Distributed Network Intrusion Detection Systems: An Artificial Immune System Approach

Intrusion detection is the identification of unauthorized use, misuse, and abuse of computer system infrastructures by both system insiders and external intruders. Detecting intrusion in distributed network from outside network segment as well as from inside is a difficult problem. Network based Intrusion Detection System (NIDS) must analyze a large volume of data while not placing a significant added load on the monitoring systems and networks. This paper presents a framework for a distributed network intrusion detection system (dNIDS) based on the artificial immune system concept. In this framework, an adaptive immune mechanism through unsupervised machine learning methods is proposed to classify network traffic into either normal ("self") and suspicious profiles ("non-self") respectively. Experimentally, our approach distributes the NIDS among all connected network segments, allowing NIDS in each segment to identify potential threats individually and enabling the sharing of identified threat vectors between the communicating distributed NIDSs. Analysis of the technique for distribution of this information about threat vectors is presented.