nach oben

Evolutionary Intelligence

Erschienen in:

01.06.2008 | Research Paper

The DCA: SOMe comparison

A comparative study between two biologically inspired algorithms

verfasst von: Julie Greensmith, Jan Feyereisl, Uwe Aickelin

Erschienen in: Evolutionary Intelligence | Ausgabe 2/2008

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The dendritic cell algorithm (DCA) is an immune-inspired algorithm, developed for the purpose of anomaly detection. The algorithm performs multi-sensor data fusion and correlation which results in a ‘context aware’ detection system. Previous applications of the DCA have included the detection of potentially malicious port scanning activity, where it has produced high rates of true positives and low rates of false positives. In this work we aim to compare the performance of the DCA and of a self-organizing map (SOM) when applied to the detection of SYN port scans, through experimental analysis. A SOM is an ideal candidate for comparison as it shares similarities with the DCA in terms of the data fusion method employed. It is shown that the results of the two systems are comparable, and both produce false positives for the same processes. This shows that the DCA can produce anomaly detection results to the same standard as an established technique.

Vorheriger Artikel Special issue on artificial immune systems

Nächster Artikel Improving the reliability of real-time embedded systems using innate immune techniques

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Aickelin U, Bentley P, Cayzer S, Kim J, McLeod J (2003) Danger theory: the link between AIS and IDS. In: Proceedings of the 2nd international conference on artificial immune systems (ICARIS), LNCS 2787, pp 147–155. Springer, Heidelberg

Albayrak S, Scheel C, Milosevic D, Muller A (2005) Combining self-organizing map algorithms for robust and scalable intrusion detection. In: International conference on computational intelligence for modelling, control and automation and international conference on intelligent agents, Web technologies and Internet commerce, vol 2

Amini M, Jalili R, Shahriari HR (2006) RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks. Comput Secur 25(6):459–468CrossRef

Bailey-Lee C, Roedel C, Silenok E (2003) Detection and characterization of port scan attacks. Technical report, University of California San Diego (UCSD)

Balthrop J, Esponda F, Forrest S, Glickman M (2002) Coverage and generaliszation in an artificial immune system. In: Proceedings of the genetic and evolutionary computation conference (GECCO), pp 3–10

Bejtlich R (2005) Extrusion detection: security monitoring for internal intrusions. Addison-Wesley, Reading

Bentley P, Greensmith J, Ujjin S (2005) Two ways to grow tissue for artificial immune systems. In: Proceedings of the 4th international conference on artificial immune systems (ICARIS), LNCS 3627. Springer, Heidelberg, pp 139–152

Bivens A, Palagiri C, Smith R, Szymanski B, Embrechts M (2002) Network-based intrusion detection using neural networks. Intell Eng Syst Artif Neural Netw 12(1):579–584

Bolzoni D, Etalle S, Hartel P, Zambon E (2006) Poseidon: a 2-tier anomaly-based network intrusion detection system. In: Fourth IEEE international workshop on information assurance (IWIA’06), vol 0, pp 144–156. IEEE Computer Society, Los Alamitos

10.

Sung-Bae Cho (2002) Incorporating soft computing techniques into a probabilitistic intrusion detection system. IEEE Trans Syst Man Cybern 32(2):154–160CrossRef

11.

Choy J, Cho SB (2001) Anomaly detection of computer usage using artificial intelligence techniques. Adv Artif Intell PRICAI 2000 2112:31–43CrossRef

12.

Coico R, Sunshine G, Benjamini E (2003) Immunology: a short course. Wiley-Liss, New York

13.

Cross S, Harrison R, Kennedy R (1995) Introduction to neural networks. Lancet 346(8982):1075–1079CrossRef

14.

de Castro L, Timmis J (2002) Artificial immune systems: a new computational approach. Springer, LondonMATH

15.

DeLooze L (2006) Attack characterization and intrusion detection using an ensemble of self-organizing maps. In: International joint conference on neural networks (IJCNN’06), pp 2121–2128

16.

Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Exp Syst Appl 29(4):713–722CrossRef

17.

Dostoevsky F nmap. http://www.insecure.org, last accessed, 5/10/07

18.

Forrest S, Perelson A, Allen L, Cherukuri R (1994) Self-nonself discrimination in a computer. In: Proceedings of the IEEE symposium on security and privacy. IEEE Computer Society, pp 202–209

19.

Fox KL, Henning RR, Reed JH, Simonian R (1990) A neural network approach towards intrusion detection. In: Proceedings of the 13th national computer security conference, vol 10

20.

Gollmann D (1999) Computer security. Wiley, Inc., New York

21.

Gonzalez F, Dasgupta D (2002) Neuro-immune and self-organizing map approaches to anomaly detection: a comparison. In: Proceedings of the 1st international conference on artificial immune systems, pp 203–211

22.

Gonzalez F, Dasgupta D (2003) Anomaly detection using real-valued negative selection. J Genet Program Evol Machines 4:383–403CrossRef

23.

González FA, Galeano JC, Rojas DA, Veloza-Suan A (2005) Discriminating and visualizing anomalies using negative selection and self-organizing maps. In: Proceedings of the 2005 conference on genetic and evolutionary computation. ACM Press, New York, pp 297–304

24.

Greensmith J (2007) The Dendritic cell algorithm. PhD Thesis, School of Computer Science, University Of Nottingham

25.

Greensmith J, Aickelin U (2007) Dendritic cells for syn scan detection. In: Proceedings of the genetic and evolutionary computation conference (GECCO 2007), pp 49–56

26.

Greensmith J, Aickelin U, Cayzer S (2005) Introducing dendritic Cells as a novel immune-inspired algorithm for anomaly detection. In: Proceedings of the 4th international conference on artificial immune systems (ICARIS), LNCS 3627. Springer, Heidelberg, pp 153–167

27.

Greensmith J, Aickelin U, Tedesco G (2008) Information fusion for anomaly detection with the dca. Information Fusion, tbc(tbc):tbc, 2008

28.

Greensmith J, Aickelin U, Twycross J (2006) Articulation and clarification of the dendritic cell algorithm. In: Proceedings of the 5th International Conference on Artificial Immune Systems (ICARIS), LNCS 4163, pp 404–417

29.

Greensmith J, Twycross J, Aickelin U (2006) Dendritic cells for anomaly detection. In: Proceedings of the congress on evolutionary computation (CEC), pp 664–671

30.

Gunes Kayacik H, Nur Zincir-Heywood A, Heywood MI (2007) A hierarchical SOM-based intrusion detection system. Eng Appl Artif Intell 20(4):439–451CrossRef

31.

Higgins JJ (2004) An introduction to modern nonparametric statistics. Thomson, Brooks/Cole, Pacfic Grove

32.

Hofmeyr S, Forrest S (1998) Intrusion detection using sequences of system calls. J Comput Secur 6:151–180

33.

Hofmeyr S, Forrest S (1999) Immunity by design. In: Proceedings of the genetic and evolutionary computation conference (GECCO), pp 1289–1296

34.

Höglund A, Hätönen K (1998) Computer network user behaviour visualization using self organizing maps. In: Niklasson L, Bodén M, Ziemke T (eds) Proceedings of ICANN98, the 8th international conference on artificial neural networks, vol 2. Springer, London, pp 899–904

35.

Höglund A, Hätönen K, Sorvari A (2000) A computer host-based user anomaly detection system using the self-organizing map. In: IJCNN (5), pp 411–416

36.

Horeis T (2003) Intrusion detection with neural networks–combination of self-organizing maps and radial basis function networks for human expert integration. Student Research Grants Technical report, IEEE Computational Intelligence Society

37.

Ji Z, Dasgupta D (2004) Real-valued negative selection algorithm with variable-sized detectors. In: Proceedings of the genetic and evolutionary computation conference (GECCO), pp 287–298

38.

Jirapummin C, Wattanapongsakorn N, Kanthamanon P (2002) Hybrid neural networks for intrusion detection system. In: 2002 international technical conference on circuits/systems, computers and communications (ITC-CSCC 2002), Phuket, Thailand, pp 928–931

39.

Jung J, Paxson V, Berger A, Balakrishnan H (2004) Fast portscan detection using sequential hypothesis testing. In: Proceedings 2004 IEEE symposium, Security and privacy, pp 211–225

40.

Kandel ER, Schwartz JH, Jessell TM (2000) Principles of neural science. McGraw-Hill/Appleton & Lange, New York

41.

Kayacik H, Zincir-Heywood A, Heywood M (2003) On the capability of an SOM based intrusion detection system. In: Proceedings of the international joint conference on neural networks, vol 3

42.

Kayacik HG, Zincir-Heywood N (2005) Analysis of three intrusion detection system benchmark datasets using machine learning algorithms. In: Proceedings of IEEE international conference on intelligence and security informatics (ISI 2005), vol 3495 of LNCS. Springer, Atlanta, pp 362–367

43.

Khanna R, Liu H (2006) System approach to intrusion detection using HMM. In: International conference on communications and mobile computing, pp 349–354

44.

Kim J, Bentley P (2001) Evaluating negative selection in an artificial immune system for network intrusion detection. In: Proceedings of the genetic and evolutionary computation conference (GECCO), pp 1330–1337

45.

Kim J, Bentley P, Aickelin U, Greensmith J, Tedesco G, Twycross J (2007) Immune system approaches to intrusion detection —a review. Natural computing, page tbc, 2007 (to appear, accepted for publication)

46.

Kohonen T (1981) Automatic formation of topological maps of patterns in a self-organizing system. In: Proceedings of the 2nd scandinavian conference on image analysis, pp 214–220

47.

Kohonen T (1996) Self-organizing maps. Springer, Berlin

48.

Kohonen T (1990) The self-organizing map. Proc IEEE 78(9):1464–1480CrossRef

49.

Lee SC, Heinbuch DV (2001) Training a neural-network based intrusion detector to recognizenovel attacks. Syst Man Cybern Part A IEEE Trans 31(4):294–299CrossRef

50.

Lei JZ, Ghorbani A (2004) Network intrusion detection using an improved competitive learning neural network. In: 2nd annual conference on communication networks and services research, pp 190–197

51.

Lichodzijewski P, Nur Zincir-Heywood A, Heywood M (2002) Dynamic intrusion detection using self organizing maps. In: The 14th annual canadian information technology security symposium (CITSS)

52.

Lutz M, Schuler G (2002) Immature, semi-mature and fully mature dendritic cells: which signals induce tolerance or immunity? Trends Immunol 23(9):991–1045CrossRef

53.

Matzinger P (1994) Tolerance, danger and the extended family. Annu Rev Immunol 12:991–1045

54.

Matzinger P (2007) Friendly and dangerous signals: is the tissue in control? Nat Immunol 8(1):11–13CrossRef

55.

Miller P, Inoue A (2003) Collaborative intrusion detection system. In: 22nd international conference of the north American fuzzy information processing society (NAFIPS 2003), pp 519–524

56.

Murphy K, Travers P, Walport M (2008) Janeway’s Immunobiology. Garland science, 7th edn

57.

Oates R, Greensmith J, Aickelin U, Garibaldi J, Kendall G (2007) The application of a dendritic cell algorithm to a robotic classifier. In: Proceedings of the 6th international conference on artificial immune systems (ICARIS), LNCS 4628, pp 204–215

58.

Oates R, Kendall G, Garibaldi J (2007) Frequency analysis for dendritic cell population tuning: decimating the dendritic cell. Evol Intell (submitted)

59.

Ramadas M, Ostermann S, Tjaden B (2003) Detecting anomalous network traffic with self-organizing maps. In: Proceedings of recent advances in intrusion detection: 6th international symposium (RAID 2003). Springer, Pittsburgh

60.

Rhodes BC, Mahaffey JA, Cannady JD (2000) Multiple self-organizing maps for intrusion detection. In: Proceedings of the 23rd national information systems security conference

61.

Ritter H, Martinetz T, Schulten K (1992) Neural computation and self-organizing maps: an introduction. Addison-Wesley Longman Publishing Co., Inc., BostonMATH

62.

Roesch M (1999) Snort—lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX conference on system administration (LISA), USENIX Association, pp 229–238

63.

Sarasamma S, Zhu Q (2006) Min–max hyperellipsoidal clustering for anomaly detection in network security. Syst Man Cybern Part B IEEE Trans 36(4):887–901CrossRef

64.

Sarasamma ST, Zhu QA, Huff J (2005) Hierarchical Kohonenen net for anomaly detection in network security. IEEE Trans Syst Man Cybern Part B Cybern 35(2):302–312CrossRef

65.

Garner S (1995) Weka: the waikato environment for knowledge analysis. In: Proceedings of the New Zealand computer science research students conference, pp 57–64

66.

Somayaji A, Locasto M, Feyereisl J (2007) Panel on the future of biologically-inspired security: is there anything left to learn? In: New security paradigms workshop (NSPW’07)

67.

Sporri R, Caetano C (2005) Inflammatory mediators are insufficient for full dendritic cell activation and promote expansion of cd4+ t cell populations lacking helper function. Nat Immunol 6(2):163–170CrossRef

68.

Staniford S, Hoagland J, McAlerney J (2002) Practical automated detection of stealthy portscans. J Comput Secur 10(1–2):105–136

69.

Stibor T, Mohr P, Timmis J, Eckert C (2005) Is negative selection appropriate for anomaly detection? In: Proceedings of genetic and evolutionary computation conference (GECCO), pp 321–328

70.

Stibor T, Eckert C, Timmis J (2006) Artificial immune systems for IT-security. Inf Technol 48(3):168–173

71.

Stibor T, Timmis J, Eckert C (2006) On permutation masks in hamming negative selection. In: Proceedings of the 5th international conference on artificial immune systems (ICARIS), LNCS 4163, pp 122–135

72.

Timmis J (2007) Artificial immune systems: today and tomorrow. Nat Comput 6(1):1–18MATHCrossRefMathSciNet

73.

Twycross J (2007) Integrated innate and adaptive artificial immune systems applied to process anomaly detection. PhD Thesis, University Of Nottingham

74.

Twycross J, Aickelin U (2005) Towards a conceptual framework for innate immunity. In: Proceedings of the 4th international conference on artificial immune systems (ICARIS), LNCS 3627. Springer, Heidelberg, pp 112–125

75.

Twycross J, Aickelin U (2006) Libtissue—implementing innate immunity. In: Proc of the congress on evolutionary computation (CEC), pp 499–506

76.

Wang W, Guan X, Zhang X, Yang L (2006) Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data. Comput Secur 25(7):539–550CrossRef

77.

Williams C, Harry R, McLeod J (2007) Mechanisms of apoptosis induced DC suppression. J Immunol (submitted)

78.

Yoo IS (2004) Visualizing windows executable viruses using self-organizing maps. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security. ACM Press, New York, pp 82–89

Titel: The DCA: SOMe comparison
A comparative study between two biologically inspired algorithms
verfasst von: Julie Greensmith
Jan Feyereisl
Uwe Aickelin
Publikationsdatum: 01.06.2008
Verlag: Springer-Verlag
Erschienen in: Evolutionary Intelligence / Ausgabe 2/2008
Print ISSN: 1864-5909
Elektronische ISSN: 1864-5917
DOI: https://doi.org/10.1007/s12065-008-0008-6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2008

Exploratory data analysis with artificial immune systems

Improving the reliability of real-time embedded systems using innate immune techniques

Special issue on artificial immune systems

Frequency analysis for dendritic cell population tuning

Evolutionary algorithms to simulate the phylogenesis of a binary artificial immune system