Skip to main content
SpringerLink
Log in

Negative Selection with Antigen Feedback in Intrusion Detection

  • Conference paper
Artificial Immune Systems (ICARIS 2008)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5132))

Included in the following conference series:

Abstract

One of the major challenges for negative selection is to efficiently generate effective detectors. The experiment in the past shows that random generation fails to generate useful detectors within acceptable time duration. In this paper, we propose an antigen feedback mechanism for generating the detectors. For an unmatched antigen, we make a copy of the antigen and treat it the same as a newly randomly generated antibody: it goes through the same maturing process and is subject to elimination due to self matching. If it survives and is then activated by more antigens, it becomes a legitimate detector. Our experiment demonstrates that the antigen feedback mechanism provides an efficient way to generate enough effective detectors within a very short period of time. With the antigen feedback mechanism, we achieved 95.21% detection rate on attack strings, with 4.79% false negative rate, and 99.21% detection rate on normal strings, 0.79% false positive. In this paper, we also introduce Arisytis – Artificial Immune System Tool K it s – a project we are undertaking for not only our own experiment, but also the research communities in the same area to avoid the waste on repeatedly developing similar software. Arisytis is available on the public domain. Finally, we also discuss the effectiveness of the r-continuous bits match and its impact on data presentation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Forrest, S., Hofmeyr, S.A., et al.: A sense of self for Unix processes. In: IEEE Symposium on Security and Privacy, Oakland, CA, USA (1996)

    Google Scholar 

  2. Timmis, J.: Artificial immune systems - today and tomorrow. Natural Computing: an international journal 6(1), 1–18 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  3. Dasgupta, D.: Advances in artificial immune systems. IEEE Computational Intelligence Magazine 1(4), 40–49 (2006)

    Google Scholar 

  4. Garrett, S.M.: How Do We Evaluate Artificial Immune Systems? Evolutionary Computation 13(2), 145–177 (2005)

    Article  Google Scholar 

  5. Dasgupta, D., Ji, Z., Gonzalez, F.: Artificial immune system (AIS) research in the last five years. In: The 2003 Congress on Evolutionary Computation (CEC 2003). IEEE Press, Los Alamitos (2003)

    Google Scholar 

  6. Hofmeyr, S.A., Forrest, S.: Immunity by Design: An Artificial Immune System. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 1999), Orlando, Florida. Morgan Kaufmann, USA (1999)

    Google Scholar 

  7. Hofmeyr, S.A., Forrest, S.: Architecture for an Artificial Immune System. Evolutionary Computation 8(4), 443–473 (2000)

    Article  Google Scholar 

  8. Hart, E., Timmis, J.: Application Areas of AIS: The Past, The Present and The Future. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627. Springer, Heidelberg (2005)

    Google Scholar 

  9. Forrest, S., Perelson, A.S., et al.: Self-Nonself Discrimination in a Computer. In: Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, Oakland, CA, USA. IEEE Computer Society Press, Los Alamitos (1994)

    Google Scholar 

  10. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion Detection Using Sequences of System Calls. Journal of Computer Security 6, 151–180 (1998)

    Google Scholar 

  11. Hofmeyr, S.: An Immunology Model of Distributed Detection and Its Application to Computer Security. Department of Computer Science, University of New Mexico, USA (1999)

    Google Scholar 

  12. Castro, L.N.D., Timmis, J.: Artificial Immune Systems: A New Computational Intelligence Approach. Springer, Heidelberg (2002)

    MATH  Google Scholar 

  13. Balthrop, J., Forrest, S., Glickman, M.R.: Revisiting LISYS: Parameters and normal behavior. In: Proceedings of the Congress on Evolutionary Computing (CEC-2002) (2002)

    Google Scholar 

  14. Gabrielli, N., Rigodanzo, M.: An Artificial Immune System for Network Intrusion. Detection on a Web Server: First Results. In: Proceedings of the 2nd Italian Workshop on Evolutionary Computation (GSICE 2006) (2006)

    Google Scholar 

  15. Gonzalez, F.A., Dasgupta, D.: Anomaly Detection Using Real-Valued Negative Selection. Genetic Programming and Evolvable Machines 4(4), 383–403 (2003)

    Article  Google Scholar 

  16. Ji, Z., Dasgupta, D.: Revisiting Negative Selection Algorithms. Evolutionary Computation 15(2), 223–251 (2007)

    Article  Google Scholar 

  17. Kim, J., Bentley, P.: An evaluation of negative selection in an artificial immune system for network intrusion detection. In: Proceedings of GECCO 2001 (2001)

    Google Scholar 

  18. ACM. KDD CUP 1999 data. [cited 12 January 2007], http://kdd.ics.uci.edu//databases/kddcup99/kddcup99.html

  19. DARPA. DARPA Intrusion Detection Evaluation Data Sets. 1999 [cited 2006 15 October 2006], http://www.ll.mit.edu/IST/ideval/data/data_index.html

  20. Stolfo, S.J., Fan, W., et al.: Cost-based Modeling and Evaluation for Data Mining With Application to Fraud and Intrusion Detection: Results from the JAM Project. In: Proceedings of 2000 DARPA Information Survivability Conference and Exposition (2000)

    Google Scholar 

  21. Ma, W., Tran, D., Sharma, D.: A Study on the Feature Selection of Network Traffic for Intrusion Detection Purpose. In: The Proceedings of IEEE International Conference on Intelligence and Security Informatics (ISI 2008) (to be published, 2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Information Sciences and Engineering, University of Canberra, Australia

    Wanli Ma, Dat Tran & Dharmendra Sharma

Authors
  1. Wanli Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dat Tran
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dharmendra Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Peter J. Bentley Doheon Lee Sungwon Jung

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ma, W., Tran, D., Sharma, D. (2008). Negative Selection with Antigen Feedback in Intrusion Detection. In: Bentley, P.J., Lee, D., Jung, S. (eds) Artificial Immune Systems. ICARIS 2008. Lecture Notes in Computer Science, vol 5132. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85072-4_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85072-4_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85071-7

  • Online ISBN: 978-3-540-85072-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation