Abstract
This paper proposes an immunity-based anomaly detection system for network traffic. The system is inspired by the specificity and diversity of the immune system; the system has a user-specific agent for every user, and diverse agents make a decision whether network traffic is normal or abnormal. The system makes use of multiple user profiles, which account for normal user traffic, while conventional anomaly detections have used only the single user profile. The use of multiple profiles leads to an improvement in detection accuracy. In addition, this paper proposes an evaluation framework for the immunity-based anomaly detection system. The evaluation framework is capable of evaluating the differences in detection accuracy between internal and external anomalies. In experiments, the immunity-based method outperformed the conventional method. For internal masquerader detection, the average false acceptance rate was 11.21% with no false alarms. For virus detection, four random-scanning worms and the simulated metaserver worm were detected with no false acceptances and no false alarms, while a simulated passive worm was successfully detected on some of accounts.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Knowledge-based and Intelligent Engineering Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
