A Negative Selection Approach to Intrusion Detection

An negative selection algorithm is presented for intrusion detection tasks for systems with arbitrary diversity. This algorithm uses two types of agents, detectors and presenters. Presenters present information to detectors; detectors are selected to engage in a maximally frustrated dynamics when presenters present data from a reference state. We show that if presenters present information that has never been available during the selection stage, then presenters engage in a less frustrated dynamics and their abnormal presentation can be detected. The performance of our algorithm is independent of the dimension of the space, i.e., the length of information presented by presenters, and hence does not suffer from the dimensionality curse accompanying current methods.

[1]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Chris Aldrich,et al.  Detecting change in dynamic process systems with immunocomputing , 2007 .

[3]  Shu-Ching Chen,et al.  A Distributed Agent-Based Approach to Intrusion Detection Using the Lightweight PCC Anomaly Detection Classifier , 2006, SUTC.

[4]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[5]  Fuqiang Wang,et al.  Embedded Fingerprint Identification System Based on DSP Chip , 2011, CSISE.

[6]  Jonathan Timmis,et al.  Theoretical advances in artificial immune systems , 2008, Theor. Comput. Sci..

[7]  Dipankar Dasgupta,et al.  Immunological Computation: Theory and Applications , 2008 .

[8]  Julie Greensmith,et al.  Information fusion for anomaly detection with the dendritic cell algorithm , 2010, Inf. Fusion.

[9]  Claudia Eckert,et al.  On the Use of Hyperspheres in Artificial Immune Systems as Antibody Recognition Regions , 2006, ICARIS.

[10]  Michal Bereta,et al.  Immune K-means and negative selection algorithms for data analysis , 2009, Inf. Sci..

[11]  T. McKeithan,et al.  Kinetic proofreading in T-cell receptor signal transduction. , 1995, Proceedings of the National Academy of Sciences of the United States of America.

[12]  Zhou Ji,et al.  Revisiting Negative Selection Algorithms , 2007, Evolutionary Computation.

[13]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[14]  André Machado Lindo,et al.  Tunable kinetic proofreading in a model with molecular frustration , 2011, Theory in Biosciences.

[15]  F. V. de Abreu,et al.  Maximal frustration as an immunological principle , 2009, Journal of The Royal Society Interface.

[16]  Fernão Vístulo de Abreu,et al.  Cellular Frustration: A New Conceptual Framework for Understanding Cell-Mediated Immune Responses , 2006, ICARIS.

[17]  Dawei Wang,et al.  Anomaly Detection Using Neighborhood Negative Selection , 2011, Intell. Autom. Soft Comput..

[18]  Peter J. Bentley,et al.  Negative selection within an artificial immune system for network intrusion detection , 2000 .

[19]  Julie Greensmith,et al.  Immune system approaches to intrusion detection – a review , 2004, Natural Computing.

[20]  A. Abbas,et al.  Basic Immunology : Functions and Disorders of the Immune System , 2001 .