Detector Agent 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dasgupta, D., Yu, S., Nino, F.: Advances in artificial immune systems: Models and applications. Applied Soft Computing 11(2), 1574–1587 (2011)CrossRefGoogle Scholar
  2. 2.
    Aickelin, U., Greensmith, J., Twycross, J.: Immune system approaches to intrusion detection - a review. In: Artificial Immune Systems, pp. 316–329. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Khoshgoftaar, T.M., Gao, K., Ibrahim, N.H.: Evaluating indirect and direct classification techniques for network intrusion detection. Intelligent Data Analysis 9(3), 309–326 (2005)Google Scholar
  4. 4.
    Kotsiantis, S.B.: Supervised machine learning: A review of classification techniques. Informatica (03505596) 31(3), 249–268 (2007)zbMATHMathSciNetGoogle Scholar
  5. 5.
    Wozniak, M., Grana, M., Corchado, E.: A survey of multiple classifier systems as hybrid systems. Information Fusion 16, 3–17 (2014)CrossRefGoogle Scholar
  6. 6.
    Calvo-Rolle, J.L., Corchado, E.: A bio-inspired knowledge system for improving combined cycle plant control tuning. Neurocomputing 126, 95–105 (2014)CrossRefGoogle Scholar
  7. 7.
    Zhang, H.: The optimality of naive bayes. In: Proceedings of the FLAIRS Conference, vol. 1, pp. 3–9 (2004)Google Scholar
  8. 8.
    Koc, L., Mazzuchi, T.A., Sarkani, S.: A network intrusion detection system based on a hidden nave bayes multiclass classifier. Original Research Article Expert Systems with Applications 39(18), 13492–13500 (2012)CrossRefGoogle Scholar
  9. 9.
    Shi, H.: Best-first decision tree learning. Phd dissertation, The University of Waikato (2007)Google Scholar
  10. 10.
    Kruegel, C., Tóth, T.: Using decision trees to improve signature-based intrusion detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173–191. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Mitchell, T.M.: Machine learning. McGraw Hill (1997) ISBN-10: 0070428077Google Scholar
  12. 12.
    Anderson, J.R.: Machine learning: An artificial intelligence approach. Morgan Kaufmann (1986) ISBN-10: 0934613095Google Scholar
  13. 13.
    Caruana, R., Niculescu-mizil, A.: An empirical comparison of supervised learning algorithms. In: Proceedings of the 23rd International Conference on Machine Learning, pp. 161–168. ACM (2006)Google Scholar
  14. 14.
    Damgaard, C.: Gini coefficient,
  15. 15.
    Aziz, A.S.A., Azar, A.T., Hassanien, A.E., Hanafy, S.E.O.: Continuous features discretization for anomaly intrusion detectors generation. In: Soft Computing in Industrial Applications, pp. 209–221. Springer International Publishing (2014)Google Scholar
  16. 16.
    Aha, D.W., Bankert, R.L.: A comparative evaluation of sequential feature selection algorithms. In: Learning from Data, pp. 199–206. Springer New York (1996)Google Scholar
  17. 17.
    Aziz, A.S.A., Azar, A.T., Hassanien, A.E., Hanafy, S.E.O.: Genetic algorithm with different feature selection techniques for anomaly detectors generation. In: 2013 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 769–774. IEEE (2013)Google Scholar
  18. 18.
    Weka 3: Data mining software in java,
  19. 19.
    Nsl-kdd intrusion detection data set (March 2009),
  20. 20.
    Kdd cup’99 intrusion detection data set (October 2007),
  21. 21.
    Aziz, A.S.A., Hassanien, A.E., Hanafy, S.E.O., Tolba, M.F.: Multi-layer hybrid machine learning techniques for anomalies detection and classification approach. In: 13th International Conference on Hybrid Intelligent Systems (HIS), pp. 216–221. IEEE (2013)Google Scholar
  22. 22.
    Abdel-Aziz, A.S., Hassanien, A.E., Azar, A.T., Hanafi, S.E.-O.: Machine learning techniques for anomalies detection and classification. In: Awad, A.I., Hassanien, A.E., Baba, K. (eds.) SecNet 2013. CCIS, vol. 381, pp. 219–229. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  23. 23.
    Java agent development framework (December 2013),
  24. 24.
    Bellifemine, F., Poggi, A., Rimassa, G.: Developing multi-agent systems with a fipa-compliant agent framework. Software-Practice and Experience (2001)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Amira Sayed A. Aziz
    • 1
    • 3
    Email author
  • Sanaa El-Ola Hanafi
    • 2
  • Aboul Ella Hassanien
    • 2
    • 3
  1. 1.Université Française d’ÉgypteCairoEgypt
  2. 2.Faculty of Computers and InformationCairo UniversityCairoEgypt
  3. 3.Scientific Research Group in Egypt (SRGE)CairoEgypt

Personalised recommendations