Framework of an immunity-based anomaly detection system for user behavior

This paper focuses on anomaly detection in user behavior. We present a review of our immunity-based anomaly detection system, and propose a framework of the immunity-based anomaly detection system with a new mechanism of diversity generation. In the framework, each computer on a LAN generates diverse agents, and the agents generated on each computer are shared with all other computers on the LAN. The sharing of agents contributes to their diversity. In addition, We propose an evaluation framework of immunity-based anomaly detection, which is capable of evaluating the differences in detection accuracy between internal and external malicious users.