A Three-Level-Module Adaptive Intrusion Detection System

Based on the Danger theory, the immune network theory and the decision templates fusion algorithm, a three-level-module adaptive intrusion detection system (TAIDS) is presented in this paper. To consider the effect of danger signals, the results of decision templates algorithm are redefined by adding a kind of suspicion signal. So, the detection templates should be modified online, and a template-adjustable adaptive decision fusion algorithm is proposed. There are two benefits in the TAIDS. First, when it is difficult to distinguish current behaviors depending on familiar features, The TAIDS will discriminate them by means of danger theory, making false alarms reduced and the ability of identifying novel attacks enhanced. Second, the adaptive decision templates algorithm allows detection templates to modify dynamically without periodical updating. Experiments are carried out on KDD-CUP-99 database to verify the performance of this system. The false positive rate is 2.27%,and the accuracies on known attacks and on unknown attacks are respectively 97.67% and 98.75%.