Artificial Immune System Based Intrusion Detection: Innate Immunity using an Unsupervised Learning Approach

This paper presents an intrusion detection system architecture based on the artificial immune system concept. In this architecture, an innate immune mechanism through unsupervised machine learning methods is proposed to primarily categorize network traffic to “self” and “non-self” as normal and suspicious profiles respectively. Unsupervised machine learning techniques formulate the invisible structure of unlabeled data without any prior knowledge. The novelty of this work is utilization of these methods in order to provide online and real-time training for the adaptive immune system within the artificial immune system. Different methods for unsupervised machine learning are investigated and DBSCAN (density-based spatial clustering of applications with noise) is selected to be utilized in this architecture. The adaptive immune system in our proposed architecture also takes advantage of the distributed structure, which has shown better self-improvement rate compare to centralized mode and provides primary and secondary immune response for unknown anomalies and zero-day attacks. The experimental results of proposed architecture is presented and discussed.

[1]  Morteza Amini,et al.  RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks , 2006, Comput. Secur..

[2]  Sugata Sanyal,et al.  Evolution Induced Secondary Immunity: An Artificial Immune System Based Intrusion Detection System , 2008, 2008 7th Computer Information Systems and Industrial Management Applications.

[3]  Kamalrulnizam Abu Bakar,et al.  Survey on Artificial Immune System as a Bio-inspired Technique for Anomaly Based Intrusion Detection Systems , 2010, 2010 International Conference on Intelligent Networking and Collaborative Systems.

[4]  Leandro Nunes de Castro,et al.  Artificial Immune Systems: A New Computational Approach , 2002 .

[5]  Deborah K. Dunn-Walters,et al.  Immune Responses: Primary and Secondary , 2010 .

[6]  Thomas Stibor,et al.  Foundations of r-contiguous matching in negative selection for anomaly detection , 2009, Natural Computing.

[7]  Zhiguo Zhao,et al.  An artificial immunity-based proactive defense system , 2007, 2007 IEEE International Conference on Robotics and Biomimetics (ROBIO).

[8]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[9]  P. Matzinger,et al.  Essay 1: The Danger Model in Its Historical Context , 2001, Scandinavian journal of immunology.

[10]  Philippe Owezarski,et al.  Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge , 2012, Comput. Commun..

[11]  Alan S. Perelson,et al.  The immune system, adaptation, and machine learning , 1986 .

[12]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[13]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[14]  Feixian Sun,et al.  Research of Immunity-based Anomaly Intrusion Detection and Its Application for Security Evaluation of E-government Affair Systems , 2012 .

[15]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[16]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Sureswaran Ramadass,et al.  Distributed Agent Based Model for Intrusion Detection System Based on Artificial Immune System , 2013 .

[18]  P. Matzinger The Danger Model: A Renewed Sense of Self , 2002, Science.

[19]  Yi Guan,et al.  Multi-word-Agent Autonomy Learning Based on Adaptive Immune Theories , 2013 .

[20]  Jugal K. Kalita,et al.  An effective unsupervised network anomaly detection method , 2012, ICACCI '12.

[21]  Uwe Aickelin,et al.  Danger Theory: The Link between AIS and IDS? , 2003, ICARIS.