Implementation of a Hybrid Artificial Immune System for Autonomous Network Threat Detection

Abstract

This paper is focusing on Modern network security faces increasingly sophisticated cyber threats requiring intelligent, autonomous detection systems. This work introduces an intrusion detection framework inspired by biological immune mechanisms, specifically implementing danger theory and negative selection principles for enhanced threat identification. The system operates independently with minimal human intervention, featuring real-time detection, adaptive learning capabilities, and automated resource management. Our dual-phase methodology first employs danger theory to analyze network traffic and extract distinguishing behavioral features between legitimate and malicious activities, significantly reducing computational requirements while preserving detection accuracy. The second phase utilizes negative selection algorithms for pattern-based threat recognition, effectively identifying known attack signatures while classifying normal traffic and novel intrusions. Experimental evaluation across multiple metrics including detection rate, accuracy, true negative rate, and recall demonstrates superior performance in distinguishing normal behavior, known attacks, and previously unseen threats, with reduced false positives and robust operation in dynamic environments.

Introduction

The text presents a proposed Artificial Immune System (AIS)-based Intrusion Detection System (IDS) designed to detect and classify network attacks efficiently. With the rapid growth of interconnected networks, threats such as Denial of Service (DoS) and unauthorized access have increased, creating a need for intelligent security mechanisms beyond traditional firewalls and access controls.

An Intrusion Detection System (IDS) monitors network or host activities, analyzes traffic patterns, and identifies suspicious behavior. The proposed system applies concepts inspired by the biological immune system, specifically Danger Theory and the Negative Selection Algorithm, to improve intrusion detection accuracy while reducing false alarms.

The proposed AIS-based IDS follows a dual-phase architecture:

1. Danger Theory-Based Feature Selection
   • Captures network packets and analyzes important behavioral characteristics.
   • Filters unnecessary attributes and selects only critical features related to attacks.
   • Reduces the original 41 NSL-KDD dataset attributes to around 12–15 important features, improving processing speed and real-time detection.
   • Important features include protocol type, connection duration, traffic volume, TCP flags, address patterns, and packet timing.
2. Negative Selection-Based Detection
   • Mimics the human immune system’s ability to distinguish between self and non-self cells.
   • Generates detection rules by learning normal traffic patterns and identifying abnormal behavior.
   • Classifies traffic into:
     • Normal traffic
     • Known attacks
     • Unknown threats
   • Detects attack categories such as:
     • DoS (Denial of Service)
     • Probe attacks
     • R2L (Remote-to-Local) attacks
     • U2R (User-to-Root) attacks

The system uses intelligent agents that:

• Collect network packets.
• Store and retrieve information from databases.
• Apply feature selection and detection rules.
• Generate alerts when attacks are identified.
• Adapt automatically by updating detection rules and thresholds.

The framework combines:

• Packet capture and preprocessing
• Danger theory feature extraction
• Negative selection detection
• Classification and alert generation
• Dynamic learning and adaptation

The feature selection process uses a Danger Theory-based Attribute Selection Algorithm (ASA) to remove irrelevant attributes and retain only meaningful intrusion indicators. The detection stage applies a Negative Selection Algorithm to compare packets against stored rules and categorize them as normal, abnormal, or unknown.

The system improves traditional IDS limitations by:

• Reducing computational complexity.
• Minimizing false positives.
• Supporting adaptive learning.
• Providing autonomous monitoring with less human involvement.

Results:

Experimental evaluation shows strong performance:

• Accuracy: approximately 96.3%–99.1%
• Precision: approximately 97.1%–99.2%
• Detection rate: approximately 96.1%–99.3%
• True Negative Rate: approximately 97.5%–99.7%
• False Positive Rate: approximately 0.54%–0.91%

