The dendritic cell algorithm
暂无分享,去创建一个
Artificial immune systems are a collection of algorithms inspired by the human immune system. Over the past 15 years, extensive research has been performed regarding the application of artificial immune systems to computer security. However, existing immune-inspired techniques have not performed as well as expected when applied to the detection of intruders in computer systems. In this thesis the development of the Dendritic Cell Algorithm is described. This is a novel immune-inspired algorithm based on the function of the dendritic cells of the human immune system. In nature, dendritic cells function as natural anomaly detection agents, instructing the immune system to respond if stress or damage is detected. Dendritic cells are a crucial cell in the detection and combination of ‘signals’ which provide the immune system with a sense of context. The Dendritic Cell Algorithm is based on an abstract model of dendritic cell behaviour, with the abstraction process performed in close collaboration with immunologists. This algorithm consists of components based on the key properties of dendritic cell behaviour, which involves data fusion and correlation components. In this algorithm, four categories of input signal are used. The resultant algorithm is formally described in this thesis and is validated on a standard machine learning dataset. The validation process shows that the Dendritic Cell Algorithm can be applied to static datasets and suggests that the algorithm is suitable for the analysis of time-dependent data. Further analysis and evaluation of the Dendritic Cell Algorithm is performed. This is assessed through the algorithm’s application to the detection of anomalous port scans. The results of this investigation show that the Dendritic Cell Algorithm can be applied to detection problems in real-time. This analysis also shows that detection with this algorithm produces high rates of false positives and high rates of true positives, in addition to being robust against modification to system parameters. The limitations of the Dendritic Cell Algorithm are also evaluated and presented, including loss of sensitivity and the generation of false positives under certain circumstances. It is shown that the Dendritic Cell Algorithm can perform well as an anomaly detection algorithm and can be applied to real-world, realtime data.