Positive Selection-Inspired Anomaly Detection Model with Artificial Immune

Network anomaly detection has become the promising aspect of intrusion detection. The existing anomaly detection models depict the detection profiles with a static way, which lack good adaptability and interoperability. Furthermore, the detection rate is low, so they are difficult to implement the real-time detection under the high-speed network environment. In this paper, the excellent mechanisms of self-learning and adaptability in the human immune system are referred and a dynamic anomaly detection algorithm with immune positive selection, named as RAIM, is proposed. In RAIM, the concepts and formal definitions of antigen, antibody, and memory cells in the network security domain are given, the dynamic clonal principle of antibody is integrated, the mechanism of immune vaccination is discussed, and the dynamic evolvement formulations of detection profiles are established (including the detection profiles´ dynamic generation and extinction, dynamic learning, dynamic transformation, and dynamic self-organization), which will accomplish that the detection profiles dynamically synchronize with the real network environment. Our theoretical analysis shows that RAIM is a good solution to network anomaly detection, which increases the veracity and timeliness on anomaly detection.