Host-based intrusion detection systems adapted from agent-based artificial immune systems

Agent-based artificial immune system (ABAIS) is adopted to intrusion detection system (IDS). An agent-based IDS (ABIDS) inspired by the danger theory of human immune system is proposed. Multiple agents are embedded to ABIDS, where agents coordinate one another to calculate mature context antigen value (MCAV) and update activation threshold for security responses. The intelligence behind ABIDS is based on the danger theory and the functionalities of dendritic cells in human immune systems, while dendritic cells agents (DC agent) are emulated for innate immune subsystem and artificial T-cell agents (TC agent) are for adaptive immune subsystem. Antigens are profiles of system calls while corresponding behaviors are regarded as signals. This ABIDS is based on the dual detections of DC agents for signals and TC agents for antigens. ABAIS is an intelligent system with learning and memory capabilities. According to MCAVs, immune response to malicious behaviors is activated by either computer host or Security Operating Center. Accordingly, computer hosts met with malicious intrusions can be effectively detected by input signals and temporary output signals such as PAMP, danger and safe signals. (C) 2012 Elsevier B.V. All rights reserved.