A New Distributed Intrusion Detection Model Based on Immune Mobile Agent

The development direction of intrusion detection system is intelligent and distributed in future. However, current distributed intrusion detection system mostly uses distributed component to collect data then sent to processing center. Data is analyzed in the processing center. These models have the following problems: bad real time capability, bottleneck, and single point of failure. In order to overcome these shortcomings of current intrusion detection techniques, a new distributed intrusion detection model based on mobile agent is proposed in this paper. Intelligent and mobile characteristics of the agent are used to make computing move to data. As mobile agent can only improve the structure of system and can not supply fundamental new detecting techniques, improved dynamic clonal selection algorithm and collaborative signal mechanism are adopted for reducing false positive rate and increasing detection rate in this paper. Finally, the proposed model and algorithm were simulated by KDDpsila99 datasets. Comparing with winning entry of KDDpsila99 classifier learning contest, the proposed model has low false positive rate and higher detection rate in both Dos and Probing attacks, and greatly higher detection rate in U2R attack. Robustness and dynamic adaptability of the system are validated.