Anomaly Detection Using Real-Valued Negative Selection

This paper describes a real-valued representation for the negative selection algorithm and its applications to anomaly detection. In many anomaly detection applications, only positive (normal) samples are available for training purpose. However, conventional classification algorithms need samples for all classes (e.g. normal and abnormal) during the training phase. This approach uses only normal samples to generate abnormal samples, which are used as input to a classification algorithm. This hybrid approach is compared against an anomaly detection technique that uses self-organizing maps to cluster the normal data sets (samples). Experiments are performed with different data sets and some results are reported.

[1]  Eamonn J. Keogh,et al.  Finding surprising patterns in a time series database in linear time and space , 2002, KDD.

[2]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[3]  Paul Helman,et al.  An immunological approach to change detection: algorithms, analysis and implications , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[4]  Stephanie Forrest,et al.  Coverage and Generalization in an Artificial Immune System , 2002, GECCO.

[5]  Peter J. Bentley,et al.  An evaluation of negative selection in an artificial immune system for network intrusion detection , 2001 .

[6]  Yoshikiyo Kato,et al.  Fault Detection by Mining Association Rules from House-keeping Data , 2001 .

[7]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[8]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[9]  Simon Haykin,et al.  Neural Networks: A Comprehensive Foundation , 1998 .

[10]  Rogério de Lemos,et al.  Negative Selection: How to Generate Detectors , 2002 .

[11]  Teuvo Kohonen,et al.  Self-Organizing Maps , 2010 .

[12]  Ron Kohavi,et al.  The Case against Accuracy Estimation for Comparing Induction Algorithms , 1998, ICML.

[13]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[14]  Dipankar Dasgupta,et al.  Novelty detection in time series data using ideas from immunology , 1996 .

[15]  L. Glass,et al.  Oscillation and chaos in physiological control systems. , 1977, Science.

[16]  Dipankar Dasgupta,et al.  An Anomaly Entection Algorithm Inspired by the Immune Syste , 1999 .

[17]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[18]  O. Mangasarian,et al.  Multisurface method of pattern separation for medical diagnosis applied to breast cytology. , 1990, Proceedings of the National Academy of Sciences of the United States of America.

[19]  Fabio A. González,et al.  The Effect of Binary Matching Rules in Negative Selection , 2003, GECCO.

[20]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[21]  Dipankar Dasgupta,et al.  Anomaly detection in multidimensional data using negative selection algorithm , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[22]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[23]  Vasant Honavar,et al.  Proceedings of the Genetic and Evolutionary Computation Conference , 2021, GECCO.

[24]  D. Dasgupta,et al.  Combining negative selection and classification techniques for anomaly detection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[25]  Fabio A. González,et al.  An Imunogenetic Technique To Detect Anomalies In Network Traffic , 2002, GECCO.

[26]  Dipankar Dasgupta An Overview of Artificial Immune Systems and Their Applications , 1993 .

[27]  Stephanie Forrest,et al.  Revisiting LISYS: parameters and normal behavior , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[28]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[29]  Salvatore J. Stolfo,et al.  Using artificial anomalies to detect unknown and known network intrusions , 2001, Proceedings 2001 IEEE International Conference on Data Mining.

[30]  Jeffrey O. Kephart,et al.  A biologically inspired immune system for computers , 1994 .

[31]  Andrew M. Tyrrell,et al.  Immunotronics - novel finite-state-machine architectures with built-in self-test using self-nonself differentiation , 2002, IEEE Trans. Evol. Comput..

[32]  Leandro Nunes de Castro,et al.  Artificial Immune Systems: A New Computational Approach , 2002 .

[33]  Catherine Blake,et al.  UCI Repository of machine learning databases , 1998 .

[34]  Carla E. Brodley,et al.  Machine learning techniques for the computer security domain of anomaly detection , 2000 .