Intrusion detection systems adapted from agent-based artificial immune systems

Agent-based artificial immune system (ABAIS) is applied to intrusion detection systems (IDS). A multiagent-based IDS (ABIDS) inspired by the danger theory of human immune system is proposed. The intelligence behind ABIDS is based on the functionality of dendritic cells in human immune systems and the danger theory, while dentritic cells agents (DC agent) are emulated for innate immune subsystem and artificial T-cell agents (TC agent) are for adaptive immune subsystem. Antigens are profiles of system calls while corresponding behaviors are regarded as signals. This ABIDS is based on the dual detections of DC agent for signals and TC agent for antigen, where each agent coordinates with other to calculate danger value (DV). ABAIS is an intelligent system with learning and memory capabilities. According to DVs, immune response for malicious behaviors is activated by either computer host or Security Operating Center (SOC). Multiple agents are "embedded" to ABIDS, where agents coordinate one another to calculate mature context antigen value (MCAV) and update activation threshold for security responses. Accordingly, computer hosts met with malicious intrusions can be effectively detected via input signals and temporary output signals such as PAMP, danger and safe signals.