Article

Immune anomaly detection enhanced with evolutionary paradigms

Authors:

Marek Ostaszewski,

Franciszek Seredynski,

Pascal BouvryAuthors Info & Claims

GECCO '06: Proceedings of the 8th annual conference on Genetic and evolutionary computation

Pages 119 - 126

https://doi.org/10.1145/1143997.1144018

Published: 08 July 2006 Publication History

Get Access

Abstract

The paper presents an approach based on principles of immune systems to the anomaly detection problem. Flexibility and efficiency of the anomaly detection system are achieved by building a model of network behavior based on the self-nonself space paradigm. Covering both self and nonself spaces by hyperrectangular structures is proposed. Structures corresponding to self-space are built using a training set from this space. Hyperrectangular detectors covering nonself space are created using niching genetic algorithm. A coevolutionary algorithm is proposed to enhance this process. Results of experiments show a high quality of intrusion detection, which outperform the quality of recently proposed approach based on hypersphere representation of self-space.

References

[1]

D. Beasley and D. R. Bull and R. R. Martin, A sequential niche technique for multimodal function optimization, Evolutionary Computation, 2(1):101--125, 1993.

Digital Library

Google Scholar

[2]

S. Cayzer and J. Smith and J. Marshall and T. Kovacs, What have Gene Libraries done for AIS?, Proceedings of the 4th International Conference on Artificial Immune Systems, 2005.

Digital Library

Google Scholar

[3]

D. Dasgupta and F. González, "An Immunity-Based Technique to Characterize Intrusions in Computer Networks", IEEE Transactions On Evolutionary Computation, 6(3):1081--1088, 2002.

Digital Library

Google Scholar

[4]

T. Fawcett, ROC graphs: Notes and practical considerations for data mining researchers, Technical Report HPL-2003-4, 2003.

Google Scholar

[5]

S. Forrest and A. Perelson and L. Allen and R. Cherukuri, "Self-nonself discrimination in a computer", Proceedings of IEEE Symposium on Research in Security and Privacy, 1994.

Digital Library

Google Scholar

[6]

M. Glickman and J. Balthrop and S. Forrest, "A Machine Learning Evaluation of an Artificial Immune System", Evolutionary Computation, 13(2), 2005.

Digital Library

Google Scholar

[7]

S. M. Garret, "How Do We Evaluate Artificial Immune Systems?", Evolutionary Computation, 13(2), 2005. http://www.ll.mit.edu/IST/ideval/index.html

Digital Library

Google Scholar

[8]

http://www.ll.mit.edu/IST/ideval/index.html

Google Scholar

[9]

Z. Michalewicz, "Genetic Algorithms + Data Structures = Evolution Programs", Springer, 1992.

Digital Library

Google Scholar

[10]

J. Paredis, "Constraint Satisfaction with Coevolution", New Ideas in Optimization, McGraw-Hill, 1999.

Digital Library

Google Scholar

[11]

M. Roesch, Snort - lightweight intrusion detection for networks, Proceedings of the 13th Systems Administration Conference, 1999.

Digital Library

Google Scholar

[12]

T. Stibor and J. Timmis and C. Eckert, On the Appropriateness of Negative Selection defined over Hamming Shape-Space as a Network Intrusion Detection System, Proceedings of the 4th International Conference on Artificial Immune Systems, 2005.

Crossref

Google Scholar

[13]

T. Stibor and J. Timmis and C. Eckert, A Comparative Study of Real-Valued Negative Selection to Statistical Anomaly Detection Techniques, Proceedings of the 4th International Conference on Artificial Immune Systems, 2005.

Digital Library

Google Scholar

[14]

S. T. Wierzchon, Artificial immune systems. Theory and application (in polish), Exit, Warsaw, Poland, 2001.

Google Scholar

Cited By

View all

Chen WYang YLiu L(2025)DE-PSA: Learning from unlabeled data by dual-stage label propagation for positive selection algorithmKnowledge-Based Systems10.1016/j.knosys.2024.112757309(112757)Online publication date: Jan-2025
https://doi.org/10.1016/j.knosys.2024.112757
Wen CChangzhi W(2022)Combine labeled and unlabeled data for immune detector training with label propagationKnowledge-Based Systems10.1016/j.knosys.2021.107661236:COnline publication date: 25-Jan-2022
https://dl.acm.org/doi/10.1016/j.knosys.2021.107661
Singh KKaur LMaini R(2021)A survey of intrusion detection techniques based on negative selection algorithmInternational Journal of System Assurance Engineering and Management10.1007/s13198-021-01357-813:S1(175-185)Online publication date: 9-Nov-2021
https://doi.org/10.1007/s13198-021-01357-8
Show More Cited By

Index Terms

Immune anomaly detection enhanced with evolutionary paradigms
1. Computing methodologies
  1. Artificial intelligence
    1. Search methodologies
      1. Heuristic function construction

