Infokommunikacionnye tehnologiiInfokommunikacionnye tehnologii2073-3909Povolzhskiy State University of Telecommunications and Informatics5643210.18469/ikt.2019.17.2.07Research ArticleANOMALY DETECTION PROTOCOL WITH NEGATIVE SELECTION MODULE AND MACHINE LEARNING RULESIvkinA. N-Samara National Research University1506201917218919321122020Copyright © 2019, Ivkin A.N.2019Today, the interest in artificial immune systems has increased many times, as the immune system can solve a large number of problems in the field of computer security. In this article the statistical model of intrusion detection system based on artificial immune system is considered, the sets of detectors in the model are selected on the basis of packet headers. Based on the test results, methods for improving the intrusion detection system are proposed and implemented. The article combines the theory of negative selection and the rules of machine learning in order to propose a new intrusion detection system. To generate detectors, a set of basic rules is developed, using software for data analysis and machine learning, and then new detectors are generated and detailed, inside the negative selection module. During testing the proposed model, using the DARPA1999 data set, the model showed good performance compared to the previous models.artifcial immune systemintrusion detection systemnegative selectionmachine learningискусственная иммунная системасистема обнаружения вторжениянегативная селекциямашинное обучение[Solahuddin B. Shamsuddin, Michael E. Woodward. Modeling Protocol Based Packet Header Anomaly Detector for Network and Host Intrusion Detection Systems. - Department of Computing, School of Informatics University of Bradford, United Kingdom. January 2007. P. 3-15.][Lippmann R.P., Haines J.W., Fried D.J. The 1999 DARPA Off-Line Intrusion Detection Evaluation // MIT Lincoln Lab Technical Report. 2000. P. 5-35.][Mahboubian M., Hamid W.A. A naturally inspired statistical intrusion detection // Proc. of ICINC, Malaysia. 2010. P. 3-20.][WEKA, Software. Machine Learning. - The University of Waikato, Hamilton, New Zealand. URL: http://www.cs.waikato.ac.nz/ml/weka (дата обращения: 13.02.2019).][Shamsuddin S.B. Applying knowledge discovery in database techniques in modeling packet header anomaly intrusion detection systems // Journal of Software. 2008. Vol. 3. No. 9. P. 20-50.][Wang K., Stolfo S.J. Anomalous payload-based network intrusion detection // RAID LNCS. 2004. Vol. 3224. P. 201-222.][Mahoney M.V., Chan P.K. Learning rules for anomaly detection of hostile network traffic // IEEE International Conference on Data Mining 2003. - P. 5-30.][Luo S., Marin G.A. Modeling networking protocols to test intrusion detection systems // IEEE International Conference on Local Computer Networks. 2004. P. 25-64.][Detection of novel network attacks using data mining / L. Ertoz [et al.] // SIAM Conf. Data Mining. 2003. P. 12-26.]