Intrusion detection oriented distributed negative selection algorithm

The negative selection algorithm proposed by Forrest et al. (1994) is a very significant change detection algorithm based on the generation process of T-Cells process in biological system. But when negative selection algorithm is used in distributed intrusion detection, the first problem that we meet is how to distribute the detectors in all detection workstations. To resolve this problem, this paper proposed a novel distributed negative selection algorithm based on the original negative selection algorithm. The core of this distributed negative selection algorithm is the distributing strategy. Two kinds of distributing strategies, random distributing strategy and greedy distributing strategy are given. Then we compared the performance of random distributing strategy and greedy distributing strategy. The experimental results show that: (1) distributed negative selection algorithm can avoid the problem of single point failure, when a part of detection workstations fails, the detection rate does not descend quickly; and (2) when some detection workstations fail, greedy distributing strategy can maintain better detection rate than random distributing strategy.