An Imunogenetic Technique To Detect Anomalies In Network Traffic

The paper describes an immunogenetic approach which can detect a wide variety of intrusive activities on networked computers. In particular, this technique is inspired by the negative selection mechanism of the immune system that can detect foreign patterns in the complement (non-self) space. The novel pattern detectors (in the complement space) are evolved using a genetic search, which could differentiate varying degrees of abnormality in network traffic. The paper demonstrates the usefulness of such a technique in intrusion/anomaly detection. A number of experiments are performed using intrusion detection data sets (DARPA IDS evaluation program) and tested for validation. Some results are reported along with their analysis and concluding remarks.

[1]  Samir W. Mahfoud Crowding and Preselection Revisited , 1992, PPSN.

[2]  Jeffrey O. Kephart,et al.  A biologically inspired immune system for computers , 1994 .

[3]  Fabio A. González,et al.  An Intelligent Decision Support System for Intrusion Detection and Response , 2001, MMM-ACNS.

[4]  Peter J. Bentley,et al.  An evaluation of negative selection in an artificial immune system for network intrusion detection , 2001 .

[5]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[6]  Carla E. Brodley,et al.  Machine learning techniques for the computer security domain of anomaly detection , 2000 .

[7]  Eleazar Eskin,et al.  Anomaly Detection over Noisy Data using Learned Probability Distributions , 2000, ICML.

[8]  Eugene H. Spafford,et al.  Applying Genetic Programming to Intrusion Detection , 1995 .

[9]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Richard P. Lippmann,et al.  1999 DARPA Intrusion Detection Evaluation: Design and Procedures , 2001 .

[11]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[12]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[13]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[14]  Ralph R. Martin,et al.  A Sequential Niche Technique for Multimodal Function Optimization , 1993, Evolutionary Computation.

[15]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.