Intrusion detection based on the artificial immune system

Danijela D. Protić

doi:10.5937/vojtehg68-27954

Danijela D. Protić Vojska Srbije, Generalštab, Uprava za telekomunikacije i informatiku (J-6), Centar za primenjenu matematiku i elektroniku, Beograd, Republika Srbija http://orcid.org/0000-0003-0827-2863

DOI: https://doi.org/10.5937/vojtehg68-27954

Ključne reči: veštački imuni sistem, detekcija upada

Sažetak

Uvod/cilj: Veštački imuni sistem (VIS) inspirisan je biološkim imunološkim sistemom koji razlikuje sopstvene ćelije od onih koje to nisu. Za VIS je zanimljiv način na koji telo reaguje na patogene i prilagođava se da ostane imuno duži period. To se odnosi na prepoznavanje poznatog napada i način na koji imuni sistem identifikuje sopstvene ćelije na koje ne treba da reaguje, i na otkrivanje anomalije.

Metode: Prikazane su metode negativne i pozitivne selekcije, zatim kloniranje, imune mreže, teorija opasnosti i algoritam dendritičnih ćelija.

Rezultati: Predstavljeni su modeli koji se odnose na VIS i dva principa klasifikacije ‒ jedan zasnovan na detekciji određenog napada, a drugi na detekciji anomalije.

Zaključak: Veštački imuni sistemi koriste se u otkrivanju upada u računarske mreže jer su tačni i brzi. Eksperimenti na različitim skupovima podataka pokazuju da se modeli mogu koristiti u otkrivanju napada ili anomalija. Klasifikatori zasnovani na mašinskom učenju pokazuju bolje rezultate u odluci, što je velika prednost ako vreme obrade nije značajan parametar. Algoritmi dendritičkih ćelija i algoritmi negativnog odabira pokazuju bolje rezultate za detekciju u realnom vremenu.

Reference

Aggarwal, P. & Sharma, S.K. 2015. Analysis of KDD Dataset Attributes –Class Wise for Intrusions Detection. Procedia Computer Science, 57, pp.842-851. Available at: https://doi.org/10.1016/j.procs.2015.07.490.

Aickelin, U. & Cayzer, S. 2002. The Danger Theory and Its Application to Artificial Immune Systems. In: CARIS 2002: 1stInternational Conference on Artificial Immune Systems, University of Kent at Canterbury, UK, pp.141-148, September 9-11. Available at: http://dx.doi.org/10.2139/ssrn.2832054.

Aickelin, U. & Dasgupta, D. 2005. Artificial Immune Systems. In: Burke, E. & Kendal, G. (Eds.) Introductory Tutorials in Optimization, Decision Support and Search Methodology [e-book section] Alphen aan den Rijn: Kluwer. Available at: http://eprints.nottingham.ac.uk/336/1/05intros_ais_tutorial.pdf [Accessed: 10 August 2020].

Al-Dabagh, N.B.I & Ali, I.A. 2011. Design and implementation of artificial immune system for detecting flooding attacks. In: International Conference on High Performance Computing & Simulation (HPCS), Istanbul, pp.381-390, July 4-8. Available at: https://doi.org/10.1109/HPCSim.2011.5999850.

Burges, M. 1998. Computer Immunology. In: Proceedings of the 12th Systems Administration Conference (LISA '98). Boston, MA, USA, pp.283-298, December 6-11 [online]. Avialble at: https://www.usenix.org/legacy/event/lisa98/full_papers/burgess/burgess_html/burgess.html [Accessed: 10 August 2020].

Burnet, F.M. 1959. The clonal selection theory of acquired immunity. Nashville, Tennessee, USA: Vanderbilt University Press. Available at: https://doi.org/10.5962/bhl.title.8281.

De Castro, L.N. & Timmis, J. 2002a. An artificial immune network for multimodal function optimization. In: Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600), Honolulu, HI, USA, pp.669-674, May 12-17. Available at: https://doi.org/10.1109/CEC.2002.1007011.

De Castro, L.N. & Timmis, J. 2002b. Artificial Immune Systems: A New Computational Intelligence Approach. London: Springer-Verlag Publishing. ISBN: 978-1-85233-594-6.

De Castro, L.N. & Von Zuben, F.J. 1999. Artificial Immune Systems: Part I – Basic Theory and Applications. Technical Report TR - DCA 01/99, pp.1-95.

De Castro, L.N. & Von Zuben, F.J. 2001. aiNet: An Artificial Immune Network for Data Analysis. In: Abbas, H.A., Sarker, R.A. & Newton, C. (Eds.) Data Mining: A Heuristic Approach. USA: Idea Group Publishing [online]. Available at: http://www.dca.fee.unicamp.br/~vonzuben/research/lnunes_dout/artigos/DMHA.PDF [Accessed: 10 August 2020].

De Castro, L.N. & Von Zuben, F.J. 2002. Learning and optimization using the clonal selection principle. IEEE Transactions on Evolutionary Computation, 6(3), pp.239-251. Available at: https://doi.org/10.1109/TEVC.2002.1011539.

Elberfeld, M. & Textor, J. 2011. Negative selection algorithms on strings with efficient training and linear-time classification. Theoretical Computer Science, 412(6), pp.534-542. Available at: https://doi.org/10.1016/j.tcs.2010.09.022.