Conclusion

Presented IDS is misuse IDS which is focusing on accuracy, efficiency, reliability, maintainability, dynamic adaptation. The presented IDS is the light weight agent working IDS that work to extract information from data packet, stored strong attribute in database, retrieve the information, match the rule and finally generate alert. Results showed that presented IDS decrease False Positive Rate (FPR) and improved detection accuracy. After analysis of results presented IDS produce TNR which is 0.997 to .975 and FPR from 0.0054 to 0.0091 for iteration one to iteration five. Similarly accuracy 0.991 to 0.963, precision 0.992 to 0.971 and detection rate with 0.993 to 0.961 are varying on each iteration but maximum time it consist or near by 0.99 which is good. Presented results showing the performance of presented IDS over 12 attributes. Another working of presented IDS is that, if working of agent inactivated due to any reason then it identifies issue related with agent and according situation it is adjust automatically which is lead to dynamic adaptation. In Future with the advancement in the network system and agent working is to be redesign. Furthermore, it can upgrade from “AIS based IDS” to “AIS based IDS-and intrusion prevention system (IPS)”.

References

[1] Julie Greensmith and Uwe Aickelin “Firewalls, Intrusion Detection Systems and Anti-Virus Scanners” Computer Science Technical Report No. nottcs- [2] Camilo Gutiérrez Amaya “IDS, Firewall and Antivirus: what you need to have installed” article at https://www.welivesecurity.com/2015/04/30/ids-firewall- antivirus-need-installed/ 2015 [3] Monali S. Gaigoleand Prof. M. A. Kalyankar “The Study of Network Security with Its Penetrating Attacks and Possible Security Mechanisms” International Journal of Computer Science and Mobile Computing IJCSMC2015 [4] Umesh Kumar Singh; Chanchala Joshi “Network security risk level estimation tool for information security measure” IEEE 7th Power India International Conference (PIICON) Pp: 1 – 6 India 2016 [5] Monali S. Gaigoleand Prof. M. A. Kalyankar “The Study of Network Security with Its Penetrating Attacks and Possible Security Mechanisms” International Journal of Computer Science and Mobile Computing IJCSMC, Vol. 4, Issue. 5, pg.728 – 735 May 2015, [6] Aumreesh Kumar, Saxena ,Sitesh Sinha, Piyush Shukla, “A Review on Intrusions Detection System in Mobile Ad-Hoc Network” Proceeding of International conference on Recent Innovations is Signal Processing and Embedded Systems (RISE - 2017), 27th – 29th October, IEEE, 2017. [7] Aumreesh Kumar Saxena, Sitesh Sinha, Piyush Shukla, \"Performance Analysis of Classification Techniques by using Multi Agent Based Intrusion Detection System\", International Journal of Computer Network and Information Security(IJCNIS), Vol.10, No.3, pp.17-24, 2018. DOI:10.5815/ijcnis.2018.03.03 [8] Aumreesh Kumar Saxena, Sitesh Kumar Sinha, Piyush K Shukla, Prashant k Shukla, M. Maheswari, M. Pandey, Ssdhana K “Multi Agent Based Intrusion Detection System using Artificial Immune System for Distributed Network” May 2020 ACM Transactions on Multimedia Computing, Communications and Applications DOI:10.1145/3378544 [9] B. J. Bejoy and S. Janakiraman, “Artificial immune system based intrusion detection systems—a comprehensive review,” Int J Comput Eng Technol, vol. 8, no. 1 Bejoy, B. J. and Janakiraman, S. (2017) ‘Artificial immune system based intrusion detection systems—a comprehensive review’, Int J Comput Eng Technol, 8(1), pp. 85–95., pp. 85–95, 2017. [10] Mr. Suryawanshi G.R, Prof. Vanjale S.B “Mobile Agent for Distributed Intrusion detection System in Distributed System” Publication in\" International Journal of Artificial Intelligence and Computational Research (IJAICR.) \", Pp 1-8, 2010 [11] DuXianFeng and QiangZanXia “A Model of Intrusion Detection System Based on Aglet with Multi-Agent” IEEE International Conference on Computer