Intrusion detection based on the artificial immune system
Abstract
Introduction/purpose: The artificial immune system is a computational model inspired by the biological or human immune system. Of particular interest in artificial immune systems is the way the human body reacts to new pathogens and adapts to remain immune for a long period after a disease has been combated, which refers to the recognition of known malicious attacks and the way the immune system identifies self-cells not to be reacted to, which refers to the anomaly detection.
Methods: Negative selection, positive selection, clonal selection, immune networks, danger theory, and dendritic cell algorithm are presented.
Results: A variety of algorithms and models related to artificial immune systems and two classification principles are presented; one based on the detection of a particular attack and the other based on anomaly detection.
Conclusion: Artificial immune systems are often used in intrusion detection since they are accurate and fast. Experiments show that the models can be used in both known attack and anomaly detection. Eager machine learning classifiers show better results in the decision, which is an advantage if runtime is not a significant parameter. Dendritic cell and negative selection algorithms show better results for real-time detection.
References
Aggarwal, P. & Sharma, S.K. 2015. Analysis of KDD Dataset Attributes –Class Wise for Intrusions Detection. Procedia Computer Science, 57, pp.842-851. Available at: https://doi.org/10.1016/j.procs.2015.07.490.
Aickelin, U. & Cayzer, S. 2002. The Danger Theory and Its Application to Artificial Immune Systems. In: CARIS 2002: 1stInternational Conference on Artificial Immune Systems, University of Kent at Canterbury, UK, pp.141-148, September 9-11. Available at: http://dx.doi.org/10.2139/ssrn.2832054.
Aickelin, U. & Dasgupta, D. 2005. Artificial Immune Systems. In: Burke, E. & Kendal, G. (Eds.) Introductory Tutorials in Optimization, Decision Support and Search Methodology [e-book section] Alphen aan den Rijn: Kluwer. Available at: http://eprints.nottingham.ac.uk/336/1/05intros_ais_tutorial.pdf [Accessed: 10 August 2020].
Al-Dabagh, N.B.I & Ali, I.A. 2011. Design and implementation of artificial immune system for detecting flooding attacks. In: International Conference on High Performance Computing & Simulation (HPCS), Istanbul, pp.381-390, July 4-8. Available at: https://doi.org/10.1109/HPCSim.2011.5999850.
Burges, M. 1998. Computer Immunology. In: Proceedings of the 12th Systems Administration Conference (LISA '98). Boston, MA, USA, pp.283-298, December 6-11 [online]. Avialble at: https://www.usenix.org/legacy/event/lisa98/full_papers/burgess/burgess_html/burgess.html [Accessed: 10 August 2020].
Burnet, F.M. 1959. The clonal selection theory of acquired immunity. Nashville, Tennessee, USA: Vanderbilt University Press. Available at: https://doi.org/10.5962/bhl.title.8281.
De Castro, L.N. & Timmis, J. 2002a. An artificial immune network for multimodal function optimization. In: Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600), Honolulu, HI, USA, pp.669-674, May 12-17. Available at: https://doi.org/10.1109/CEC.2002.1007011.
De Castro, L.N. & Timmis, J. 2002b. Artificial Immune Systems: A New Computational Intelligence Approach. London: Springer-Verlag Publishing. ISBN: 978-1-85233-594-6.
De Castro, L.N. & Von Zuben, F.J. 1999. Artificial Immune Systems: Part I – Basic Theory and Applications. Technical Report TR - DCA 01/99, pp.1-95.
De Castro, L.N. & Von Zuben, F.J. 2001. aiNet: An Artificial Immune Network for Data Analysis. In: Abbas, H.A., Sarker, R.A. & Newton, C. (Eds.) Data Mining: A Heuristic Approach. USA: Idea Group Publishing [online]. Available at: http://www.dca.fee.unicamp.br/~vonzuben/research/lnunes_dout/artigos/DMHA.PDF [Accessed: 10 August 2020].
De Castro, L.N. & Von Zuben, F.J. 2002. Learning and optimization using the clonal selection principle. IEEE Transactions on Evolutionary Computation, 6(3), pp.239-251. Available at: https://doi.org/10.1109/TEVC.2002.1011539.
Elberfeld, M. & Textor, J. 2011. Negative selection algorithms on strings with efficient training and linear-time classification. Theoretical Computer Science, 412(6), pp.534-542. Available at: https://doi.org/10.1016/j.tcs.2010.09.022.
Forrest, S., Perelson, A.S., Allen, L. & Cherukuri, R. 1994. Self-nonself discrimination in a computer. In: Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, pp.202-212, May 16-18. Available at: https://doi.org/10.1109/RISP.1994.296580.
