A New Intrusion Detection System using the Improved Dendritic Cell Algorithm

TL;DR

This paper introduces an improved Dendritic Cell Algorithm for network intrusion detection, emphasizing biologically inspired data sampling and adaptive thresholds, resulting in better detection performance on the UNSW-NB15 dataset.

Contribution

It proposes a novel immune-inspired sampling strategy and adaptive migration threshold for the DCA, enhancing its effectiveness in intrusion detection tasks.

Findings

Higher capability of intrusion detection (CID) compared to standard DCA

Outperforms other methods on the UNSW-NB15 dataset

Reduces randomness and uncertainty in detection cycles

Abstract

The Dendritic Cell Algorithm (DCA) as one of the emerging evolutionary algorithms is based on the behavior of the specific immune agents; known as Dendritic Cells (DCs). DCA has several potentially beneficial features for binary classification problems. In this paper, we aim at providing a new version of this immune-inspired mechanism acts as a semi-supervised classifier which can be a defensive shield in network intrusion detection problem. Till now, no strategy or idea has already been adopted on the GetAntigen() function on detection phase, but randomly sampling entails the DCA to provide undesirable results in several cycles in each time. This leads to uncertainty. Whereas it must be accomplished by biological behaviors of DCs in tissues, we have proposed a novel strategy which exactly acts based on its immunological functionalities of dendritic cells. The proposed mechanism focuses on two items: First, to obviate the challenge of needing to have a preordered antigen set for computing danger signal, and the second, to provide a novel immune-inspired idea in order to non-random data sampling. A variable functional migration threshold is also computed cycle by cycle that shows necessity of the Migration threshold (MT) flexibility. A significant criterion so called capability of intrusion detection (CID) used for tests. All of the tests have been performed in a new benchmark dataset named UNSW-NB15. Experimental consequences demonstrate that the present schema dominates the standard DCA and has higher CID in comparison with other approaches found in literature.