Abstract

Inspired by the principles of biological immune system, an antibody concentration based method for network security situation awareness, referred to as ACnssa, is proposed in this paper. With the concepts and formal definitions of self, non-self, antibody and antigen presented, the principles and framework of ACnssa is described. Following that, the mathematical models of the lifecycle of mature and memory lymphocyte which are used for security situation awareness are established. Experiment results show that a network system can learn what attacks it suffers, where the intrusions occur, whether the intrusions are serious or not. In addition, the system learns what the current attacks are, and where the most serious disastrous area is. Thus, it provides a good solution to the situation awareness of network security.