A nature inspired anomaly detection system using multiple detection engines

The rapid growth of computer networks presents challenges to the single detection engine based system, which has been insufficient in meeting end-users´ requirements in the large-scale distributed complex network. In this paper, multiple detection engines with multi-layered intrusion detection mechanisms are proposed. The principle is to coordinate the results from each single-engine intrusion alert system, by seamlessly integrating with the multiple layered distributed service-oriented structure. An improved hidden Markov model (HMM) is created for the detection engine which is capable of the immunology-based self/nonself discrimination. The classifications of normal and abnormal behaviour of system calls are further examined by an advanced fuzzy-based inference process called HPSOWM. Considering a real benchmark dataset from the public domain, our experimental results show that the proposed scheme can greatly shorten the training time of HMM and reduce the false positive rate significantly. The proposed HPSOWM especially works for the efficient classification of unknown behaviors and malicious attacks.