More Web Proxy on the site http://driver.im/

Article

A comparative study of real-valued negative selection to statistical anomaly detection techniques

Authors:

Jonathan Timmis,

Claudia EckertAuthors Info & Claims

ICARIS'05: Proceedings of the 4th international conference on Artificial Immune Systems

Pages 262 - 275

https://doi.org/10.1007/11536444_20

Published: 14 August 2005 Publication History

Abstract

The (randomized) real-valued negative selection algorithm is an anomaly detection approach, inspired by the negative selection immune system principle. The algorithm was proposed to overcome scaling problems inherent in the hamming shape-space negative selection algorithm. In this paper, we investigate termination behavior of the real-valued negative selection algorithm with variable-sized detectors on an artificial data set. We then undertake an analysis and comparison of the classification performance on the high-dimensional KDD data set of the real-valued negative selection, a real-valued positive selection and statistical anomaly detection techniques. Results reveal that in terms of detection rate, real-valued negative selection with variable-sized detectors is not competitive to statistical anomaly detection techniques on the KDD data set. In addition, we suggest that the termination guarantee of the real-valued negative selection with variable-sized detectors is very sensitive to several parameters.

References

[1]

Forrest S., Perelson A.S., Allen L., Cherukuri R.: Self-nonself discrimination in a computer. In: Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press (1994).

Digital Library

[2]

D'haeseleer, P.: An immunological approach to change detection: Theoretical results. In: Proc. 9th IEEE Computer Security Foundations Workshop. (1996) 18-26.

Digital Library

[3]

Hofmeyr S. A., Forrest S., D'haeseleer P.: An immunological approach to distributed network intrusion detection. In: First International Workshop on the Recent Advances in Intrusion Detection. (1998).

[4]

González, F., Dasgupta, D., Kozma, R.: Combining negative selection and classification techniques for anomaly detection. In: Congress on Evolutionary Computation, IEEE (2002) 705-710.

[5]

González, F., Dasgupta, D., Niño, L.F.: A randomized real-valued negative selection algorithm. In Timmis, J., Bentley, P.J., Hart, E., eds.: Proceedings of the 2nd International Conference on Artificial Immune Systems (ICARIS). LNCS, Edinburgh, UK, Springer-Verlag (2003) 261-272.

[6]

Ji, Z., Dasgupta, D.: Real-valued negative selection algorithm with variable-sized detectors. In: Genetic and Evolutionary Computation - GECCO-2004, Part I. Volume 3102 of LNCS., Seattle, WA, USA, Springer-Verlag (2004) 287-298.

[7]

Marsland, S.: Novelty detection in learning systems. Neural Computing Surveys 3 (2003).

[8]

Schölkopf, B., Platt, J.C., Shawe-Taylor, S.T., Smola, A.J., Williamson, W.: Estimating the support of a high-dimensional distribution. Technical Report MSRTR- 99-87, Microsoft Research (MSR) (1999).

[9]

Müller, K.R., Mika, S., Rätsch, G., Tsuda, K., Schölkopf, B.: An introduction to kernel-based learning algorithms. Transactions on Neural Networks 12 (2001) 181-201.

Digital Library

[10]

Ebner, M., Breunig, H.G., Albert, J.: On the use of negative selection in an artificial immune system. In: GECCO 2002: Proceedings of the Genetic and Evolutionary Computation Conference, New York, Morgan Kaufmann Publishers (2002) 957-964.

Digital Library

[11]

Stibor, T., Mohr, P., Timmis, J., Eckert, C.: Is negative selection appropriate for anomaly detection ? In: Genetic and Evolutionary Computation - GECCO. (to appear) (2005).

Digital Library

[12]

Duda, R., Hart, P.E., Stork, D.G.: Pattern Classification. Second edn. Wiley-Interscience (2001).

Digital Library

[13]

Bishop C.M.: Novelty detection and neural network validation. In: IEE Proceedings: Vision, Image and Signal Processing. Volume 141. (1994) 217-222.

[14]

Silverman B.W.: Density Estimation for Statistics and Data Analysis. Chapman and Hall (1986).

[15]

Yeung, D.Y., Chow, C.: Parzen-window network intrusion detectors. In: Proc. of the Sixteenth International Conference on Pattern Recognition. (2002) 385-388.

Digital Library

[16]

Chang, C.C., Lin, C.J.: LIBSVM: a Library for Support Vector Machines (http://www.csie.ntu.edu.tw/~cjlin/papers/libsvm.pdf). (2004).

Digital Library

[17]

Hettich, S. and Bay, S. D.: KDD Cup 1999 Data (1999) http://kdd.ics.uci.edu.

[18]

Fawcett, T.: ROC graphs: Notes and practical considerations for data mining researchers. Technical Report HPL-2003-4, Hewlett Packard Laboratories (2003).

[19]

Stibor, T., Timmis, J., Eckert, C.: On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system. In: Proceedings of the 2005 IEEE Congress on Evolutionary Computation. (to appear), Edinburgh, UK, IEEE Press (2005).

