Dynamically Real-time Anomaly Detection Algorithm with Immune Negative Selection

Network anomaly detection has become the promising aspect of intrusion detection. The existing anomaly detection models depict the detection profiles with a static way, which lack good adaptability and interoperability. Furthermore, the detection rate is low, so they are difficult to be deployed the realtime detection under the high-speed network environment. In this paper, the excellent mechanisms of self-learning and adaptability in the human immune system are referred and a dynamic anomaly detection algorithmwith immune negative selection, named as DADAI, is proposed. The concepts and formal definitions of antigen, antibody, and memory cells in the network security domain are given; the dynamic clonal principle of antibody is integrated; the mechanism of immune vaccination is discussed, and the dynamic evolvement formulations of detection profiles are established (including the detection profiles’ dynamic generation and extinction, dynamic learning, dynamic transformation, and dynamic self-organization), which will accomplish that the detection profiles dynamically synchronize with the real network environment. Both our theoretical analysis and experimental results show that DADAI is a good solution to network anomaly detection, which increase the veracity and timeliness on anomaly detection problem.