**1. Introduction**

Anomaly detection refers to the problem of finding unexpected behavior. These are often known as anomalies, outliers, or discordant observations [1], and are usually patterns not conforming with a notion of normal behavior. The detection of anomalous patterns consists of defining a region represented as normal behavior, and any element distant from such a region is determined as anomalous; this distinction is achieved through several methods, including searching, signaturebased, anomaly-based, feature learning, and feature reduction.

Intrusion Detection Systems (IDS) aim to prevent undesired usage of computer networks. This is performed using tools such as machine learning algorithms and signature-based detection, to generate alerts based on the status of the protected resources. This helps system administrators to make decisions that can affect the network systems, depending on important factors, such as response time and

accuracy of the status. IDS can be classified into two broad groups, namely Network Intrusion Detection Systems (NIDS) and Host-Based Intrusion Detection Systems (HIDS). NIDS are IDS whose main purpose is to analyze network communications, find anomalies and predict incoming attacks; whereas HIDS are specific purpose IDS whose objective is to protect a specific computer system.

Machine learning NIDS have generated relevant results [2, 3]. Alternative approaches aim to solve relevant NIDS anomaly detection challenges, namely high computational complexity and online detection. Artificial Immune Systems (AIS) are a type of evolutionary computing algorithms and models, inspired by the behavior of the Human Immune System (HIS). Their aim is to imitate the favorable qualities of their biological counterpart. Although there exist other evolutionary computing algorithms, such as Genetic Algorithms (GA), the immune system is sorely focused on the protection of its host system.

The Dendritic Cell Algorithm (DCA) is a computational model developed around the immune Danger Theory (DT) and is a population-based binary classifier designed for anomaly detection, where Dendritic Cells are represented as agents known as artificial Dendritic Cells (DCs). The algorithm is able to assess whether a group of observations are anomalous or normal through temporal correlation of preprocessed features and linear equations to simulate part of the observed behavior of biological DCs. The DCA algorithm evolution has been marked by three different contributions, starting with the "prototype" DCA [4], followed by a more elaborated version using stochastic elements, known as the "stochastic" DCA [5], and further developed as the "deterministic" DCA [6–9].
