Skip to main content
Erschienen in: Evolutionary Intelligence 3/2014

01.02.2014 | Special Issue

A fast anomaly detection system using probabilistic artificial immune algorithm capable of learning new attacks

verfasst von: Mahdi Mohammadi, Ahmad Akbari, Bijan Raahemi, Babak Nassersharif, Hassan Asgharian

Erschienen in: Evolutionary Intelligence | Ausgabe 3/2014

Einloggen

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

In this paper, we propose anomaly based intrusion detection algorithms in computer networks using artificial immune systems, capable of learning new attacks. Unique characteristics and observations specific to computer networks are considered in developing faster algorithms while achieving high performance. Although these characteristics play a key role in the proposed algorithms, we believe they have been neglected in the previous related works. We evaluate the proposed algorithms on a number of well-known intrusion detection datasets, as well as two new real datasets extracted from the data networks for intrusion detection. We analyze the detection performance and learning capabilities of the proposed algorithms, in addition to performance criteria such as false alarm rate, detection rate, and response time. The experimental results demonstrate that the proposed algorithms exhibit fast response time, low false alarm rate, and high detection rate. They can also learn new attack patterns, and identify them the next time they are introduced to the network.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Anhänge
Nur mit Berechtigung zugänglich
Literatur
1.
Zurück zum Zitat Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177:3799–3821CrossRef Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177:3799–3821CrossRef
2.
Zurück zum Zitat Zhou Z, Leckie C, Karunasekera S (2010) A survey of coordinated attacks and collaborative intrusion detection. Comput Security 29:124–140CrossRef Zhou Z, Leckie C, Karunasekera S (2010) A survey of coordinated attacks and collaborative intrusion detection. Comput Security 29:124–140CrossRef
3.
Zurück zum Zitat Teodoro P, Verdejo J, Fernandez G, Va′zquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secuity 28:18–28CrossRef Teodoro P, Verdejo J, Fernandez G, Va′zquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secuity 28:18–28CrossRef
4.
Zurück zum Zitat Axelsson S (1999) Research in intrusion detection systems: a survey. Technical Report TR 98-17. Chalmers University of Technology, Goteborg, Sweden Axelsson S (1999) Research in intrusion detection systems: a survey. Technical Report TR 98-17. Chalmers University of Technology, Goteborg, Sweden
5.
Zurück zum Zitat Debar H, Dacier M, Wespi A (2000) A revised taxonomy for intrusion detection systems. Ann Télécommun 55(7–8):361–378 Debar H, Dacier M, Wespi A (2000) A revised taxonomy for intrusion detection systems. Ann Télécommun 55(7–8):361–378
6.
Zurück zum Zitat Masri W, Podgurski A (2008) Application-based anomaly intrusion detection with dynamic information flow analysis. Comput Security 27:176–187CrossRef Masri W, Podgurski A (2008) Application-based anomaly intrusion detection with dynamic information flow analysis. Comput Security 27:176–187CrossRef
7.
Zurück zum Zitat Twycross J, Aickelin U (2006) Libtissue—implementing innate immunity. In: Aickelin U (ed) Proceedings of the IEEE congress on evolutionary, computation (CEC’06). Vancouver, Canada, pp 16–21 Twycross J, Aickelin U (2006) Libtissue—implementing innate immunity. In: Aickelin U (ed) Proceedings of the IEEE congress on evolutionary, computation (CEC’06). Vancouver, Canada, pp 16–21
8.
Zurück zum Zitat Luther K, Bye R, Alpcan T, Muller A, Albayrak S (2007) A cooperative ais framework for intrusion detection. In: IEEE international conference on communications (ICC’07), Glasgow, Scotland, 4–28 June 2007, pp 1409–1416 Luther K, Bye R, Alpcan T, Muller A, Albayrak S (2007) A cooperative ais framework for intrusion detection. In: IEEE international conference on communications (ICC’07), Glasgow, Scotland, 4–28 June 2007, pp 1409–1416
9.
Zurück zum Zitat Kim J (2003) Integrating artificial immune algorithms for intrusion detection, PhD Thesis, Department of Computer Science, University College London Kim J (2003) Integrating artificial immune algorithms for intrusion detection, PhD Thesis, Department of Computer Science, University College London
10.
Zurück zum Zitat Kim J, Bentley P (2002) Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection. In: Fogel DB, El-Sharkawi MA, Yao X, Greenwood G, Iba H, Marrow P, Shackleton M (eds) Proceedings of the IEEE congress on evolutionary computation (CEC’02), vol 2, Honolulu, HI, USA, 12–17 May 2002. IEEE Press, pp 1015–1020 Kim J, Bentley P (2002) Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection. In: Fogel DB, El-Sharkawi MA, Yao X, Greenwood G, Iba H, Marrow P, Shackleton M (eds) Proceedings of the IEEE congress on evolutionary computation (CEC’02), vol 2, Honolulu, HI, USA, 12–17 May 2002. IEEE Press, pp 1015–1020
