Negative Selection Approach Application in Network Intrusion Detection Systems

Abstract—Nature has always been an inspiration to researcherswith its diversity and robustness of its systems, and ArtificialImmune Systems are one of them. Many algorithms were inspiredby ongoing discoveries of biological immune systems techniquesand approaches. One of the basic and most common approachis the Negative Selection Approach, which is simple and easy toimplement. It was applied in many fields, but mostly in anomalydetection for the similarity of its basic idea. In this paper, areview is given on the application of negative selection approachin network security, specifically the intrusion detection system.As the work in this field is limited, we need to understand whatthe challenges of this approach are. Recommendations are givenby the end of the paper for future work. I. I NTRODUCTION Networks are more vulnerable by time to intrusions andattacks, from inside and outside. Cyber-attacks are makingnews headlines worldwide, as threats to networks are gettingbolder and more sophisticated. Reports of 2011 and 2012are showing an increase in network attacks, with Denial ofService (DoS) and targeted attacks having a big share in it.As reported by many web sites like [1] [2] [3], figures 1 and 2show motivations behind attacks and targeted customer typesrespectively.Internal threats and Advanced Persistent Threats (APT)are the biggest threats to a network, as they are carefullyconstructed and dangerous, due to internal users’ privilegesto access network resources. Figure 3 shows internal networksecurity concerns. With this in mind, and the increasing so-phistication of attacks, new approaches to protect the networkresources are always under investigation, and the one thatis concerned with inside and outside threats is the IntrusionDetection System.Intrusion detection systems [4] [5] [6] have been around forquite some time, as a successful security system. An IntrusionDetection System (IDS) is a system that defines and detectspossible threats within a computer or a network, by gatheringand analysing information from the surrounding environment.

[1]  Yanbo Huang,et al.  Advances in Artificial Neural Networks - Methodological Development and Application , 2009, Algorithms.

[2]  Reza Azmi,et al.  Anomaly Based IDS Using Variable Size Detector Generation in AIS: A Hybrid Approach , 2012 .

[3]  David B. Fogel,et al.  Evolutionary Computation: Towards a New Philosophy of Machine Intelligence , 1995 .

[4]  D. Dasgupta,et al.  Advances in artificial immune systems , 2006, IEEE Computational Intelligence Magazine.

[5]  Jonathan Timmis,et al.  Artificial immune systems—today and tomorrow , 2007, Natural Computing.

[6]  Uwe Aickelin,et al.  Artificial Immune Systems Tutorial , 2008, ArXiv.

[7]  Leandro Nunes de Castro,et al.  Artificial Immune Systems: Part I-Basic Theory and Applications , 1999 .

[8]  Mohd Aizaini Maarof,et al.  Danger Theory and Intelligent Data Processing , 2007 .

[9]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[10]  Thomas Bäck,et al.  Evolutionary computation: Toward a new philosophy of machine intelligence , 1997, Complex..

[11]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[12]  Fabio A. González,et al.  An Imunogenetic Technique To Detect Anomalies In Network Traffic , 2002, GECCO.

[13]  Wanli Ma,et al.  Negative Selection with Antigen Feedback in Intrusion Detection , 2008, ICARIS.

[14]  Christos Schizas,et al.  Artificial Neural Network Learning: A Comparative Review , 2002, SETN.

[15]  Uwe Aickelin,et al.  The Danger Theory and Its Application to Artificial Immune Systems , 2008, ArXiv.

[16]  Stephanie Forrest,et al.  Immunity by design: an artificial immune system , 1999 .

[17]  Mauro Birattari,et al.  Swarm Intelligence , 2012, Lecture Notes in Computer Science.

[18]  G. Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[19]  Jun He,et al.  A hybrid artificial immune system and Self Organising Map for network intrusion detection , 2008, Inf. Sci..

[20]  Macia-FernandezG.,et al.  Anomaly-based network intrusion detection , 2009 .

[21]  Julie Greensmith,et al.  Immune system approaches to intrusion detection – a review , 2004, Natural Computing.

[22]  Fabio A. González,et al.  A comparative analysis of artificial immune network models , 2005, GECCO '05.

[23]  George J. Klir,et al.  Fuzzy Sets, Fuzzy Logic, and Fuzzy Systems - Selected Papers by Lotfi A Zadeh , 1996, Advances in Fuzzy Systems - Applications and Theory.

[24]  Jidong Wang,et al.  An Improved Artificial Immune System-Based Network Intrusion Detection by Using Rough Set , 2012 .

[25]  Fernando Niño,et al.  Recent Advances in Artificial Immune Systems: Models and Applications , 2011, Appl. Soft Comput..

[26]  Rongfang Bie,et al.  Artificial Immune Networks: Models and Applications , 2006 .

[27]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[28]  Fabio A. González,et al.  Anomaly Detection Using Real-Valued Negative Selection , 2003, Genetic Programming and Evolvable Machines.

[29]  Jonathan Timmis,et al.  Challenges for Artificial Immune Systems , 2005, WIRN/NAIS.

[30]  Dipankar Dasgupta,et al.  A study of artificial immune systems applied to anomaly detection , 2003 .

[31]  Senhua Yu,et al.  Artificial Immune Systems: A Bibliography , 2010 .

[32]  Jonathan Timmis,et al.  Application Areas of AIS: The Past, The Present and The Future , 2005, ICARIS.

[33]  Julie Greensmith,et al.  Introducing Dendritic Cells as a Novel Immune-Inspired Algorithm for Anomoly Detection , 2005, ICARIS.

[34]  Gunar E. Liepins,et al.  Intrusion detection: Its role and validation , 1992, Comput. Secur..

[35]  Xiao Zhi Gao,et al.  Artificial Immune Networks: Models and Applications , 2006, 2006 International Conference on Computational Intelligence and Security.

[36]  Salah Al-Sharhan,et al.  ARTIFICIAL IMMUNE SYSTEMS - MODELS, ALGORITHMS AND APPLICATIONS , 2010 .

[37]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[38]  Madan M. Gupta,et al.  Fuzzy Sets, Fuzzy Logic, and Fuzzy Systems , 2003 .

[39]  Xue Yan Review of network intrusion detection , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[40]  PatchaAnimesh,et al.  An overview of anomaly detection techniques , 2007 .

[41]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[42]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[43]  Thomas Bck,et al.  Evolutionary computation: Toward a new philosophy of machine intelligence , 1997, Complex..

[44]  Maoguo Gong,et al.  An efficient negative selection algorithm with further training for anomaly detection , 2012, Knowl. Based Syst..

[45]  H. Zimmermann,et al.  Fuzzy Set Theory and Its Applications , 1993 .

[46]  Sadan Kulturel-Konak,et al.  A review of clonal selection algorithm and its applications , 2011, Artificial Intelligence Review.

[47]  Julie Greensmith,et al.  Further Exploration of the Dendritic Cell Algorithm: Antigen Multiplier and Time Windows , 2008, ICARIS.