An Artificial Bioindicator System for Network Intrusion Detection

An artificial bioindicator system is developed in order to solve a network intrusion detection problem. The system, inspired by an ecological approach to biological immune systems, evolves a population of agents that learn to survive in their environment. An adaptation process allows the transformation of the agent population into a bioindicator that is capable of reacting to system anomalies. Two characteristics stand out in our proposal. On the one hand, it is able to discover new, previously unseen attacks, and on the other hand, contrary to most of the existing systems for network intrusion detection, it does not need any previous training. We experimentally compare our proposal with three state-of-the-art algorithms and show that it outperforms the competing approaches on widely used benchmark data.

[1]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[3]  John R. Koza,et al.  Genetic programming - on the programming of computers by means of natural selection , 1993, Complex adaptive systems.

[4]  Francisco Varela Hugues Bersini Self-Assertion versus Self-Recognition : A Tribute to Francisco Varela , 2002 .

[5]  Michal Wozniak,et al.  Active learning approach to concept drift problem , 2012, Log. J. IGPL.

[6]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[7]  Leandro Nunes de Castro,et al.  The Clonal Selection Algorithm with Engineering Applications 1 , 2000 .

[8]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[9]  Simon Haykin,et al.  Neural Networks and Learning Machines , 2010 .

[10]  Gary R. Carvalho,et al.  Loss of microsatellite diversity and low effective population size in an overexploited population of New Zealand snapper (Pagrus auratus) , 2002, Proceedings of the National Academy of Sciences of the United States of America.

[11]  Zbigniew Kotulski,et al.  Analysis of different architectures of neural networks for application in Intrusion Detection Systems , 2008, 2008 International Multiconference on Computer Science and Information Technology.

[12]  Hugues Bersini,et al.  Hints for Adaptive Problem Solving Gleaned from Immune Networks , 1990, PPSN.

[13]  Elizabeth Sklar,et al.  NetLogo, a Multi-agent Simulation Environment , 2007, Artificial Life.

[14]  Carlos García Garino,et al.  Automatic network intrusion detection: Current techniques and open issues , 2012, Comput. Electr. Eng..

[15]  Dawn M. Cappelli,et al.  Combating the Insider Cyber Threat , 2008, IEEE Security & Privacy.

[16]  Ivan Saika-Voivod,et al.  Evaluating the impact of population bottlenecks in experimental evolution. , 2002, Genetics.

[17]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[18]  H. Abbass,et al.  aiNet : An Artificial Immune Network for Data Analysis , 2022 .

[19]  Alan S. Perelson,et al.  The immune system, adaptation, and machine learning , 1986 .

[20]  Julie Greensmith,et al.  Detecting Danger: Applying a Novel Immunological Concept to Intrusion Detection Systems , 2010, ArXiv.

[21]  André Zúquete,et al.  A Negative Selection Approach to Intrusion Detection , 2012, ICARIS.

[22]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[23]  D. Jeffrey,et al.  Bioindicators and environmental management , 1991 .

[24]  Charles R. Johnson,et al.  Matrix analysis , 1985, Statistical Inference for Engineers and Data Scientists.

[25]  Zhou Ji,et al.  Revisiting Negative Selection Algorithms , 2007, Evolutionary Computation.

[26]  Hideaki Suzuki,et al.  Several Necessary Conditions for the Evolution of Complex Forms of Life in an Artificial Environment , 2003, Artificial Life.

[27]  F. Azuaje Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[28]  Sung-Bae Cho,et al.  Incorporating soft computing techniques into a probabilistic intrusion detection system , 2002, IEEE Trans. Syst. Man Cybern. Part C.

[29]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of clonal selection with a negative selection operator , 2001, Proceedings of the 2001 Congress on Evolutionary Computation (IEEE Cat. No.01TH8546).

[30]  Osama S. Faragallah,et al.  Divided two-part adaptive intrusion detection system , 2012, Wireless Networks.

[31]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[32]  Saeed Bagheri Shouraki,et al.  An artificial immune system with partially specified antibodies , 2007, GECCO '07.

[33]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[34]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[35]  Julie Greensmith,et al.  Immune System Approaches to Intrusion Detection - A Review , 2004, ICARIS.

[36]  V. Rao Vemuri,et al.  Use of K-Nearest Neighbor classifier for intrusion detection , 2002, Comput. Secur..

[37]  Georgios Kambourakis,et al.  Swarm intelligence in intrusion detection: A survey , 2011, Comput. Secur..

[38]  Zied Elouedi,et al.  Naive Bayes vs decision trees in intrusion detection systems , 2004, SAC '04.

[39]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[40]  Vir V. Phoha,et al.  Dynamical System Theory for the Detection of Anomalous Behavior in Computer Programs , 2012, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[41]  F J Varela,et al.  Self and non-sense: an organism-centered approach to immunology. , 1978, Medical hypotheses.

[42]  P. Matzinger The Danger Model: A Renewed Sense of Self , 2002, Science.

[43]  F. Wilcoxon Individual Comparisons by Ranking Methods , 1945 .

[44]  Alexander O. Tarakanov,et al.  Signal Processing by an Immune Type Tree Transform , 2003, ICARIS.

[45]  Jonathan Timmis,et al.  Artificial immune systems - a new computational intelligence paradigm , 2002 .

[46]  Carlos García Garino,et al.  An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection , 2012, Expert Syst. Appl..

[47]  Wei Lu,et al.  Detecting New Forms of Network Intrusion Using Genetic Programming , 2004, Comput. Intell..

[48]  J. Halley Ecology, evolution and 1 f -noise. , 1996, Trends in ecology & evolution.

[49]  Juan E. Tapiador,et al.  Anomaly detection methods in wired networks: a survey and taxonomy , 2004, Comput. Commun..

[50]  Yuval Shahar,et al.  Using artificial neural networks to detect unknown computer worms , 2009, Neural Computing and Applications.

[51]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[52]  A.O. Tarakanov,et al.  Immunocomputing for intelligent intrusion detection , 2008, IEEE Computational Intelligence Magazine.

[53]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[54]  Giuseppe Nicosia,et al.  An Advanced Clonal Selection Algorithm with Ad-Hoc Network-Based Hypermutation Operators for Synthesis of Topology and Sizing of Analog Electrical Circuits , 2008, ICARIS.

[55]  D. Lambert,et al.  Serial population bottlenecks and genetic variation: Translocated populations of the New Zealand Saddleback (Philesturnus carunculatus rufusater) , 2004, Conservation Genetics.

[56]  Sam Kwong,et al.  Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection , 2007, Pattern Recognition.

[57]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[58]  Adetunmbi A. Olusola,et al.  Analysis of KDD '99 Intrusion Detection Dataset for Selection of Relevance Features , 2010 .

[59]  Qiang Chen,et al.  Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection , 2002, IEEE Trans. Computers.

[60]  Jeffrey O. Kephart,et al.  A biologically inspired immune system for computers , 1994 .