Shellcode是缓冲区溢出漏洞攻击的核心代码部分，往往嵌入到文件和网络流量载体中。针对特征码匹配等检测手段存在时间滞后、准确率低等问题，结合人工免疫理论，提出一种采用实值编码的shellcode检测方法。收集shellcode样本并进行反汇编，利用n-gram模型对汇编指令序列提取特征生成抗原，作为免疫系统未成熟检测器来源，之后经历阴性选择算法的免疫耐受过程，生成成熟检测器。对检测器进行克隆和变异，繁衍出更加优良的后代，提高检测器的多样性和亲和度。实验结果表明，该方法对非编码shellcode和多态shellcode均具有较高的检测准确率。 Shellcode is the core code portion of a buffer overflow vulnerability attack and is often embedded in file and network traffic vectors. Aiming at the problems of time lag and low accuracy of detection methods such as signature matching, this paper proposes a real-coded shellcode detection method based on artificial immune theory. The shellcode samples were collected and disassembled. The n-gram model was used to extract the features of the assembler sequences to generate antigens, which were used as the source of immune system immature detectors. Then they were subjected to the immune tolerance process of negative selection algorithm to generate mature detectors. Clone and mutate the detector, reproduce more excellent offspring, and increase detector diversity and affinity. Experimental results show that this method has high detection accuracy for both non-coding shellcode and polymorphic shellcode.