A novel adaptive intrusion detection approach based on comparison of neural networks and idiotypic networks

Although neural networks and idiotypic networks are similar in functions, they are different in many aspects. This paper compares them in topological structures, initializing ways, learning methods, et al. Based on the comparison and combined with pattern recognition technology, this paper proposes a novel adaptive intrusion detection approach using idiotypic networks. Additionally, the approach is compared with detection approach using neural networks. Idiotypic networks' memory and learning abilities, especially their dynamic adjustable ability enable them superior to neural networks in the application for intrusion detection. This paper presents a new detection algorithm according to immune response principles and a new multimutation pattern idiotypic network model to implement the detection algorithm. By utilizing some immune principles, the proposed approach can overcome problems existing in detection approaches based on neural networks. Firstly, idiotypic networks can adjust automatically with presenting of antigens, making new features fused into networks continuously. Thus, this approach needs not to be updated periodically. Secondly, the trained network model can still be changed to learn new features of attacks, so the performance of detecting unknown attacks is improved. Thirdly, clone expansion of antibodies is suppressed by idiotypic effects, thus false positive rate is decreased. Experiments are carried out on Fisher Iris dataset and KDDCUP-99 database to verify the performance of this adaptive detection approach. Compared with the detection approach based on a multilayer perception network, the false positive rate is decreased and the detection accuracy of unknown attacks is increased.