Multi Agent Based Intrusion Detection System using Artificial Immune System for Distributed Network

Abstract

To enhance the ability of intrusion detection system (IDS) with detection accuracy and low false positive rate, artificial immune system (AIS) based multi agent IDS is proposed that is inspired by human immune system (HIS). Presented IDS is designed four new algorithms these are mobile agent cloning algorithm, attribute selection algorithm based on danger theory which is filtering unnecessary attributes and giving most appropriate attributes for intrusion detection, detection algorithm based on negative selection technique is the prime algorithm which is detecting intrusions and rule algorithm is the simple and initial level algorithm to find normality or abnormality in the captured packet. Proposed IDS is the combination of misuse and anomaly IDS where architecture is the client server cum distributed IDS architecture. Proposed IDS reducing work load of network administrator and overcome network latency through automation and dynamic adaptation of mobile agent which is implement clonal selection concept of AIS. Proposed IDS is increasing efficiency and detection accuracy by using negative selection concept of AIS to design rule agent and informative agent. Another concept of AIS is danger theory is used to design packet capture & extract packet agent which is support to reduce execution time and improve efficiency. Database agent is used to maintain or update database (training, testing) dynamically during novel information identified. Finally alert agent responded to client host after intrusion detected for further action. These entire agents are the primary and most influential performer of the proposed IDS. Presented IDS identify and focused on most appropriate 13 attributes out of 41 of a packet to detect intrusion and proved that intrusion detection accuracy and intrusion detection rate increased with 0.2% and 0.1% respectively and reduce false positive rate with 0.5%.