Haag, C.R., Lamont, G.B., Williams, P.D. & Peterson, G.L. 2007. An artificial immune system-inspired multiobjective evolutionary algorithm with application to the detection of distributed computer network intrusions. In: GECCO '07: Proceedings of the 9th annual conference companion on Genetic and evolutionary computation, London, UK, pp.2717-2724, July. Available at: https://doi.org/10.1145/1274000.1274035.
Hechenbichler, K. & Schilep, K. 2004. Weighted k-Nearest Neighbor Techniques and Ordinal Classification. Sonderforschungsbereich 386, Paper 399, pp.1-16 [online]. Available at: https://epub.ub.uni-muenchen.de/1769/1/paper_399.pdf [Accessed: 10 August 2020].
Jerne, N.K. 1974. Towards a Network Theory of Immune System. Ann Immunol (Paris), 125C(1-2), pp.373-389. PMID: 4142565.
Ji, Z. & Dasgupta, D. 2007. Revisiting Negative Selection Algorithms. Evolutionary Computation, 15(2), pp.223-251. Available at: https://doi.org/10.1162/evco.2007.15.2.223.
Matzinger, P. 1994. Tolerance, danger, and the extended family. Annual Review of Immunology, 12, pp.991-1045. Available at: https://doi.org/10.1146/annurev.iy.12.040194.005015.
Murad, A.R. & Mohd. Aizani, M. 2012. Artificial Immune network Clustering Approach for Anomaly Intrusion Detection. Journal of Advances in Information Technology, 3(3), pp.147-154. Available at: https://doi.org/10.4304/jait.3.3.147-154.
Protić, D.D. 2018. Review of KDD CUP ’99, NSL-KDD and KYOTO 2006+ Datasets. Vojnotehnički glasnik/Military Technical Courier, 66(3), pp.580-596. Available at: https://doi.org/10.5937/vojtehg66-16670.
Protić, D.D. 2020. Influence of preprocessing on anomaly-based intrusion detection. Vojnotehnički glasnik/Military Technical Courier, 68(3), pp.598-611. Available at: https://doi.org/10.5937/vojtehg68-27319.
Protić, D. & Stanković, M. 2018. Anomaly-Based Intrusion Detection: Feature Selection and Normalization Influence to the Machine Learning Models Accuracy. European Journal of Formal Sciences and Engineering, 2(3), pp.101-106. Available at: http://dx.doi.org/10.26417/ejef.v2i3.p101-106.
Sebastiani, F. 2002. Machine learning in automated text categorization. ACM Computing Surveys, 34(1), pp.1-47. Available at: https://doi.org/10.1145/505282.505283.
Shen, J. 2012. Network intrusion detection by artificial immune system. MA thesis. Melbourne, Australia: RMIT University - School of Engineering [online]. Available at: https://researchrepository.rmit.edu.au/discovery/fulldisplay?docid=alma9921863885901341&context=L&vid=61RMIT_INST:ResearchRepository&lang=en&search_scope=Research&adaptor=Local%20Search%20Engine&tab=Research&query=any,contains,Shen,%20J.%202012.%20Network%20Intrusion%20Detection%20By%20Artificial%20Immune%20System.&offset=0 [Accessed: 10 August 2020].
Sri Lakshmi, K. 2014. Implementation of Artificial Immune System Algorithms. International Journal of Application or Innovation in Engineering and Management (IJAIEM), 3(6), pp.367-372. Available at: https://www.ijaiem.org/Volume3Issue6/IJAIEM-2014-07-01-90.pdf.
Tavallaee, M., Bagheri, E., Lu, W. & Ghorbani, A.A. 2009. A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, July 8-10. Available at: https://doi.org/10.1109/CISDA.2009.5356528.
Timmis, J., Hone A., Stibor, T. & Clark, E. 2008. Theoretical advances in artificial immune systems. Theoretical Computer Science, 403(1), pp.11-32. Available at: https://doi.org/10.1016/j.tcs.2008.02.011.
Timmis, J. & Neal, M. 2001. A resource limited artificial immune system for data analysis. Knowledge-Based Systems, 14(3-4), pp.121-130. Available at: https://doi.org/10.1016/S0950-7051(01)00088-0.
Wang, D., He, L., Xue, Y. & Dong, Y. 2012. Exploiting Artificial Immune systems to detect unknown DoS attacks in real-time. In: 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems, Hangzhou, China, pp.646-650, October 30 - November 1. Available at: https://doi.org/10.1109/CCIS.2012.6664254.
Proposed Creative Commons Copyright Notices
Proposed Policy for Military Technical Courier (Journals That Offer Open Access)
Authors who publish with this journal agree to the following terms:
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).