11.
Zurück zum Zitat Liu F, Qu B, Chen R (2004) Intrusion detection based on immune clonal selection algorithms. In: Webb GI, Yu X (eds) AI 2004: advances in artificial intelligence, volume 3339 of lecture notes in computer science. Springer, Berlin, pp 1226–1232 Liu F, Qu B, Chen R (2004) Intrusion detection based on immune clonal selection algorithms. In: Webb GI, Yu X (eds) AI 2004: advances in artificial intelligence, volume 3339 of lecture notes in computer science. Springer, Berlin, pp 1226–1232
12.
Zurück zum Zitat Xian J, Lang F, Tang X (2005) A novel intrusion detection method based on clonal selection clustering algorithm. In: Proceedings of 2005 international conference on machine learning and cybernetics, vol 6, 18–21 August 2005, pp 3905–3910 Xian J, Lang F, Tang X (2005) A novel intrusion detection method based on clonal selection clustering algorithm. In: Proceedings of 2005 international conference on machine learning and cybernetics, vol 6, 18–21 August 2005, pp 3905–3910
13.
Zurück zum Zitat Ye N, Emran S, Chen Q, Vilbert S (2002) Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Trans Comput 51(7):810–820CrossRef Ye N, Emran S, Chen Q, Vilbert S (2002) Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Trans Comput 51(7):810–820CrossRef
14.
Zurück zum Zitat Kerkar R, Srinivas S (2009) Knowledge-based systems. Jones & Bartlett Publishers, Sudbury Kerkar R, Srinivas S (2009) Knowledge-based systems. Jones & Bartlett Publishers, Sudbury
15.
Zurück zum Zitat Burbeck K, Tehrani A (2004) Adwice—anomaly detection with real-time incremental clustering. Inf Security Cryptol 3506:407–424 Burbeck K, Tehrani A (2004) Adwice—anomaly detection with real-time incremental clustering. Inf Security Cryptol 3506:407–424
16.
Zurück zum Zitat Borah B, Bhattacharyya D (2008) Catsub: a technique for clustering categorical data based on subspace. J Comput Sci 2:7–20 Borah B, Bhattacharyya D (2008) Catsub: a technique for clustering categorical data based on subspace. J Comput Sci 2:7–20
17.
Zurück zum Zitat Khan L, Awad M, Thuraisingham B (2007) A new intrusion detection system using support vector machines and hierarchical clustering. Int J Very Large Data Bases 16:507–552 Khan L, Awad M, Thuraisingham B (2007) A new intrusion detection system using support vector machines and hierarchical clustering. Int J Very Large Data Bases 16:507–552
18.
Zurück zum Zitat Gaddam S, Phoha V, Balagani K (2007) K-means + id3: a novel method for supervised anomaly detection by cascading k-means clustering and id3 decision tree learning methods. IEEE Trans Knowl Data Eng 19(3):345–354CrossRef Gaddam S, Phoha V, Balagani K (2007) K-means + id3: a novel method for supervised anomaly detection by cascading k-means clustering and id3 decision tree learning methods. IEEE Trans Knowl Data Eng 19(3):345–354CrossRef
19.
Zurück zum Zitat Holland J (1975) Adaptation in natural and artificial systems. University of Michigan Press, Ann Arbor Holland J (1975) Adaptation in natural and artificial systems. University of Michigan Press, Ann Arbor
20.
Zurück zum Zitat Glover F (1977) Heuristic for integer programming using surrogate constraints. Decis Sci 8(1):156–166CrossRef Glover F (1977) Heuristic for integer programming using surrogate constraints. Decis Sci 8(1):156–166CrossRef
22.
Zurück zum Zitat Mohammadi M, Raahemi R, Akbari A, Nassersharif B, Moeinzadeh H (2011) Improving linear discriminant analysis with artificial immune system-based evolutionary algorithms. Inf Sci 189:219–232CrossRef Mohammadi M, Raahemi R, Akbari A, Nassersharif B, Moeinzadeh H (2011) Improving linear discriminant analysis with artificial immune system-based evolutionary algorithms. Inf Sci 189:219–232CrossRef
23.
Zurück zum Zitat Zhao W, Davis W (2011) A modified artificial immune system based pattern recognition approach an application to clinical diagnostics. Artif Intell Med 52(1):1–9CrossRef Zhao W, Davis W (2011) A modified artificial immune system based pattern recognition approach an application to clinical diagnostics. Artif Intell Med 52(1):1–9CrossRef
24.
Zurück zum Zitat Polat K, Güneş S, Tosun S (2006) Diagnosis of heart disease using artificial immune recognition system and fuzzy weighted pre-processing. Pattern Recogn 39(11):2186–2193CrossRef Polat K, Güneş S, Tosun S (2006) Diagnosis of heart disease using artificial immune recognition system and fuzzy weighted pre-processing. Pattern Recogn 39(11):2186–2193CrossRef
25.
