A Hybrid Model for Immune Inspired Network Intrusion Detection

  • Robert L. Fanelli
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5132)


This paper introduces a hybrid model for network intrusion detection that combines artificial immune system methods with conventional information security methods. The Network Threat Recognition with Immune Inspired Anomaly Detection, or NetTRIIAD, model incorporates misuse-based intrusion detection and network monitoring applications into an innate immune capability inspired by the immunological Danger Model. Experimentation on a prototype NetTRIIAD implementation demonstrates improved detection accuracy in comparison with misuse-based intrusion detection. Areas for future investigation and improvement to the model are also discussed.


Intrusion Detection Anomaly Detection Artificial Immune System Network Intrusion Detection Dendritic Cell Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aickelin, U., Bentley, P., Kim, J., McLeod, J., Cayzer, S.: Danger Theory: The Link between AIS and IDS? In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 147–155. Springer, Heidelberg (2003)Google Scholar
  2. 2.
    Aickelin, U., Cayzer, S.: The Danger Theory and Its Application to Artificial Immune Systems. In: 1st International Conference on Artificial Immune Systems (ICARIS 2002), University of Kent, Canterbury, UK, pp. 141–148 (2002)Google Scholar
  3. 3.
    Beale, J., Caswell, B., Kohlenberg, T., Poor, M.: Snort 2.1 Intrusion Detection. Syngress Publishing, Rockland (2004)Google Scholar
  4. 4.
    Chen, B.C., Yegneswaran, V., Barford, P., Ramakrishnan, R.: Toward a Query Language for Network Attack Data. In: 22nd International Conference on Data Engineering Workshops (ICDEW 2006), pp. 28–36. IEEE Press, New York (2006)CrossRefGoogle Scholar
  5. 5.
    DeCastro, L., Timmis, J.: Artificial Immune Systems: A New Computational Intelligence Approach. Springer, Heidelberg (2002)Google Scholar
  6. 6.
    Deri, L., Suin, S., Maselli, G.: Design and Implementation of an Anomaly Detection System: an Empirical Approach. In: TERENA Network Conference, Zagreb, Croatia (2003)Google Scholar
  7. 7.
    Forrest, S., Hofmeyr, S.A., Somayaji, A.: Computer immunology. Communications of the ACM 40(10), 88–96 (1997)CrossRefGoogle Scholar
  8. 8.
    Galil, Z., Italiano, G.F.: Data structures and algorithms for disjoint set union problems. ACM Computing Surveys 23(3), 319–344 (1991)CrossRefGoogle Scholar
  9. 9.
    Galstad, E.: Nagios Home Page (2007),
  10. 10.
    Greensmith, J., Aickelin, U., Cayzer, S.: Introducing Dendritic Cells as a Novel Immune-Inspired Algorithm for Anomaly Detection. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 153–167. Springer, Heidelberg (2005)Google Scholar
  11. 11.
    Greensmith, J., Aickelin, U., Twycross, J.: Articulation and Clarification of the Dendritic Cell Algorithm. In: Bersini, H., Carneiro, J. (eds.) ICARIS 2006. LNCS, vol. 4163, pp. 404–417. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Greensmith, J., Twycross, J., Aickelin, U.: Dendritic Cells for Anomaly Detection. In: Proceedings of the IEEE Congress on Evolutionary Computation (CEC 2006). IEEE Press, Vancouver (2006)Google Scholar
  13. 13.
    Hofmeyr, S.A., Forrest, S.: Architecture for an Artificial Immune System. IEEE Transactions on Evolutionary Computation 8(4), 443–473 (2000)Google Scholar
  14. 14.
    Kim, J., Bentley, P.: An Artificial Immune Model for Network Intrusion Detection. In: 7th European Congress on Intelligent Techniques and Soft Computing. Aachen (1999)Google Scholar
  15. 15.
    Kim, J., Bentley, P.J.: Towards an Artificial Immune System for Network Intrusion Detection: An Investigation of Dynamic Clonal Selection. In: IEEE Congress on Evolutionary Computation (CEC 2001), pp. 1244–1252. IEEE Press, New York (2002)Google Scholar
  16. 16.
    Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune system approaches to intrusion detection – a review. Natural Computing 6(4), 413–466 (2007)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Kim, J., Greensmith, J., Twycross, J., Aickelin, U.: Malicious Code Execution Detection and Response Immune System Inspired by the Danger Theory. In: Adaptive and Resilient Computing Security Workshop, Santa Fe, NM (2005)Google Scholar
  18. 18.
    Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks 34, 579–595 (2000)CrossRefGoogle Scholar
  19. 19.
    Matzinger, P.: Tolerance, Danger, and the Extended Family. Annual Review of Immunology 12, 991–1045 (1994)Google Scholar
  20. 20.
    Matzinger, P.: The Danger Model in Its Historical Context. Scandanavian Journal of Immunology 54, 4–9 (2001)CrossRefGoogle Scholar
  21. 21.
    Matzinger, P.: The Danger Model: A Renewed Sense of Self. Science 296, 301–305 (2002)CrossRefGoogle Scholar
  22. 22.
    Matzinger, P.: Friendly and dangerous signals: is the tissue in control? Nature Immunology 8(1), 11–13 (2007)CrossRefGoogle Scholar
  23. 23.
    Snort: Snort - The Open Source Network Intrusion Detection System (2007),
  24. 24.
    Stibor, T., Timmis, J., Eckert, C.: On the Appropriateness of Negative Selection Defined Over Hamming Shape-Space as a Network Intrusion Detection System. In: IEEE Congress on Evolutionary Computation (CEC 2005), pp. 995–1002. IEEE Press, New York (2005)CrossRefGoogle Scholar
  25. 25.
    Tedesco, G., Twycross, J., Aickelin, U.: Integrating Innate and Adaptive Immunity for Intrusion Detection. In: Bersini, H., Carneiro, J. (eds.) ICARIS 2006. LNCS, vol. 4163, pp. 193–202. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Twycross, J., Aickelin, U.: Towards a Conceptual Framework for Innate Immunity. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 112–125. Springer, Heidelberg (2005)Google Scholar
  27. 27.
    Twycross, J., Aickelin, U.: Libtissue - Implementing Innate Immunity. In: IEEE Congress on Evolutionary Computation (CEC 2006), pp. 499–506. IEEE Press, New York (2006)CrossRefGoogle Scholar
  28. 28.
    Yegneswaran, V., Barford, P., Ullrich, J.: Internet Intrusions: Global Characteristics and Prevalence. In: ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, pp. 138–147. ACM Press, New York (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Robert L. Fanelli
    • 1
  1. 1.Department of Information and Computer ScienceUniversity of Hawaii at ManoaHonoluluUSA

Personalised recommendations