Abstract
The goal of an intrusion detection system (IDS) is to monitor activities to detect breaches in security policies of a computer system or a network. This paper focuses on anomaly detection paradigm of IDS. The goal of anomaly-based IDS is to classify intrusion based on system and network activities outside of a normal region. In this paper we employ a multipledetector set artificial immune system, a variation of artificial immune system, to classify intrusion based on features of application layer protocols (e.g., http, ftp, smtp, etc.) in network data flows. Our result shows the multiple-detector set artificial immune system achieved a Detection Rate of 53.34% and a False Positive Rate of 0.20%. The mAIS achieved an accuracy of 76.57%.