Discriminating and visualizing anomalies using negative selection and self-organizing maps

An immune inspired model that can detect anomalies, even when trained only with normal samples, and can learn from encounters with new anomalies is presented. The model combines a negative selection algorithm and a self-organizing map (SOM) in an immune inspired architecture. The proposed system is able to produce a visual representation of the self/non-self feature space, thanks to the topological 2-dimensional map produced by the SOM. Some experiments were performed on classification data; the results are presented and discussed.

[1]  Dominique Brodbeck,et al.  A Visual Approach for Monitoring Logs , 1998, LISA.

[2]  Uwe Aickelin,et al.  Danger Theory: The Link between AIS and IDS? , 2003, ICARIS.

[3]  Kevin P. Anchor,et al.  CDIS: Towards a Computer Immune System for Detecting Network Intrusions , 2001, Recent Advances in Intrusion Detection.

[4]  N K Jerne,et al.  Towards a network theory of the immune system. , 1973, Annales d'immunologie.

[5]  D. Dasgupta,et al.  Combining negative selection and classification techniques for anomaly detection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[6]  Simon Haykin,et al.  Neural Networks: A Comprehensive Foundation , 1998 .

[7]  Teuvo Kohonen,et al.  Self-Organizing Maps , 2010 .

[8]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[9]  T. J. Jankun-Kelly,et al.  Detecting flaws and intruders with visual data analysis , 2004, IEEE Computer Graphics and Applications.

[10]  T. J. Jankun-Kelly,et al.  Visual Data Analysis for Detecting Flaws and Intruders in Computer Network Systems , 2004 .

[11]  Paul Helman,et al.  An immunological approach to change detection: algorithms, analysis and implications , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[12]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Alex A. Freitas,et al.  A Danger Theory Approach to Web Mining , 2003 .

[14]  Leandro Nunes de Castro,et al.  Artificial Immune Systems: A New Computational Approach , 2002 .

[15]  Stefan Axelsson Visualising Intrusions: Watching the Webserver , 2004, SEC.

[16]  Carlos A. Coello Coello,et al.  A parallel implementation of an artificial immune system to handle constraints in genetic algorithms: preliminary results , 2002, IEEE Congress on Evolutionary Computation.

[17]  Dipankar Dasgupta,et al.  Immunity-Based Intrusion Detection System: A General Framework , 1999 .

[18]  A.M. Tyrell,et al.  Computer know thy self!: a biological way to look at fault-tolerance , 1999, Proceedings 25th EUROMICRO Conference. Informatics: Theory and Practice for the New Millennium.

[19]  Dipankar Dasgupta,et al.  Tool Breakage Detection in Milling Operations using a Negative-Selection Algorithm , 1995 .

[20]  Dipankar Dasgupta,et al.  Novelty detection in time series data using ideas from immunology , 1996 .

[21]  Jerne Nk Towards a network theory of the immune system. , 1974 .

[22]  Andrew M. Tyrrell Computer Know Thy Self!: A Biological Way to Look at Fault-Tolerance , 1999, EUROMICRO.

[23]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[24]  Jonathan Timmis,et al.  Artificial immune systems - a new computational intelligence paradigm , 2002 .

[25]  Fabio A. González,et al.  Anomaly Detection Using Real-Valued Negative Selection , 2003, Genetic Programming and Evolvable Machines.

[26]  Robert F. Erbacher Glyph-based generic network visualization , 2002, IS&T/SPIE Electronic Imaging.

[27]  Jeffrey O. Kephart,et al.  A biologically inspired immune system for computers , 1994 .

[28]  Fabio A. González,et al.  A Randomized Real-Valued Negative Selection Algorithm , 2003, ICARIS.

[29]  Ali A. Ghorbani,et al.  A novel visualization technique for network anomaly detection , 2004, PST.

[30]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.