Immune Mobile Agent and Its Application in Intrusion Detection System

  • Yongzhong LiEmail author
  • Chunwei Jing
  • Jing Xu
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 165)


In current distributed intrusion detection systems, the data is collected mostly using distributed component to collect data sent for processing center. Data is analyzed in the processing center. Nevertheless, these models have the following problems: bad real time capability, bottleneck, and single point of failure. In addition, because of the low detecting speed and high false positive rate of traditional intrusion detection system. In order to overcome these shortcomings of current intrusion detection techniques, we have constructed an immune agent by combining immune system with mobile agent. a new distributed intrusion detection model based on mobile agent is proposed in this paper. Intelligent and mobile characteristics of the agent are used to make computing move to data. Analysis shows that the network load can be reduced and the real time capability of the system can be improved with the new model. The system is robust and fault-tolerant. Because mobile agent only can improve the structure of system, dynamic clonal selection algorithm is adopted for reducing false positive rate. The simulation results on KDD99 data set prove that the new model has low false positive rate and high detection rate.


mobile agent immune agent network security distributed intrusion detection 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Hunteman, W.: Automated information system – (AIS) alarm system. In: Proc. of the 20th NIST-NCSC National Information Systems Security Conference, pp. 394–405 (1997)Google Scholar
  2. 2.
    Staniford-Chen, S., Cheung, S., Crawford, R., et al.: GrIDS: a graph based intrusion detection system for large networks. In: Proc. of the 19th National Information Systems Security Conference, National Institute of Standards and Technology, vol. 1, pp. 361–370. (1996)Google Scholar
  3. 3.
    Porras, P.A., Neumann, P.G.: EMERALD: event monitoring enabling responses to anomalous live disturbances. In: Proc. of the 20th National Information Systems Security Conference, National Institute of Standards and Technology, p. 13 (1997)Google Scholar
  4. 4.
    Spafford, E.H.: Intrusion detection using autonomous agent. Computer Networks 3(4), 547–570 (2000)CrossRefGoogle Scholar
  5. 5.
    Dasgupta, D., Brian, H.: Mobile security agent for network traffic analysis. In: Proc. of DARPA Information Survivability Conference and Exposition II (DISCEX-II), Anaheium, CA, pp. 332–340 (June 2001)Google Scholar
  6. 6.
    Jansen, W., Mell, P., Karygiannis, T., Marks, D.: Mobile agents in intrusion detection and response. In: Proc. of the 12th Annual Canadian Information Technology Security Symposium, Ottawa, Canada, p. 12 (June 2000)Google Scholar
  7. 7.
    Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security 6, 151–180 (1998)Google Scholar
  8. 8.
    Kim, J., Bentley, P.: Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection. In: Proc. of the Congress on Evolutionary Computation, Honolulu, USA, pp. 1015–1020 (2002)Google Scholar
  9. 9.
    Li, Y., Wang, R., Xu, J.: A Novel Distributed Intrusion Detection Model Based on Immune Mobile Agent. In: Proc. of WISA 2009, International Symposium on Web Information Systems and Applications, Nanchang, China (March 2009)Google Scholar
  10. 10.
    Kim, J., Bentley, P., Aickelin, U., et al.: Immune system approaches to intrusion detection- a review. Natural Computting 6, 413–466 (2007)MathSciNetzbMATHCrossRefGoogle Scholar
  11. 11.
    Aickelin, U., Greensmith, J., Twycross, J.: Immune System Approaches to Intrusion Detection – A Review. In: Nicosia, G., Cutello, V., Bentley, P.J., Timmis, J. (eds.) ICARIS 2004. LNCS, vol. 3239, pp. 316–329. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Glickman, M., Balthrop, J., Forrest, S.: A machine learning evaluation of an artificial immune system. Evolutionary Computation 13(2), 179–212 (2005)CrossRefGoogle Scholar
  13. 13.
    Gomez, J., Gonzalez, F., Dasgupta, D.: An immune-fuzzy approach to anomaly detection. In: Proc. of the 12th IEEE International Conference on Fuzzy Systems (FUZZIEEE), vol. 2, pp. 1219–1224 (May 2003)Google Scholar
  14. 14.
    Zainal, A., Maarof, M.A., Shamduddin, S.M.: Feature selection using rough set in intrusion detection. In: Proc. IEEE TENCON, p. 4 (2006)Google Scholar
  15. 15.
    Kim, B.J., Kim, I.K.: Kernel based intrusion detection system. In: Proc. IEEE ICIS, p. 6 (2005); Eason, G., Noble, B., Sneddon, I.N.: On certain integrals of Lipschitz-Hankel type involving products of Bessel functions. Phil. Trans. Roy. Soc. London A247, 529–551 (1955)Google Scholar

Copyright information

© Springer-Verlag GmbH Berlin Heidelberg 2012

Authors and Affiliations

  1. 1.School of Computer Science and EngineeringJiangsu University of Science and TechnologyZhenjiangChina
  2. 2.College of Information EngineeringYancheng Institute of TechnologyYanchengChina

Personalised recommendations