A novel immune detector training method for network anomaly detection

The artificial immune system and network anomaly detection system are developed with common goals and principles considered. Moreover, artificial immune-based network anomaly detection can adaptively learn and dynamically detect threats. However, existing immune recognition algorithms suffer from the curse of dimensionality, hole problems, and detector inefficiency tolerance. In this paper, we proposed a novel immune detector training mechanism for network anomaly detection. First, a hybrid filter embedded feature selection algorithm is designed to comprehensively evaluate features and select the optimal subset. Then, candidate detectors are generated based on self antigens, and the nonself region is represented using complementary space to circumvent the hole problem. Finally, considering the training efficiency during the evolution of the candidate detectors, an antigen clustering feature tree is constructed to rapidly index the tolerance objects. Furthermore, the algorithm considers the effect of the collaboration of multiple mature detectors on candidate detectors, and a Monte Carlo-based coverage estimation algorithm is designed to achieve more accurate and fine-grained maturation tolerance of candidate detectors. The theoretical analysis shows that the time complexity of our algorithm is significantly reduced. The experimental results show that our algorithm not only improves the detection accuracy but also reduces the time cost of detector training.