Zurück zum Zitat Zhou J, Dasgupta D (2004) Real-valued negative selection algorithm with variable-sized detectors, LNCS 3102. In: Proceedings of GECCO, pp 287–298 Zhou J, Dasgupta D (2004) Real-valued negative selection algorithm with variable-sized detectors, LNCS 3102. In: Proceedings of GECCO, pp 287–298
26.
Zurück zum Zitat Bolón-Canedo V, Sánchez-Maroño N, Betanzos A (2011) Feature selection and classification in multiple class datasets: an application to KDDCup99 dataset. Expert Syst Appl 38(5):5947–5957CrossRef Bolón-Canedo V, Sánchez-Maroño N, Betanzos A (2011) Feature selection and classification in multiple class datasets: an application to KDDCup99 dataset. Expert Syst Appl 38(5):5947–5957CrossRef
27.
Zurück zum Zitat Tsai C, Lin C (2010) A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognit 43(1):222–229CrossRefMATHMathSciNet Tsai C, Lin C (2010) A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognit 43(1):222–229CrossRefMATHMathSciNet
28.
Zurück zum Zitat Toosi AN, Kahani M (2007) A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Comput Commun 30(10):2201–2212CrossRef Toosi AN, Kahani M (2007) A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Comput Commun 30(10):2201–2212CrossRef
29.
Zurück zum Zitat Mahbod T, Ebrahim B, Wei L, Ali AG (2009) A detailed analysis of the KDD CUP 99 data set in proceeding of computational intelligence in security and defense application Mahbod T, Ebrahim B, Wei L, Ali AG (2009) A detailed analysis of the KDD CUP 99 data set in proceeding of computational intelligence in security and defense application
30.
Zurück zum Zitat McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by Lincoln laboratory. ACM Trans Inf Syst Security 3:262–294CrossRef McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by Lincoln laboratory. ACM Trans Inf Syst Security 3:262–294CrossRef
31.
Zurück zum Zitat Botta A, Dainotti A, Pescapè A (2012) A tool for the generation of realistic network workload for emerging networking scenarios. Comput Netw 56(15):3531–3547CrossRef Botta A, Dainotti A, Pescapè A (2012) A tool for the generation of realistic network workload for emerging networking scenarios. Comput Netw 56(15):3531–3547CrossRef
32.
Zurück zum Zitat Asgharian Z, Asgharian H, Akbari A, Raahemi B (2011) A framework for SIP intrusion detection and response systems. Computer networks and distributed systems (CNDS), pp 100–105 Asgharian Z, Asgharian H, Akbari A, Raahemi B (2011) A framework for SIP intrusion detection and response systems. Computer networks and distributed systems (CNDS), pp 100–105
33.
Zurück zum Zitat Asgharian Z, Asgharian H, Akbari A, Raahemi B (2012) Detecting denial of service attacks on sip based services and proposing solutions. Intrusion Detect Response Technol Protect Netw 6:145–167 Asgharian Z, Asgharian H, Akbari A, Raahemi B (2012) Detecting denial of service attacks on sip based services and proposing solutions. Intrusion Detect Response Technol Protect Netw 6:145–167
34.
Zurück zum Zitat Nassar M, State R, Festor O (2010) Labeled VoIP data-set for intrusion detection evaluation. Conference on Networked services and applications: engineering, control and management (EUNICE’10), pp 97–106 Nassar M, State R, Festor O (2010) Labeled VoIP data-set for intrusion detection evaluation. Conference on Networked services and applications: engineering, control and management (EUNICE’10), pp 97–106
35.
Zurück zum Zitat Nassar M, State R, Festor O (2008) Monitoring SIP traffic using support vector machines. In: Proceedings of the 11th international symposium on recent advances in intrusion detection (RAID ‘08), pp 311–330 Nassar M, State R, Festor O (2008) Monitoring SIP traffic using support vector machines. In: Proceedings of the 11th international symposium on recent advances in intrusion detection (RAID ‘08), pp 311–330
36.
Zurück zum Zitat Nassar M, State R, Festor O (2009) VoIP malware: attack tool & attack scenarios, ICC ‘09. IEEE international conference on communications, pp 1–6 Nassar M, State R, Festor O (2009) VoIP malware: attack tool & attack scenarios, ICC ‘09. IEEE international conference on communications, pp 1–6
37.
Zurück zum Zitat Dunn J (1973) A fuzzy relative of the isodata process and its use in detecting compact well-separated clusters. J Cybern 3:32–57CrossRefMATHMathSciNet Dunn J (1973) A fuzzy relative of the isodata process and its use in detecting compact well-separated clusters. J Cybern 3:32–57CrossRefMATHMathSciNet
Metadaten
Titel
A fast anomaly detection system using probabilistic artificial immune algorithm capable of learning new attacks
verfasst von
Mahdi Mohammadi
Ahmad Akbari
Bijan Raahemi
Babak Nassersharif
Hassan Asgharian
Publikationsdatum
01.02.2014
Verlag
Springer Berlin Heidelberg
Erschienen in
Evolutionary Intelligence / Ausgabe 3/2014
Print ISSN: 1864-5909
Elektronische ISSN: 1864-5917
DOI
https://doi.org/10.1007/s12065-013-0101-3