Summary: DANGER THEORY: THE MISSING LINK BETWEEN
ARTIFICIAL IMMUNE SYSTEMS AND INTRUSION
Creating a next generation Intrusion Detection System based on the latest Immunological
AISB Quarterly, Issue 115, pp 1-2, 2004.
The central challenge with computer security is determining the difference between normal and
potentially harmful activity. For half a century, developers have protected their systems by coding rules
that identify and block specific events. However, the nature of current and future threats in conjunction
with ever larger IT systems urgently requires the development of automated and adaptive defensive
A promising solution is emerging in the form of Artificial Immune Systems (AIS): The Human
Immune System (HIS) can detect and defend against harmful and previously unseen invaders, so can
we not build a similar Intrusion Detection System (IDS) for our computers? Presumably, those systems
would then have the same beneficial properties as HIS like error tolerance, adaptation and self-
Current AIS have been successful on test systems, but the algorithms were unable to scale up to real-
world requirements. This is caused by their reliability on self-nonself discrimination, as stipulated in
classical immunology. However, immunologist are increasingly finding fault with traditional self-
nonself thinking and a new `Danger Theory' (DT) is emerging.