An effective network-based Intrusion Detection using Conserved Self Pattern Recognition Algorithm augmented with near-deterministic detector generation

The Human Immune System (HIS) employs multilevel defense against harmful and unseen pathogens through innate and adaptive immunity. Innate immunity protects the body from the known invaders whereas adaptive immunity develops a memory of past encounter and has the ability to learn about previously unknown pathogens. These salient features of the HIS are inspiring the researchers in the area of intrusion detection to develop automated and adaptive defensive tools. This paper presents a new variant of Conserved Self Pattern Recognition Algorithm (CSPRA) called CSPRA-ID (CSPRA for Intrusion Detection). The CSPRA-ID is given the capability of effectively identifying known intrusions by utilizing the knowledge of well-known attacks to build a conserved self pattern (APC detector) while it retains the ability to detect novel intrusions because of the nature of one-class classification of the T detectors. Furthermore, the T detectors in the CSPRA-ID are generated with a novel near-deterministic scheme that is proposed in this paper. The near-deterministic generation scheme places the detector with Brute Force method to guarantee the next detector to be very foreign to the existing detector. Moreover, the placement of the variable-sized detector is online determined during the Monte Carlo estimate of detector coverage and thus the detectors with an optimal distribution are generated without any additional optimization step. A comparative study between CSPRA-ID and one-class SVM shows that the CSPRA-ID is promising on DARPA network intrusion data in terms of detection accuracy and computation efficiency.

[1]  Senhua Yu,et al.  An empirical study of Conserved Self Pattern Recognition Algorithm: Comparing to other one-class classifiers and evaluating with random number generators , 2009, 2009 World Congress on Nature & Biologically Inspired Computing (NaBIC).

[2]  Senhua Yu,et al.  Conserved self pattern recognition algorithm with novel detection strategy applied to breast cancer diagnosis , 2009 .

[3]  Zhou Ji,et al.  Applicability issues of the real-valued negative selection algorithms , 2006, GECCO '06.

[4]  C. Janeway,et al.  The immune system evolved to discriminate infectious nonself from noninfectious self. , 1992, Immunology today.

[5]  Daniel S. Yeung,et al.  Dimensionality reduction for denial of service detection problems using RBFNN output sensitivity , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[6]  Andrew H. Sung,et al.  Detecting denial of service attacks using support vector machines , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[7]  Zhou Ji,et al.  Augmented negative selection algorithm with variable-coverage detectors , 2004, Proceedings of the 2004 Congress on Evolutionary Computation (IEEE Cat. No.04TH8753).

[8]  Fabio A. González,et al.  A Randomized Real-Valued Negative Selection Algorithm , 2003, ICARIS.

[9]  Julie Greensmith,et al.  Immune system approaches to intrusion detection – a review , 2004, Natural Computing.

[10]  Zhou Ji,et al.  Estimating the detector coverage in a negative selection algorithm , 2005, GECCO '05.

[11]  Senhua Yu,et al.  Conserved Self Pattern Recognition Algorithm , 2008, ICARIS.

[12]  Zhou Ji,et al.  Real-Valued Negative Selection Algorithm with Variable-Sized Detectors , 2004, GECCO.

[13]  Claudia Eckert,et al.  A Comparative Study of Real-Valued Negative Selection to Statistical Anomaly Detection Techniques , 2005, ICARIS.

[14]  Zhou Ji,et al.  A BOUNDARY-AWARE NEGATIVE SELECTION ALGORITHM , 2005 .