Dendritic Cells for Anomaly Detection

Artificial immune systems, more specifically the negative selection algorithm, have previously been applied to intrusion detection. The aim of this research is to develop an intrusion detection system based on a novel concept in immunology, the Danger Theory. Dendritic Cells (DCs) are antigen presenting cells and key to the activation of the human immune system. DCs perform the vital role of combining signals from the host tissue and correlate these signals with proteins known as antigens. In algorithmic terms, individual DCs perform multi-sensor data fusion based on time-windows. The whole population of DCs asynchronously correlates the fused signals with a secondary data stream. The behaviour of human DCs is abstracted to form the DC Algorithm (DCA), which is implemented using an immune inspired framework, libtissue. This system is used to detect context switching for a basic machine learning dataset and to detect outgoing portscans in real-time. Experimental results show a significant difference between an outgoing portscan and normal traffic.

[1]  Uwe Aickelin,et al.  libtissue - implementing innate immunity , 2006, 2006 IEEE International Conference on Evolutionary Computation.

[2]  Uwe Aickelin,et al.  Towards a Conceptual Framework for Innate Immunity , 2005, ICARIS.

[3]  Julie Greensmith,et al.  Two Ways to Grow Tissue for Artificial Immune Systems , 2005, ICARIS.

[4]  Julie Greensmith,et al.  Introducing Dendritic Cells as a Novel Immune-Inspired Algorithm for Anomoly Detection , 2005, ICARIS.

[5]  Claudia Eckert,et al.  Is negative selection appropriate for anomaly detection? , 2005, GECCO '05.

[6]  Julie Greensmith,et al.  Immune system approaches to intrusion detection – a review , 2004, Natural Computing.

[7]  Jonathan Timmis,et al.  Artificial Immune Recognition System (AIRS): An Immune-Inspired Supervised Learning Algorithm , 2004, Genetic Programming and Evolvable Machines.

[8]  Tim R Mosmann,et al.  Dendritic cells: the immune information management experts , 2004, Nature Immunology.

[9]  P. Matzinger The Danger Model: A Renewed Sense of Self , 2002, Science.

[10]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of clonal selection with a negative selection operator , 2001, Proceedings of the 2001 Congress on Evolutionary Computation (IEEE Cat. No.01TH8546).

[11]  Salvatore J. Stolfo,et al.  Adaptive Model Generation for Intrusion Detection Systems , 2000 .

[12]  Stephanie Forrest,et al.  An immunological model of distributed detection and its application to computer security , 1999 .

[13]  Catherine Blake,et al.  UCI Repository of machine learning databases , 1998 .

[14]  P. Matzinger Tolerance, danger, and the extended family. , 1994, Annual review of immunology.

[15]  C. Janeway Approaching the asymptote? Evolution and revolution in immunology. , 1989, Cold Spring Harbor symposia on quantitative biology.