Detecting Danger: The Dendritic Cell Algorithm

TL;DR

The paper introduces the Dendritic Cell Algorithm (DCA), inspired by the immune system, for intrusion detection, demonstrating effective detection of port scans and botnets with low false positives.

Contribution

It develops an abstract model of dendritic cell behavior and creates a novel algorithm for intrusion detection based on immunological principles.

Findings

Effective detection of port scans and botnets

Low false positive rates in intrusion detection

Collaborative development with immunologists

Abstract

The Dendritic Cell Algorithm (DCA) is inspired by the function of the dendritic cells of the human immune system. In nature, dendritic cells are the intrusion detection agents of the human body, policing the tissue and organs for potential invaders in the form of pathogens. In this research, and abstract model of DC behaviour is developed and subsequently used to form an algorithm, the DCA. The abstraction process was facilitated through close collaboration with laboratory- based immunologists, who performed bespoke experiments, the results of which are used as an integral part of this algorithm. The DCA is a population based algorithm, with each agent in the system represented as an 'artificial DC'. Each DC has the ability to combine multiple data streams and can add context to data suspected as anomalous. In this chapter the abstraction process and details of the resultant algorithm are given. The algorithm is applied to numerous intrusion detection problems in computer security including the detection of port scans and botnets, where it has produced impressive results with relatively low rates of false positives.