Applying the danger model to design an intrusion detection system

For many years, the classic self-nonself (SNS) discrimination models have served security experts to build intrusion detection systems (IDSs). However, the recently accumulative evidences have shown that not only can not the SNS models explain a number of documented phenomena, such as transplantation, tumor and autoimmunity in the context of immunology, but also they aren't able to overcome the scaling problems when in face of tremendous network traffic in terms of computer security. In this paper, a novel artificial immune system inspired by danger theory (DT) is proposed for the purposes of detecting intrusion. We have made the best use of the antigen presenting cells (APCs) to analyze endogenous signals, and harnessed the pattern recognition receptors (PRRs) for the recognition of exogenous signals. Based on the two types of signals, we establish a dynamic detection algorithm to gear to the complex network environment, improving the false positive and false negative.