Artificial Immune Systems in Intrusion Detection

The biological immune system (BIS) is a complex network of specialized tissues, organs, cells, and chemicals. Its main function is to recognize the presence of strange elements in the body and respond to eliminate or neutralize the foreign invaders. All living organisms are exposed to many different microorganisms and viruses that are capable of causing illness. These microorganisms are called pathogens. In general, organisms try to protect against pathogens using different mechanisms including high temperature, low pH, and chemicals that repel or kill the invaders. More advanced organisms (vertebrates) have developed an efficient defense mechanism called the immune system [26]. Substances that can stimulate specific responses of the immune system are commonly referred to as antigens (pathogens usually act as antigens). To be effective, the immune system must respond only to foreign antigens; therefore, it should be able to distinguish between the self (cells, proteins, and in general, any molecule that belongs to or is produced by the body) and the nonself (antigens) [7]. The self/nonself discrimination is an essential characteristic of the immune system because the outcome of an inappropriate response to self-molecules can be fatal.

[1]  Eamonn J. Keogh,et al.  Finding surprising patterns in a time series database in linear time and space , 2002, KDD.

[2]  Peter E. Hart,et al.  Nearest neighbor pattern classification , 1967, IEEE Trans. Inf. Theory.

[3]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[4]  Jerne Nk Towards a network theory of the immune system. , 1974 .

[5]  C. Janeway Immunobiology: The Immune System in Health and Disease , 1996 .

[6]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Catherine Blake,et al.  UCI Repository of machine learning databases , 1998 .

[8]  P. Marrack,et al.  T cell tolerance by clonal elimination in the thymus , 1987, Cell.

[9]  N. K. Jerne,et al.  Clonal selection in a lymphocyte network. , 1974, Society of General Physiologists series.

[10]  Dipankar Dasgupta,et al.  Tool Breakage Detection in Milling Operations using a Negative-Selection Algorithm , 1995 .

[11]  L. Segel,et al.  Design Principles for the Immune System and Other Distributed Autonomous Systems , 2001 .

[12]  Ron Kohavi,et al.  The Case against Accuracy Estimation for Comparing Induction Algorithms , 1998, ICML.

[13]  Peter J. Bentley,et al.  An evaluation of negative selection in an artificial immune system for network intrusion detection , 2001 .

[14]  Stephanie Forrest,et al.  Coverage and Generalization in an Artificial Immune System , 2002, GECCO.

[15]  Jon Louis Bentley,et al.  An Algorithm for Finding Best Matches in Logarithmic Expected Time , 1976, TOMS.

[16]  Stephanie Forrest,et al.  Revisiting LISYS: parameters and normal behavior , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[17]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[18]  Dipankar Dasgupta An Overview of Artificial Immune Systems and Their Applications , 1993 .

[19]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[20]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[21]  A Coutinho,et al.  The self-nonself discrimination and the nature and acquisition of the antibody repertoire. , 1980, Annales d'immunologie.

[22]  Dipankar Dasgupta Immunity-Based Intrusion Detection System: A General Framework , 1999 .

[23]  Stephanie Forrest,et al.  Detector coverage under the r-contiguous bits matching rule , 2002 .

[24]  Dipankar Dasgupta,et al.  Novelty detection in time series data using ideas from immunology , 1996 .

[25]  Andrew M. Tyrrell Computer Know Thy Self!: A Biological Way to Look at Fault-Tolerance , 1999, EUROMICRO.

[26]  Rogério de Lemos,et al.  Negative Selection: How to Generate Detectors , 2002 .

[27]  Jon Louis Bentley,et al.  K-d trees for semidynamic point sets , 1990, SCG '90.

[28]  Paul Helman,et al.  An immunological approach to change detection: algorithms, analysis and implications , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[29]  Jon Louis Bentley,et al.  Multidimensional binary search trees used for associative searching , 1975, CACM.

[30]  Sunil Arya,et al.  ANN: library for approximate nearest neighbor searching , 1998 .

[31]  Eugene H. Spafford,et al.  Applying Genetic Programming to Intrusion Detection , 1995 .

[32]  J. Bell,et al.  The human T cell receptor in health and disease. , 1992, Annual review of immunology.

[33]  N K Jerne,et al.  Towards a network theory of the immune system. , 1973, Annales d'immunologie.

[34]  Ralph R. Martin,et al.  A Sequential Niche Technique for Multimodal Function Optimization , 1993, Evolutionary Computation.

[35]  Fabio A. González,et al.  An immuno-fuzzy approach to anomaly detection , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[36]  C. Janeway How the immune system recognizes invaders. , 1993, Scientific American.

[37]  D. Dasgupta,et al.  Evolving complex fuzzy classifier rules using a linear tree genetic representation , 2001 .

[38]  P. Helman,et al.  A formal framework for positive and negative detection schemes , 2004, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[39]  T. Kepler,et al.  Somatic hypermutation in B cells: an optimal control treatment. , 1993, Journal of theoretical biology.