Document Type

Conference Proceeding

Publication Date



Today's signature-based intrusion detection systems are reactive in nature and storage-limited. Their operation depends upon catching an instance of an intrusion or virus and encoding it into a signature that is stored in its anomaly database, providing a window of vulnerability to computer systems during this time. Further, the maximum size of an Internet Protocol-based message requires the database to be huge in order to maintain possible signature combinations. In order to tighten this response cycle within storage constraints, this paper presents an innovative Artificial Immune System-inspired Multiobjective Evolutionary Algorithm. This distributed intrusion detection system (IDS) is intended to measure the vector of tradeoff solutions among detectors with regard to two independent objectives: best classification fitness and optimal hypervolume size. Our antibody detectors promiscuously monitor network traffic for exact and variant abnormal system events based on only the detector's own data structure and the application domain truth set, responding heuristically. Applied to the MIT-DARPA 1999 insider intrusion detection data set, our software engineered algorithm correctly classifies normal and abnormal events at a high level which is directly attributed to a detector affinity threshold.


©2007 Association for Computing Machinery.

AFIT Scholar furnishes the accepted draft of this conference paper. The version of record, as published by ACM in the proceedings, is available to subscribers through the DOI link on this page.

Shared in accordance with ACM's green open access policies found at their website.

Source Publication

9th Annual Conference Companion on Genetic and Evolutionary Computation