Skip to Main Content
Results of an experimental study of an anomaly detection system based on the paradigm of artificial immune systems (AISs) are presented. Network traffic data are mapped into antibodies or antigenes either by using selected general parameters of the traffic or by using selected protocols headers. Similarities between signatures of attackers and antibodies are measured either using Euclidean distance or normalized Hamming distance. We study the influence of different methods of generation of antibodies and the traffic data coding on the performance of the anomaly detection system.