An efficient proactive artificial immune system based anomaly detection and prevention system

• Self-tuning and detector power is introduced to address improper coverage of NSA.
• Cooperation among agents makes correct identification of anomaly and lower FAR.
• EPAADPS improves anomaly detection and reduces FAR compared to state of art.
• Preventive mechanism identifies and contains novel and zero day attacks.

Artificial Immune System (AIS) is inspired from Biological Immune System (BIS) and demonstrates a lot of interesting facets and intelligence that include self-learning, self adaption, self regulatory, distributed with self/non-self detection capabilities. Due to these astonishing qualities AIS are predominantly used in anomaly detection where anomalies are treated as non-self that needs to be detected. Therefore, AIS appears appropriate for development of a proactive system to identify and prevent novel and unseen anomalies. This paper presents “An Efficient Proactive Artificial Immune System based Anomaly Detection and Prevention System (EPAADPS)” which embodies immune attributes to distinguish self and non-self in quest to identify and prevent novel, unseen anomalies. Negative Selection Algorithm (NSA) is a key AIS concept and is used for anomaly detection in various publications. Despite its relative success, detector selection and thereafter anomaly detection demands a more effective algorithm. This paper put forwards concept of self-tuning of detectors and detector power in NSA with the intension to make a detector evolve and facilitate better and correct self and non-self coverage. Thereafter, agents accompanying detectors collaborate and communicate between themselves to proactively discover correct anomalies and then take appropriate preventive measures. The performance of EPAADPS is contrasted with closely related state of art RNS algorithm using real valued representation and Euclidean distance. Experimental results revels promising EPAADPS performance which very comfortably outperforms the RNS. Furthermore, these results also demonstrate that EPAADPS shows remarkable resilience and intelligence in detecting novel unseen anomalies and with preventive measures to overcome the threat perception.