Abstract
One of the major challenges for negative selection is to efficiently generate effective detectors. The experiment in the past shows that random generation fails to generate useful detectors within acceptable time duration. In this paper, we propose an antigen feedback mechanism for generating the detectors. For an unmatched antigen, we make a copy of the antigen and treat it the same as a newly randomly generated antibody: it goes through the same maturing process and is subject to elimination due to self matching. If it survives and is then activated by more antigens, it becomes a legitimate detector. Our experiment demonstrates that the antigen feedback mechanism provides an efficient way to generate enough effective detectors within a very short period of time. With the antigen feedback mechanism, we achieved 95.21% detection rate on attack strings, with 4.79% false negative rate, and 99.21% detection rate on normal strings, 0.79% false positive. In this paper, we also introduce Arisytis – Artificial Immune System Tool K it s – a project we are undertaking for not only our own experiment, but also the research communities in the same area to avoid the waste on repeatedly developing similar software. Arisytis is available on the public domain. Finally, we also discuss the effectiveness of the r-continuous bits match and its impact on data presentation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Forrest, S., Hofmeyr, S.A., et al.: A sense of self for Unix processes. In: IEEE Symposium on Security and Privacy, Oakland, CA, USA (1996)
Timmis, J.: Artificial immune systems - today and tomorrow. Natural Computing: an international journal 6(1), 1–18 (2007)
Dasgupta, D.: Advances in artificial immune systems. IEEE Computational Intelligence Magazine 1(4), 40–49 (2006)
Garrett, S.M.: How Do We Evaluate Artificial Immune Systems? Evolutionary Computation 13(2), 145–177 (2005)
Dasgupta, D., Ji, Z., Gonzalez, F.: Artificial immune system (AIS) research in the last five years. In: The 2003 Congress on Evolutionary Computation (CEC 2003). IEEE Press, Los Alamitos (2003)
Hofmeyr, S.A., Forrest, S.: Immunity by Design: An Artificial Immune System. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 1999), Orlando, Florida. Morgan Kaufmann, USA (1999)
Hofmeyr, S.A., Forrest, S.: Architecture for an Artificial Immune System. Evolutionary Computation 8(4), 443–473 (2000)
Hart, E., Timmis, J.: Application Areas of AIS: The Past, The Present and The Future. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627. Springer, Heidelberg (2005)
Forrest, S., Perelson, A.S., et al.: Self-Nonself Discrimination in a Computer. In: Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, Oakland, CA, USA. IEEE Computer Society Press, Los Alamitos (1994)
Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion Detection Using Sequences of System Calls. Journal of Computer Security 6, 151–180 (1998)
Hofmeyr, S.: An Immunology Model of Distributed Detection and Its Application to Computer Security. Department of Computer Science, University of New Mexico, USA (1999)
Castro, L.N.D., Timmis, J.: Artificial Immune Systems: A New Computational Intelligence Approach. Springer, Heidelberg (2002)
Balthrop, J., Forrest, S., Glickman, M.R.: Revisiting LISYS: Parameters and normal behavior. In: Proceedings of the Congress on Evolutionary Computing (CEC-2002) (2002)
Gabrielli, N., Rigodanzo, M.: An Artificial Immune System for Network Intrusion. Detection on a Web Server: First Results. In: Proceedings of the 2nd Italian Workshop on Evolutionary Computation (GSICE 2006) (2006)
Gonzalez, F.A., Dasgupta, D.: Anomaly Detection Using Real-Valued Negative Selection. Genetic Programming and Evolvable Machines 4(4), 383–403 (2003)
Ji, Z., Dasgupta, D.: Revisiting Negative Selection Algorithms. Evolutionary Computation 15(2), 223–251 (2007)
Kim, J., Bentley, P.: An evaluation of negative selection in an artificial immune system for network intrusion detection. In: Proceedings of GECCO 2001 (2001)
ACM. KDD CUP 1999 data. [cited 12 January 2007], http://kdd.ics.uci.edu//databases/kddcup99/kddcup99.html
DARPA. DARPA Intrusion Detection Evaluation Data Sets. 1999 [cited 2006 15 October 2006], http://www.ll.mit.edu/IST/ideval/data/data_index.html
Stolfo, S.J., Fan, W., et al.: Cost-based Modeling and Evaluation for Data Mining With Application to Fraud and Intrusion Detection: Results from the JAM Project. In: Proceedings of 2000 DARPA Information Survivability Conference and Exposition (2000)
Ma, W., Tran, D., Sharma, D.: A Study on the Feature Selection of Network Traffic for Intrusion Detection Purpose. In: The Proceedings of IEEE International Conference on Intelligence and Security Informatics (ISI 2008) (to be published, 2008)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ma, W., Tran, D., Sharma, D. (2008). Negative Selection with Antigen Feedback in Intrusion Detection. In: Bentley, P.J., Lee, D., Jung, S. (eds) Artificial Immune Systems. ICARIS 2008. Lecture Notes in Computer Science, vol 5132. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85072-4_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-85072-4_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85071-7
Online ISBN: 978-3-540-85072-4
eBook Packages: Computer ScienceComputer Science (R0)