Anomaly detection in TCP/IP networks using immune systems paradigm

The paper presents an architecture of an anomaly detection system based on the paradigm of artificial immune systems (AISs). Incoming network traffic data are considered by the system as signatures of potential attackers by mapping them into antigens of AISs either using some parameters of network traffic or headers of selected TCP/IP protocols. A number of methods of generation of antibodies (anomaly detectors) were implemented. The way of anomaly detection depends on the method of antibodies generation. The paper presents results of an experimental study performed with use of real data and shows how the performance of the anomaly detection system depends on traffic data coding and methods of generation of detectors.