Negative Selection with Antigen Feedback in Intrusion Detection

One of the major challenges for negative selection is to efficiently generate effective detectors. The experiment in the past shows that random generation fails to generate useful detectors within acceptable time duration. In this paper, we propose an antigen feedback mechanism for generating the detectors. For an unmatched antigen, we make a copy of the antigen and treat it the same as a newly randomly generated antibody: it goes through the same maturing process and is subject to elimination due to self matching. If it survives and is then activated by more antigens, it becomes a legitimate detector. Our experiment demonstrates that the antigen feedback mechanism provides an efficient way to generate enough effective detectors within a very short period of time. With the antigen feedback mechanism, we achieved 95.21% detection rate on attack strings, with 4.79% false negative rate, and 99.21% detection rate on normal strings, 0.79% false positive. In this paper, we also introduce Arisytis --- Ar tificial I mmune Sy stem T ool K i t s --- a project we are undertaking for not only our own experiment, but also the research communities in the same area to avoid the waste on repeatedly developing similar software. Arisytis is available on the public domain. Finally, we also discuss the effectiveness of the r-continuous bits match and its impact on data presentation.

[1]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[2]  Peter J. Bentley,et al.  An evaluation of negative selection in an artificial immune system for network intrusion detection , 2001 .

[3]  Jonathan Timmis,et al.  Artificial immune systems—today and tomorrow , 2007, Natural Computing.

[4]  Zhou Ji,et al.  Artificial immune system (AIS) research in the last five years , 2003, The 2003 Congress on Evolutionary Computation, 2003. CEC '03..

[5]  Jonathan Timmis,et al.  Application Areas of AIS: The Past, The Present and The Future , 2005, ICARIS.

[6]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[7]  Salvatore J. Stolfo,et al.  Cost-based modeling for fraud and intrusion detection: results from the JAM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[8]  D. Dasgupta,et al.  Advances in artificial immune systems , 2006, IEEE Computational Intelligence Magazine.

[9]  Wenke Lee,et al.  Cost-based Modeling and Evaluation for Data Mining With Application to Fraud and Intrusion Detection : Results from the JAM Project ∗ , 2008 .

[10]  Jonathan Timmis,et al.  Artificial immune systems - a new computational intelligence paradigm , 2002 .

[11]  Fabio A. González,et al.  Anomaly Detection Using Real-Valued Negative Selection , 2003, Genetic Programming and Evolvable Machines.

[12]  Zhou Ji,et al.  Revisiting Negative Selection Algorithms , 2007, Evolutionary Computation.

[13]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[14]  I. I. Shapiro,et al.  The first results , 1979 .

[15]  Simon M. Garrett,et al.  How Do We Evaluate Artificial Immune Systems? , 2005, Evolutionary Computation.

[16]  Wanli Ma,et al.  A study on the feature selection of network traffic for intrusion detection purpose , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[17]  F. Azuaje Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[18]  Uwe Aickelin,et al.  An Artificial Immune System Based Recommender , 2002 .

[19]  Stephanie Forrest,et al.  Immunity by design: an artificial immune system , 1999 .

[20]  Nicoletta Gabrielli,et al.  An Artificial Immune System for Network Intrusion Detection on a Web Server : First Results , .

[21]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[22]  Stephanie Forrest,et al.  Revisiting LISYS: parameters and normal behavior , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).