文献类型：期刊文献

英文题名：Dynamically Real-time Anomaly Detection Algorithm with Immune Negative Selection

作者：Peng, Lingxi[1];Chen, Wenbin[1];Xie, Dongqing[1];Gao, Ying[1];Liang, Chunlin[2]

机构：[1]Guangzhou Univ, Dept Comp & Educ Software, Guangzhou 510006, Guangdong, Peoples R China;[2]Guangdong Ocean Univ, Sch Informat, Zhanjiang 524088, Peoples R China

年份：2013

卷号：7

期号：3

起止页码：1157

外文期刊名：APPLIED MATHEMATICS & INFORMATION SCIENCES

收录：SCI-EXPANDED(收录号：WOS:000317461000038)、、WOS

基金：The authors acknowledge the financial support of the National Natural Science Foundation of China under Grant No. 61100150 and No. 11271097, and the Natural Science Foundation of Guangdong Province of China under Grant No. S2011040004528, No. S2011040004121 and No. S2011040003843.

语种：英文

外文关键词：Artificial immune; network anomaly detection; negative selection; intelligent system

外文摘要：Network anomaly detection has become the promising aspect of intrusion detection. The existing anomaly detection models depict the detection profiles with a static way, which lack good adaptability and interoperability. Furthermore, the detection rate is low, so they are difficult to be deployed the realtime detection under the high-speed network environment. In this paper, the excellent mechanisms of self-learning and adaptability in the human immune system are referred and a dynamic anomaly detection algorithm with immune negative selection, named as DADAI, is proposed. The concepts and formal definitions of antigen, antibody, and memory cells in the network security domain are given; the dynamic clonal principle of antibody is integrated; the mechanism of immune vaccination is discussed, and the dynamic evolvement formulations of detection profiles are established (including the detection profiles' dynamic generation and extinction, dynamic learning, dynamic transformation, and dynamic self-organization), which will accomplish that the detection profiles dynamically synchronize with the real network environment. Both our theoretical analysis and experimental results show that DADAI is a good solution to network anomaly detection, which increase the veracity and timeliness on anomaly detection problem.