An Immunity-Based Dynamic Multilayer Intrusion Detection System

  • Gang Liang
  • Tao Li
  • Jiancheng Ni
  • Yaping Jiang
  • Jin Yang
  • Xun Gong
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4115)


A real computer network produces new network traffic continuously in real time, thus the normal behaviors of network traffic are different in different time, but the self set of current network detection systems based on immunity are static. If the network environments change, the false negative rates and false positive rates will increase rapidly. So the traditional method can not adapt to changing network environments. In order to get over the limitation of the traditional means, an immunity-based dynamic intrusion detection system is proposed in this paper. In the proposed model, a dynamic renewal process of self set is described in detail. In addition, we establish a new set to improve the detection precision and shorten the training phase by adding the characters of the current known attacks to memory cell set. The experimental results show that the new model not only reduces the false negative rates and false positive rates effectively but also has the feature to adapt to continuous changing network environments.


Intrusion Detection Internet Protocol Anomaly Detection Intrusion Detection System Artificial Immune System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Steven, A.H.: An Immunological Model of Distributed Detection and Its Application to Computer Security. USA, University of New Mexico (1999)Google Scholar
  2. 2.
    Li, T.: Computer Immunology. Publishing House of Electronics Industry, Beijing (2004)Google Scholar
  3. 3.
    Jonathan, I.T.: Artificial Immune System:A Ovel Data Analysis Technique Inspired by The Immune Network Theory. University of Wales, Wales (2001)Google Scholar
  4. 4.
    Kim, J.W., Bentley, P.J.: Towards An Artificial Immune System for Network Intrusion Detection. The Congress on Evolutionary Computation, Honolulu, 1015–1020 (2002)Google Scholar
  5. 5.
    Kim, J.W., Bentley, P.J.: Immune Memory in the Dynamic Clonal Selection Algorithm. In: Proceedings of the First International Conference on Artificial Immune Systems (ICARIS), Canterbury, pp. 57–65 (2002)Google Scholar
  6. 6.
    Inoue, H., Forrest, S.: Anomaly Intrusion Detection in Dynamic Execution Environments. In: New Security Paradigms Workshops (2002)Google Scholar
  7. 7.
    Li, T.: Idid: An Immunity-Based Dynamic Intrusion Detection Model. Science in china, 1912–1919 (2005)Google Scholar
  8. 8.
    Esponda, F., Forrest, S., Helman, P.: A Formal Framework for Positive and Negative Detection. IEEE Transactions on Systems, Man, and Cybernetics 34, 357–373 (2004)CrossRefGoogle Scholar
  9. 9.
    Esponda, F., Forrest, S., Helman, P.: Positive and Negative Detection. IEEE Transactions on Systems, Man and Cybernetics (2002)Google Scholar
  10. 10.
    Hofmeyr, S., Forrest, S.: Architecture for an Artificial Immune System. In: Evolutionary Computation, vol. 7(1), pp. 1289–1296. Morgan-Kaufmann, San Francisco (2000)Google Scholar
  11. 11.
    Kim, J.W.: Integrating Artificial Immune Algorithms for Intrusion Detection, PhD Thesis, Department of Computer Science, University College London (2002)Google Scholar
  12. 12.
    Chao, D.L., Davenport, M.P., Forrest, S., Perelson, A.S.: Stochastic Stage-Structured.: Modeling of the Adaptive Immune System. In: Proceedings of the IEEE Computer Society Bioinformatics Conference, pp. 124–131 (2003)Google Scholar
  13. 13.
    Li, T.: A New Model for Dynamic Intrusion Detection. LNCS, pp. 72–84. Springer, Berlin, Heidelberg, New York (2005)Google Scholar
  14. 14.
    Li, T.: An Immune Based Dynamic Intrusion Detection Model. Chinese Science Bulletin, 2650–2657 (2005)Google Scholar
  15. 15.
    Li, T.: An Immunity Based Network Security Risk Estimation. Science in China Ser. F Information Sciences, 557–578 (2005)Google Scholar
  16. 16.
    Li, T.: An Immune-Based Model for Computer Virus Detection. LNCS, pp. 59–71. Springer, Berlin, Heidelberg, New York (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Gang Liang
    • 1
  • Tao Li
    • 1
  • Jiancheng Ni
    • 1
  • Yaping Jiang
    • 1
  • Jin Yang
    • 1
  • Xun Gong
    • 1
  1. 1.Department of Computer ScienceSichuan UniversityChengduChina

Personalised recommendations