Clonal Selection-Based Surveillance Algorithm for Transmission Control Protocol Anomaly Network Behavior

The dynamic nature and complexity of Internet make the surveillance of network behavior more and more difficult. To effectively survey anomaly network behaviors, the clonal selection principle is used to construct a surveillance algorithm for transmission control protocol (TCP) anomaly network behaviors in this paper. In the proposed algorithm, TCP network data are collected. Key features of network data are extracted to be the source data for the surveillance of network behavior. Network feature data are pretreated to create the data set of network operation. Common characteristics of network operations are estimated to create the data set of network behavior. The normal network behavior library and anomaly network behavior library are constructed to provide fundamental training data for the surveillance of network behavior. Essential mechanisms of the clonal selection principle are simulated. The data sets of monitor are defined. Three stages of dynamic evolution of monitors are simulated. The match method for monitor and network behavior are constructed to recognize different kinds of anomaly network behavior to survey TCP anomaly network behaviors.