Implementation of dendritic cell algorithm as an anomaly detection method for port scanning attack

One of the problems in the computer security system is port scanning attack. There are several detection systems have been developed to find out the occurrence of port scanning attack, one of them is anomaly detection method. A mechanism on how to implement the detection process in a more simple and effective way is a real serious challenge. In this paper, we design a simple implementation of anomaly detection system based on dendritic cell algorithm, which is the part of danger theory on artificial immunology system. To determine a reviewed process tends to be anomalous, anomaly threshold coefficient is defined. The calculated value of anomaly threshold, 0.4759933 is quite valid and representative in order to determine the nature of anomaly of a process. Based on the test result, Nmap process which has 0.6164136 as the average MCAV value can be classified as an anomaly process within the host computer. Meanwhile, the three other reviewed processed, i.e. Bash, SSH, and SCP always have the average MCAV values below the defined anomaly threshold value, so these can be classified as normal processes.