Structural TLR algorithm for anomaly detection based on Danger Theory

Artificial Immune Systems have long been used in the field of computer security and especially in Intrusion Detection systems. The first generation of AISs which is inspired only by the adaptive immune system has some weak points and suffers from excessive amount of false alarms. The next generation of AISs is inspired by “Danger Theory” and tries to mimic the innate immune system along with the adaptive immune system of the body. Two algorithms named TLR and DCA are proposed in this new area that both of them are trying to identify the antigens based on a simple identifier. They suffer from low accuracy due to the fact that they are not taking the structure of antigens into account. In this paper we propose an algorithm called STLR (structural TLR), which is an extended form of TLR algorithm. STLR tries to model the interaction of adaptive and innate biological immune system and at the same time considers the structure of the antigens. In this algorithm, each system call represents an antigen whose structure is determined by the system call´s arguments and some other parameters. Our experimental results show that using the structural aspects of an antigen, STLR can lead to a great increase in the detection rate and accuracy.