A Novel Intrusion Detection Model Based on Danger Theory

As the traditional negative selection, clonal selection algorithms predefine one part of antigens to be self (the training set) in intrusion detection applications, but in practice the self is difficult to define and can change over time. With the change of the self, error detection rate increases sharply. A recently developed hypothesis in immunology, the Danger Theory, states that our immune system responds to the presence of intruders through sensing molecules belonging to those invaders, plus signals generated by the host indicating danger and damage. Integrating the ldquoDanger Theoryrdquo, negative selection and immune memory, the paper proposes a novel artificial immune model for intrusion detection. The paper considers the coordination of DCs in the innate immune system and T cells in the adaptive immune system. At the same time the paper focuses on how to define ldquodanger signalsrdquo and considers whether to have a danger to the protected system as the basis of defining ldquoself-nonselfrdquo, in which the self is dynamically updated. The theory analysis shows that the dynamic self can improve the problem of error detection rate increasing sharply, and the dual detection method of DCs detecting the behaviors of antigens and T cells detecting the antigens can also significantly decrease error detection rate.