Recommendations

Positive Selection-Inspired Anomaly Detection Model with Artificial Immune
CYBERC '14: Proceedings of the 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery

Network anomaly detection has become the promising aspect of intrusion detection. The existing anomaly detection models depict the detection profiles with a static way, which lack good adaptability and interoperability. Furthermore, the detection rate ...
Anomaly detection in TCP/IP networks using immune systems paradigm

The paper presents an architecture of an anomaly detection system based on the paradigm of artificial immune systems (AISs). Incoming network traffic data are considered by the system as signatures of potential attackers by mapping them into antigens of ...
A novel immune detector training method for network anomaly detection
Abstract
The artificial immune system and network anomaly detection system are developed with common goals and principles considered. Moreover, artificial immune-based network anomaly detection can adaptively learn and dynamically detect threats. However, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

GECCO '06: Proceedings of the 8th annual conference on Genetic and evolutionary computation

July 2006

2004 pages

ISBN:1595931864

DOI:10.1145/1143997

General Chair:
Mike Cattolico
Tiger Mountain Scientific, Inc., USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 July 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

GECCO06

Sponsor:

GECCO06: Genetic and Evolutionary Computation Conference

July 8 - 12, 2006

Washington, Seattle, USA

Acceptance Rates

GECCO '06 Paper Acceptance Rate 205 of 446 submissions, 46%;

Overall Acceptance Rate 1,669 of 4,410 submissions, 38%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
28
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Chen WYang YLiu L(2025)DE-PSA: Learning from unlabeled data by dual-stage label propagation for positive selection algorithmKnowledge-Based Systems10.1016/j.knosys.2024.112757309(112757)Online publication date: Jan-2025
https://doi.org/10.1016/j.knosys.2024.112757
Wen CChangzhi W(2022)Combine labeled and unlabeled data for immune detector training with label propagationKnowledge-Based Systems10.1016/j.knosys.2021.107661236:COnline publication date: 25-Jan-2022
https://dl.acm.org/doi/10.1016/j.knosys.2021.107661
Singh KKaur LMaini R(2021)A survey of intrusion detection techniques based on negative selection algorithmInternational Journal of System Assurance Engineering and Management10.1007/s13198-021-01357-813:S1(175-185)Online publication date: 9-Nov-2021
https://doi.org/10.1007/s13198-021-01357-8
Eke HPetrovski AAhriz H(2020)Handling Minority Class Problem in Threats Detection Based on Heterogeneous Ensemble Learning ApproachInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.202007010211:2(13-37)Online publication date: 1-Jul-2020
https://dl.acm.org/doi/10.4018/IJSSSP.2020070102
Eke HPetrovski AAhriz HMakarevich OPopov DBabenko LBurnap PElçi APoet RVaidya JOrgun MGaur MShekhawat R(2019)The use of machine learning algorithms for detecting advanced persistent threatsProceedings of the 12th International Conference on Security of Information and Networks10.1145/3357613.3357618(1-8)Online publication date: 12-Sep-2019
https://dl.acm.org/doi/10.1145/3357613.3357618
Zhang RXiao X(2018)A Clone Selection Based Real-Valued Negative Selection AlgorithmComplexity10.1155/2018/25209402018Online publication date: 3-Dec-2018
https://dl.acm.org/doi/10.1155/2018/2520940
Luo WLiu RJiang HZhao DWu L(2018)Three Branches of Negative Representation of Information: A SurveyIEEE Transactions on Emerging Topics in Computational Intelligence10.1109/TETCI.2018.28299072:6(411-425)Online publication date: Dec-2018
https://doi.org/10.1109/TETCI.2018.2829907
Zhang HLiu SLi DShi KWang BCui J(2015)Abnormality degree detection method using negative potential field group detectorsChinese Journal of Mechanical Engineering10.3901/CJME.2015.0604.07728:5(983-993)Online publication date: 4-Aug-2015
https://doi.org/10.3901/CJME.2015.0604.077
Ghanem TElkilani WAbdul-kader H(2015)A hybrid approach for efficient anomaly detection using metaheuristic methodsJournal of Advanced Research10.1016/j.jare.2014.02.0096:4(609-619)Online publication date: Jul-2015
https://doi.org/10.1016/j.jare.2014.02.009
Xiao XLi TZhang R(2015)An immune optimization based real-valued negative selection algorithmApplied Intelligence10.1007/s10489-014-0599-942:2(289-302)Online publication date: 1-Mar-2015
https://dl.acm.org/doi/10.1007/s10489-014-0599-9
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Positive Selection-Inspired Anomaly Detection Model with Artificial Immune

Anomaly detection in TCP/IP networks using immune systems paradigm

A novel immune detector training method for network anomaly detection