Towards an Immune-inspired Temporal Anomaly Detection Algorithm based on Tunable Activation Thresholds

The detection of anomalies in computer environments, like n etwork intrusion detection, computer virus or spam classification, are usually based on some form of patter n searchon a database of pre-computed “signatures” for known anomalies. Although very successful and widely de ployed, these approaches are only able to cope with anomalous events that have already been seen and classified or, with the more robust systems, anomalies that are similar to some previously seen event. To cope with these weaknesses there is a new emerging type of anomaly detection system that is “behaviour” bas ed. Although conceptually more appealing, the deployment of behaviour based systems has resulted in an imp ractical high rate of false alarms. The vertebrate Immune System is an emergent and appealing me taphor for new ideas on anomaly detection. There are some theories already adopted in particular fields , such as network intrusion detection. In this paper we present a temporal anomaly detection archit ecture based on the Grossman’s Tunable Activation Threshold (TAT) hypothesis. The basic idea is that th e repertoire of immune cells is constantly tuned according to the cells temporal interactions with the envir onment and yet retains responsiveness to an openended set of abnormal events. We describe some preliminary w ork on the development of an anomaly detection algorithm derived from TAT and present the results obta ined thus far with training and testing using some synthetic data-sets.

[1]  Z. Grossman,et al.  Tuning of activation thresholds explains flexibility in the selection and development of T cells in the thymus. , 1996, Proceedings of the National Academy of Sciences of the United States of America.

[2]  Dejan Milutinovic,et al.  Immunological self-tolerance: lessons from mathematical modeling , 2005 .

[3]  Julie Greensmith,et al.  Immune System Approaches to Intrusion Detection - A Review , 2004, ICARIS.

[4]  Jonathan Timmis,et al.  Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[5]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  S. Sell,et al.  How the immune system works. , 1980, Medical times.

[7]  Julie Greensmith,et al.  Dendritic Cells for Anomaly Detection , 2006, 2006 IEEE International Conference on Evolutionary Computation.

[8]  Manuel Eduardo Correia,et al.  TAT-NIDS: An Immune-Based Anomaly Detection Architecture for Network Intrusion Detection , 2008, IWPACBB.

[9]  Z. Grossman,et al.  Adaptive cellular interactions in the immune system: the tunable activation threshold and the significance of subthreshold responses. , 1992, Proceedings of the National Academy of Sciences of the United States of America.

[10]  L. Sompayrac,et al.  Comprar How the Immune System Works | Lauren Sompayrac | 9781405162210 | Blackwell Publishing , 2008 .

[11]  João Pedro Pedroso,et al.  Simple Metaheuristics Using the Simplex Algorithm for Non-linear Programming , 2007, SLS.