Cited By

Kayan HHeartfield RRana OBurnap PPerera C(2024)CASPER: Context-Aware IoT Anomaly Detection System for Industrial Robotic ArmsACM Transactions on Internet of Things10.1145/36704145:3(1-36)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1145/3670414
Eke HPetrovski AAhriz HMakarevich OPopov DBabenko LBurnap PElçi APoet RVaidya JOrgun MGaur MShekhawat R(2019)The use of machine learning algorithms for detecting advanced persistent threatsProceedings of the 12th International Conference on Security of Information and Networks10.1145/3357613.3357618(1-8)Online publication date: 12-Sep-2019
https://dl.acm.org/doi/10.1145/3357613.3357618
Fouladvand SOsareh AShadgar BPavone MSharafi S(2017)DENSAEngineering Applications of Artificial Intelligence10.1016/j.engappai.2016.08.01462:C(359-372)Online publication date: 1-Jun-2017
https://dl.acm.org/doi/10.1016/j.engappai.2016.08.014
Show More Cited By

A comparative study of real-valued negative selection to statistical anomaly detection techniques
1. Computing methodologies
  1. Machine learning
    1. Learning paradigms
      1. Supervised learning

Recommendations

A comparative study of negative selection based anomaly detection in sequence data
ICARIS'12: Proceedings of the 11th international conference on Artificial Immune Systems

The negative selection algorithm is one of the oldest immune-inspired classification algorithms and was originally intended for anomaly detection tasks in computer security. After initial enthusiasm, performance problems with the algorithm lead many ...
Is negative selection appropriate for anomaly detection?
GECCO '05: Proceedings of the 7th annual conference on Genetic and evolutionary computation

Negative selection algorithms for hamming and real-valued shape-spaces are reviewed. Problems are identified with the use of these shape-spaces, and the negative selection algorithm in general, when applied to anomaly detection. A straightforward self ...
Anomaly Detection Using Real-Valued Negative Selection

This paper describes a real-valued representation for the negative selection algorithm and its applications to anomaly detection. In many anomaly detection applications, only positive (normal) samples are available for training purpose. However, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

ICARIS'05: Proceedings of the 4th international conference on Artificial Immune Systems

August 2005

499 pages

ISBN:3540281754

Editors:
Christian Jacob
Evolutionary and Swarm Design Group, Dept. of Computer Science, University of Calgary, Alberta, Canada
,
Marcin L. Pilat
Department of Computer Science, University of Calgary, 2500 University Drive NW, Calgary, Alberta, Canada
,
Peter J. Bentley
Computer Science Department, University College London, 2500 University Drive NW, London, UK
,
Jonathan I. Timmis
Department of Electronics, University of York, 2500 University Drive NW, Heslington, York, UK

Sponsors

Alberta Informatics Circle of Research Excellence (iCORE)
PIMS: The Pacific Institute for the Mathematical Sciences
ARTIST
UOC: University of Calgary
MITACS

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 14 August 2005

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kayan HHeartfield RRana OBurnap PPerera C(2024)CASPER: Context-Aware IoT Anomaly Detection System for Industrial Robotic ArmsACM Transactions on Internet of Things10.1145/36704145:3(1-36)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1145/3670414
Eke HPetrovski AAhriz HMakarevich OPopov DBabenko LBurnap PElçi APoet RVaidya JOrgun MGaur MShekhawat R(2019)The use of machine learning algorithms for detecting advanced persistent threatsProceedings of the 12th International Conference on Security of Information and Networks10.1145/3357613.3357618(1-8)Online publication date: 12-Sep-2019
https://dl.acm.org/doi/10.1145/3357613.3357618
Fouladvand SOsareh AShadgar BPavone MSharafi S(2017)DENSAEngineering Applications of Artificial Intelligence10.1016/j.engappai.2016.08.01462:C(359-372)Online publication date: 1-Jun-2017
https://dl.acm.org/doi/10.1016/j.engappai.2016.08.014
Saurabh PVerma B(2016)An efficient proactive artificial immune system based anomaly detection and prevention systemExpert Systems with Applications: An International Journal10.1016/j.eswa.2016.03.04260:C(311-320)Online publication date: 30-Oct-2016
https://dl.acm.org/doi/10.1016/j.eswa.2016.03.042
Chelly ZElouedi Z(2016)A survey of the dendritic cell algorithmKnowledge and Information Systems10.1007/s10115-015-0891-y48:3(505-535)Online publication date: 1-Sep-2016
https://dl.acm.org/doi/10.1007/s10115-015-0891-y
Greensmith JEsparcia-Alcázar A(2015)Securing the Internet of Things with Responsive Artificial Immune SystemsProceedings of the 2015 Annual Conference on Genetic and Evolutionary Computation10.1145/2739480.2754816(113-120)Online publication date: 11-Jul-2015
https://dl.acm.org/doi/10.1145/2739480.2754816
Ozsen SYucelbas C(2015)On the evolution of ellipsoidal recognition regions in Artificial Immune SystemsApplied Soft Computing10.1016/j.asoc.2015.03.01431:C(210-222)Online publication date: 1-Jun-2015
https://dl.acm.org/doi/10.1016/j.asoc.2015.03.014
Gao XWang XZenger K(2014)Motor fault diagnosis using negative selection algorithmNeural Computing and Applications10.1007/s00521-013-1447-225:1(55-65)Online publication date: 1-Jul-2014
https://dl.acm.org/doi/10.1007/s00521-013-1447-2
Gong MZhang JMa JJiao L(2012)Short CommunicationKnowledge-Based Systems10.1016/j.knosys.2012.01.00430(185-191)Online publication date: 1-Jun-2012
https://dl.acm.org/doi/10.1016/j.knosys.2012.01.004
Luo RYi Q(2011)A novel parallel clustering algorithm based on artificial immune network using nVidia CUDA frameworkProceedings of the 14th international conference on Human-computer interaction: design and development approaches - Volume Part I10.5555/2022384.2022455(598-607)Online publication date: 9-Jul-2011
https://dl.acm.org/doi/10.5555/2022384.2022455
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten