Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Evolutionary Intelligence
Published in: Evolutionary Intelligence 3/2014

01-02-2014 | Special Issue

A fast anomaly detection system using probabilistic artificial immune algorithm capable of learning new attacks

Authors: Mahdi Mohammadi, Ahmad Akbari, Bijan Raahemi, Babak Nassersharif, Hassan Asgharian

Published in: Evolutionary Intelligence | Issue 3/2014

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

In this paper, we propose anomaly based intrusion detection algorithms in computer networks using artificial immune systems, capable of learning new attacks. Unique characteristics and observations specific to computer networks are considered in developing faster algorithms while achieving high performance. Although these characteristics play a key role in the proposed algorithms, we believe they have been neglected in the previous related works. We evaluate the proposed algorithms on a number of well-known intrusion detection datasets, as well as two new real datasets extracted from the data networks for intrusion detection. We analyze the detection performance and learning capabilities of the proposed algorithms, in addition to performance criteria such as false alarm rate, detection rate, and response time. The experimental results demonstrate that the proposed algorithms exhibit fast response time, low false alarm rate, and high detection rate. They can also learn new attack patterns, and identify them the next time they are introduced to the network.
next article Improved thresholding based on negative selection algorithm (NSA)

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
Appendix
Available only for authorised users
Literature
1.
Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177:3799–3821CrossRef
2.
Zhou Z, Leckie C, Karunasekera S (2010) A survey of coordinated attacks and collaborative intrusion detection. Comput Security 29:124–140CrossRef
3.
Teodoro P, Verdejo J, Fernandez G, Va′zquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secuity 28:18–28CrossRef
4.
Axelsson S (1999) Research in intrusion detection systems: a survey. Technical Report TR 98-17. Chalmers University of Technology, Goteborg, Sweden
5.
Debar H, Dacier M, Wespi A (2000) A revised taxonomy for intrusion detection systems. Ann Télécommun 55(7–8):361–378
6.
Masri W, Podgurski A (2008) Application-based anomaly intrusion detection with dynamic information flow analysis. Comput Security 27:176–187CrossRef
7.
Twycross J, Aickelin U (2006) Libtissue—implementing innate immunity. In: Aickelin U (ed) Proceedings of the IEEE congress on evolutionary, computation (CEC’06). Vancouver, Canada, pp 16–21
8.
Luther K, Bye R, Alpcan T, Muller A, Albayrak S (2007) A cooperative ais framework for intrusion detection. In: IEEE international conference on communications (ICC’07), Glasgow, Scotland, 4–28 June 2007, pp 1409–1416
9.
Kim J (2003) Integrating artificial immune algorithms for intrusion detection, PhD Thesis, Department of Computer Science, University College London
10.
Kim J, Bentley P (2002) Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection. In: Fogel DB, El-Sharkawi MA, Yao X, Greenwood G, Iba H, Marrow P, Shackleton M (eds) Proceedings of the IEEE congress on evolutionary computation (CEC’02), vol 2, Honolulu, HI, USA, 12–17 May 2002. IEEE Press, pp 1015–1020
11.
Liu F, Qu B, Chen R (2004) Intrusion detection based on immune clonal selection algorithms. In: Webb GI, Yu X (eds) AI 2004: advances in artificial intelligence, volume 3339 of lecture notes in computer science. Springer, Berlin, pp 1226–1232
12.
Xian J, Lang F, Tang X (2005) A novel intrusion detection method based on clonal selection clustering algorithm. In: Proceedings of 2005 international conference on machine learning and cybernetics, vol 6, 18–21 August 2005, pp 3905–3910
13.
Ye N, Emran S, Chen Q, Vilbert S (2002) Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Trans Comput 51(7):810–820CrossRef
