A fast anomaly detection system using probabilistic artificial immune algorithm capable of learning new attacks

In this paper, we propose anomaly based intrusion detection algorithms in computer networks using artificial immune systems, capable of learning new attacks. Unique characteristics and observations specific to computer networks are considered in developing faster algorithms while achieving high performance. Although these characteristics play a key role in the proposed algorithms, we believe they have been neglected in the previous related works. We evaluate the proposed algorithms on a number of well-known intrusion detection datasets, as well as two new real datasets extracted from the data networks for intrusion detection. We analyze the detection performance and learning capabilities of the proposed algorithms, in addition to performance criteria such as false alarm rate, detection rate, and response time. The experimental results demonstrate that the proposed algorithms exhibit fast response time, low false alarm rate, and high detection rate. They can also learn new attack patterns, and identify them the next time they are introduced to the network.

[1]  Andy Podgurski,et al.  Application-based anomaly intrusion detection with dynamic information flow analysis , 2008, Comput. Secur..

[2]  C. D. Gelatt,et al.  Optimization by Simulated Annealing , 1983, Science.

[3]  Chih-Fong Tsai,et al.  A triangle area based nearest neighbors approach to intrusion detection , 2010, Pattern Recognit..

[4]  Cristina E. Davis,et al.  A modified artificial immune system based pattern recognition approach - An application to clinical diagnostics , 2011, Artif. Intell. Medicine.

[5]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[6]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[7]  Radu State,et al.  Monitoring SIP Traffic Using Support Vector Machines , 2008, RAID.

[8]  Antonio Pescapè,et al.  A tool for the generation of realistic network workload for emerging networking scenarios , 2012, Comput. Networks.

[9]  Simin Nadjm-Tehrani,et al.  ADWICE - Anomaly Detection with Real-Time Incremental Clustering , 2004, ICISC.

[10]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[11]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .

[12]  Christopher Leckie,et al.  A survey of coordinated attacks and collaborative intrusion detection , 2010, Comput. Secur..

[13]  Hassan Asgharian,et al.  A framework for SIP intrusion detection and response systems , 2011, 2011 International Symposium on Computer Networks and Distributed Systems (CNDS).

[14]  J. C. Dunn,et al.  A Fuzzy Relative of the ISODATA Process and Its Use in Detecting Compact Well-Separated Clusters , 1973 .

[15]  Xian-Lun Tang,et al.  A novel intrusion detection method based on clonal selection clustering algorithm , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[16]  Adel Nadjaran Toosi,et al.  A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers , 2007, Comput. Commun..

[17]  Tansu Alpcan,et al.  A Cooperative AIS Framework for Intrusion Detection , 2007, 2007 IEEE International Conference on Communications.

[18]  Uwe Aickelin,et al.  libtissue - implementing innate immunity , 2006, 2006 IEEE International Conference on Evolutionary Computation.

[19]  Fang Liu,et al.  Intrusion Detection Based on Immune Clonal Selection Algorithms , 2004, Australian Conference on Artificial Intelligence.

[20]  Vir V. Phoha,et al.  K-Means+ID3: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods , 2007, IEEE Transactions on Knowledge and Data Engineering.

[21]  Qiang Chen,et al.  Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection , 2002, IEEE Trans. Computers.

[22]  Verónica Bolón-Canedo,et al.  Feature selection and classification in multiple class datasets: An application to KDD Cup 99 dataset , 2011, Expert Syst. Appl..

[23]  Kemal Polat,et al.  Diagnosis of heart disease using artificial immune recognition system and fuzzy weighted pre-processing , 2006, Pattern Recognit..

[24]  Ahmad Akbari,et al.  Improving linear discriminant analysis with artificial immune system-based evolutionary algorithms , 2012, Inf. Sci..

[25]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[26]  Radu State,et al.  Labeled VoIP Data-Set for Intrusion Detection Evaluation , 2010, EUNICE.

[27]  Radu State,et al.  VoIP Malware: Attack Tool & Attack Scenarios , 2009, 2009 IEEE International Conference on Communications.

[28]  F. Glover HEURISTICS FOR INTEGER PROGRAMMING USING SURROGATE CONSTRAINTS , 1977 .

[29]  Bhavani M. Thuraisingham,et al.  A new intrusion detection system using support vector machines and hierarchical clustering , 2007, The VLDB Journal.

[30]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[31]  Hassan Asgharian,et al.  Detecting Denial of Service Attacks on SIP Based Services and Proposing Solutions , 2012 .

[32]  Taeshik Shon,et al.  A hybrid machine learning approach to network anomaly detection , 2007, Inf. Sci..