Application and System Modeling(ICCASM 2010) Volume: 6 Pp: V6-232 - V6-234 china 2010, [12] Rafael Paez, Miguel Tirrer“ laocoonte : An agent based intrusion detection system” 2009 International Symposium on Collaborative Technologies and systems, Pp: 217 - 224, 2009 [13] Aumreesh Kumar Saxena, M. Arshad, Sitesh Sinha Evaluation of Agent Based Host Intrusion Detection System (AHIDS) through Various Classification Techniques Rabindranath Tagore University Journal Vol. IX/Issue XVII September 2019 ISSN: 2278- 4187 [14] Aumreesh Kumar Saxena, S. Sinha and P. Shukla, \"General study of intrusion detection system and survey of agent based intrusion detection system,\" 2017 International Conference on Computing, Communication and Automation (ICCCA), Greater Noida, India, 2017, pp. 471-421, doi: 10.1109/CCAA.2017.8229866. [15] Chandrakant Jain, Aumreesh Kumar Saxena “General Study of Mobile Agent Based Intrusion Detection System (IDS)” Journal of Computer and Communications Vol.4 No.4?April 13, 2016 [16] A. Trivedi, A. Shrivastava, A. Saxena and M. Manoria, \"Survey Analysis on Immunological Approach to Intrusion Detection,\" 2018 International Conference on Advanced Computation and Telecommunication (ICACAT), Bhopal, India, 2018, pp. 1-11, doi: 10.1109/ICACAT.2018.8933710. [17] AnkitaTrivedi , Dr. Aumreesh Kumar Saxena, M. Arshad , Mr. Shivendra Dubey and Dr. Sitesh Kumar Sinha “INTRUSION DETECTION USING BIOLOGICAL INSPIRED IMMUNE SYSTEM” International Journal Of Scientific & Technology Research Volume 8, Issue 10, October 2019 Issn 2277-8616 Pp:1337-1344 [18] S. Alhasan, G. Abdul-Salaam, L. Bayor and K. Oliver, \"Intrusion Detection System Based on Artificial Immune System: A Review,\" 2021 International Conference on Cyber Security and Internet of Things (ICSIoT), France, 2021, pp. 7-14, [19] Hanyuan Huang, Tao Li, Yong Ding, Beibei Li, Ao Liu, “An artificial immunity based intrusion detection system for unknown cyberattacks, Applied Soft Computing, Volume 148, 2023, 110875, ISSN 1568-4946, [20] Ehsan Farzadnia, Hossein Shirazi, Alireza Nowroozi, “A novel sophisticated hybrid method for intrusion detection using the artificial immune system” Journal of Information Security and Applications, Volume 58, 2021, 102721, ISSN 2214-2126. [21] J Greensmith,and A Whitbrook, U Aickelin “Artificial immune systems” Handbook of Metaheuristics, 421-448 2010 [22] Kim J, Bentley P J, Aickelin U, et al. Immune System Approaches to Intrusion Detection - A Review [J]. Natural Computing, 6(4): Pp:413-466 2007. [23] L. de Castro and J. Timmis. An artificial immune network for multimodal function optimization. In Proc. of the Congress on Evolutionary Computation (CEC), volume 1, pages 699-704, Los Alamitos, CA, USA, 2002. IEEE Computer Society. [24] J Kim, PJ Bentley, U Aickelin, J Greensmith, G Tedesco, J Twycross “Immune system approaches to intrusion detection–a review” Natural computing 6 (4), 413-466 2007 [25] U Aickelin, J Greensmith, J Twycross “Immune system approaches to intrusion detection–a review” International Conference on Artificial Immune Systems, 316-329 2004 [26] Nazeema, R. A. ., Kouser, S. ., Hassen, S. M. ., Babikar, N. ., & Adam Boush, M. S. . (2024). An Improved Explainable Artificial Intelligence for Intrusion Detection System in Cloud Environment. International Journal of Intelligent Systems and Applications in Engineering, 12(3), 352–360. [27] Tanksale, V. Intrusion detection system for controller area network. Cybersecurity 7, 4 (2024). https://doi.org/10.1186/s42400-023-00195-4 [28] J. -L. Chen et al., \"AI-Based Intrusion Detection System for Secure AI BOX Applications,\" 2023 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), Bali, Indonesia, 2023, pp. 360-364, doi: 10.1109/ICAIIC57133.2023.10066986.

Copyright

Copyright © 2026 Vivek Rawat, Rakesh Kumar, Aumreesh Kumar Saxena, Sitesh Kumar Sinha. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.