Avidity-model based clonal selection algorithm for network intrusion detection

To make an immune-inspired network intrusion detection system (IDS) effective, this paper proposes a new framework, which includes our avidity-model based clonal selection (AMCS) algorithm as core element. The AMCS algorithm uses an improved representation for antigens (corresponding to network access patterns) and detectors (corresponding to detection rules). In particular, a bio-inspired technique called gene expression programming (GEP) is integrated with artificial immune system (AIS) in detector representation. In addition, inspired by the avidity model of immunology, this paper also defines new avidity/affinity functions (corresponding to the metric for quantify the interactions between detector and antigens) that take the priorities of attribute into account. Accordingly, the proposed algorithm integrates both negative selection and positive selection with a balance factor k to assign appropriate weights to self and non-self avidity. The well known KDD CUP´99 DATA set is used for performance evaluation. The results show that the intrusion detection based on AMCS provides a higher detection rate of DoS attack, a lower false alarm rate, and a lower detectors generation cost. Our results indicate that breaking the bottleneck of immune-inspired network IDS through adjusting basic elements is feasible and effective.