A new classification process for network anomaly detection based on negative selection mechanism

Abstract

Attacks on computer networks have become a major threat due to the extensive use of internet in daily life. These attacks lead, mostly in huge financial losses and massive sensitive data leaks. Intrusion Detection Systems (IDS) are one of the security tools widely deployed in network architectures in order to monitor, to detect and eventually respond to any suspicious activity in the network. We propose in this paper a new approach for Network Anomaly Detection based on Negative Selection process (NADNS). The Negative Selection (NS) process in the biological point of view is the principle of discriminating between self-cells and non-self-cells which is highly consistent with the classification problem (normal/anomaly) in intrusion detection. Based on a reduced dataset with a filter-based feature selection technique, NADNS generates a set of detectors (Antibodies) and uses them to classify events (instances) as anomaly or normal. The accuracy of NADNS is tested with two intrusion detection datasets: NSL-KDD and Kyoto2006+. The comparative results with another Immune System-based algorithm namely CLONALG show that NADNS outperform CLONALG regarding the detection rate, the False Positive rate and f-measure.