14.
Kerkar R, Srinivas S (2009) Knowledge-based systems. Jones & Bartlett Publishers, Sudbury
15.
Burbeck K, Tehrani A (2004) Adwice—anomaly detection with real-time incremental clustering. Inf Security Cryptol 3506:407–424
16.
Borah B, Bhattacharyya D (2008) Catsub: a technique for clustering categorical data based on subspace. J Comput Sci 2:7–20
17.
Khan L, Awad M, Thuraisingham B (2007) A new intrusion detection system using support vector machines and hierarchical clustering. Int J Very Large Data Bases 16:507–552
18.
Gaddam S, Phoha V, Balagani K (2007) K-means + id3: a novel method for supervised anomaly detection by cascading k-means clustering and id3 decision tree learning methods. IEEE Trans Knowl Data Eng 19(3):345–354CrossRef
19.
Holland J (1975) Adaptation in natural and artificial systems. University of Michigan Press, Ann Arbor
20.
Glover F (1977) Heuristic for integer programming using surrogate constraints. Decis Sci 8(1):156–166CrossRef
21.
22.
Mohammadi M, Raahemi R, Akbari A, Nassersharif B, Moeinzadeh H (2011) Improving linear discriminant analysis with artificial immune system-based evolutionary algorithms. Inf Sci 189:219–232CrossRef
23.
Zhao W, Davis W (2011) A modified artificial immune system based pattern recognition approach an application to clinical diagnostics. Artif Intell Med 52(1):1–9CrossRef
24.
Polat K, Güneş S, Tosun S (2006) Diagnosis of heart disease using artificial immune recognition system and fuzzy weighted pre-processing. Pattern Recogn 39(11):2186–2193CrossRef
25.
Zhou J, Dasgupta D (2004) Real-valued negative selection algorithm with variable-sized detectors, LNCS 3102. In: Proceedings of GECCO, pp 287–298
26.
Bolón-Canedo V, Sánchez-Maroño N, Betanzos A (2011) Feature selection and classification in multiple class datasets: an application to KDDCup99 dataset. Expert Syst Appl 38(5):5947–5957CrossRef
27.
28.
Toosi AN, Kahani M (2007) A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Comput Commun 30(10):2201–2212CrossRef
29.
Mahbod T, Ebrahim B, Wei L, Ali AG (2009) A detailed analysis of the KDD CUP 99 data set in proceeding of computational intelligence in security and defense application
30.
McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by Lincoln laboratory. ACM Trans Inf Syst Security 3:262–294CrossRef
31.
Botta A, Dainotti A, Pescapè A (2012) A tool for the generation of realistic network workload for emerging networking scenarios. Comput Netw 56(15):3531–3547CrossRef
32.
Asgharian Z, Asgharian H, Akbari A, Raahemi B (2011) A framework for SIP intrusion detection and response systems. Computer networks and distributed systems (CNDS), pp 100–105
33.
Asgharian Z, Asgharian H, Akbari A, Raahemi B (2012) Detecting denial of service attacks on sip based services and proposing solutions. Intrusion Detect Response Technol Protect Netw 6:145–167
34.
Nassar M, State R, Festor O (2010) Labeled VoIP data-set for intrusion detection evaluation. Conference on Networked services and applications: engineering, control and management (EUNICE’10), pp 97–106
35.
Nassar M, State R, Festor O (2008) Monitoring SIP traffic using support vector machines. In: Proceedings of the 11th international symposium on recent advances in intrusion detection (RAID ‘08), pp 311–330
36.
Nassar M, State R, Festor O (2009) VoIP malware: attack tool & attack scenarios, ICC ‘09. IEEE international conference on communications, pp 1–6
37.
38.
Metadata
Title
A fast anomaly detection system using probabilistic artificial immune algorithm capable of learning new attacks
Authors
Mahdi Mohammadi
Ahmad Akbari
Bijan Raahemi
Babak Nassersharif
Hassan Asgharian
Publication date
01-02-2014
Publisher
Springer Berlin Heidelberg
Published in
Evolutionary Intelligence / Issue 3/2014
Print ISSN: 1864-5909
Electronic ISSN: 1864-5917
DOI
https://doi.org/10.1007/s12065-013-0101-3

Premium Partner

    Image Credits