Forrest, S., Perelson, A.S., Allen, L. & Cherukuri, R. 1994. Self-nonself discrimination in a computer. In: Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, pp.202-212, May 16-18. Available at: https://doi.org/10.1109/RISP.1994.296580.

Haag, C.R., Lamont, G.B., Williams, P.D. & Peterson, G.L. 2007. An artificial immune system-inspired multiobjective evolutionary algorithm with application to the detection of distributed computer network intrusions. In: GECCO '07: Proceedings of the 9th annual conference companion on Genetic and evolutionary computation, London, UK, pp.2717-2724, July. Available at: https://doi.org/10.1145/1274000.1274035.

Hechenbichler, K. & Schilep, K. 2004. Weighted k-Nearest Neighbor Techniques and Ordinal Classification. Sonderforschungsbereich 386, Paper 399, pp.1-16 [online]. Available at: https://epub.ub.uni-muenchen.de/1769/1/paper_399.pdf [Accessed: 10 August 2020].

Jerne, N.K. 1974. Towards a Network Theory of Immune System. Ann Immunol (Paris), 125C(1-2), pp.373-389. PMID: 4142565.

Ji, Z. & Dasgupta, D. 2007. Revisiting Negative Selection Algorithms. Evolutionary Computation, 15(2), pp.223-251. Available at: https://doi.org/10.1162/evco.2007.15.2.223.

Matzinger, P. 1994. Tolerance, danger, and the extended family. Annual Review of Immunology, 12, pp.991-1045. Available at: https://doi.org/10.1146/annurev.iy.12.040194.005015.

Murad, A.R. & Mohd. Aizani, M. 2012. Artificial Immune network Clustering Approach for Anomaly Intrusion Detection. Journal of Advances in Information Technology, 3(3), pp.147-154. Available at: https://doi.org/10.4304/jait.3.3.147-154.

Protić, D.D. 2018. Review of KDD CUP ’99, NSL-KDD and KYOTO 2006+ Datasets. Vojnotehnički glasnik/Military Technical Courier, 66(3), pp.580-596. Available at: https://doi.org/10.5937/vojtehg66-16670.

Protić, D.D. 2020. Influence of preprocessing on anomaly-based intrusion detection. Vojnotehnički glasnik/Military Technical Courier, 68(3), pp.598-611. Available at: https://doi.org/10.5937/vojtehg68-27319.

Protić, D. & Stanković, M. 2018. Anomaly-Based Intrusion Detection: Feature Selection and Normalization Influence to the Machine Learning Models Accuracy. European Journal of Formal Sciences and Engineering, 2(3), pp.101-106. Available at: http://dx.doi.org/10.26417/ejef.v2i3.p101-106.

Sebastiani, F. 2002. Machine learning in automated text categorization. ACM Computing Surveys, 34(1), pp.1-47. Available at: https://doi.org/10.1145/505282.505283.

Shen, J. 2012. Network intrusion detection by artificial immune system. MA thesis. Melbourne, Australia: RMIT University - School of Engineering [online]. Available at: https://researchrepository.rmit.edu.au/discovery/fulldisplay?docid=alma9921863885901341&context=L&vid=61RMIT_INST:ResearchRepository&lang=en&search_scope=Research&adaptor=Local%20Search%20Engine&tab=Research&query=any,contains,Shen,%20J.%202012.%20Network%20Intrusion%20Detection%20By%20Artificial%20Immune%20System.&offset=0 [Accessed: 10 August 2020].

Sri Lakshmi, K. 2014. Implementation of Artificial Immune System Algorithms. International Journal of Application or Innovation in Engineering and Management (IJAIEM), 3(6), pp.367-372. Available at: https://www.ijaiem.org/Volume3Issue6/IJAIEM-2014-07-01-90.pdf.

Tavallaee, M., Bagheri, E., Lu, W. & Ghorbani, A.A. 2009. A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, July 8-10. Available at: https://doi.org/10.1109/CISDA.2009.5356528.

Timmis, J., Hone A., Stibor, T. & Clark, E. 2008. Theoretical advances in artificial immune systems. Theoretical Computer Science, 403(1), pp.11-32. Available at: https://doi.org/10.1016/j.tcs.2008.02.011.

Timmis, J. & Neal, M. 2001. A resource limited artificial immune system for data analysis. Knowledge-Based Systems, 14(3-4), pp.121-130. Available at: https://doi.org/10.1016/S0950-7051(01)00088-0.

Wang, D., He, L., Xue, Y. & Dong, Y. 2012. Exploiting Artificial Immune systems to detect unknown DoS attacks in real-time. In: 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems, Hangzhou, China, pp.646-650, October 30 - November 1. Available at: https://doi.org/10.1109/CCIS.2012.6664254.

Detekcija napada zasnovana na veštačkom imunom sistemu

Sažetak

Reference

Vojnotehnički glasnik omogućava otvoreni pristup i, u skladu sa preporukom CEON-a, primenjuje Creative Commons odredbe o autorskim pravima:

Autori koji objavljuju u Vojnotehničkom glasniku pristaju na sledeće uslove: