Chang-you ZHANG,Yuan-da CAO,Ming-hua YANG,Jiong YU,Dong-feng ZHU

DOI: https://doi.org/10.3969/j.issn.1006-7043.2006.z1.068

2006-01-01

Abstract:Nature immune system is a highly developed biology system. It can intelligently recognize, resist and clear the foreign maleficent antigen by generating antibody. Therefore, this system keeps stable biology environment. Following the nature immune system, researchers have raised the theory of AIS, i.e. Artificial Immune System. The analogy-based immune model focuses on the implementation of the clone selection process and the negative selection process by means of analogy-based reasoning. Firstly, the initial abnormal behaviours sample set is optimized by combining the AIS and the genetic algorithm. Then, the abnormity probability algorithm is raised considering the two sides of abnormality and normality. Finally, an intrusion detection system model is established based on the above algorithms and models.

CHEN Yue-bing,FENG Chao,ZHANG Quan,TANG Chao-jing

DOI: https://doi.org/10.3969/j.issn.1000-436x.2012.02.018

2012-01-01

Journal of Communications

Abstract:According to the practical requirements of intrusion detection,an integrated artificial immune system (IAIS) was proposed.The system combined dendritic cell algorithm(DCA)and negative selection algorithm(NSA).DCA was used to detect behavioral features.NSA was used to detect structural features.IAIS was validated on KDD 99 dataset.Comparisons to other approaches were made.The experimental results show that the detection performance of IAIS is comparable to classic classification algorithm.IAIS does not rely on labeled data to train detectors.It combines behavioral features and structural features to detect intrusions in real-time mode.

匡银虎,张虹波

DOI: https://doi.org/10.3969/j.issn.1007-1423-b.2008.09.003

2008-01-01

Abstract:Introduces the immune principle of artificial immune system, proposes an intrusion detection system model based on AIS, analyzes some key technologies on emphasis, such as the differentiation of the self and non-self set, matching rules and detection algorithms. involving negative selection.

Ling ZHANG,Zhong-ying BAI,Yun-long LU,Ya-xing ZHA,Zhen-wen LI

DOI: https://doi.org/10.1016/s1005-8885(14)60290-9

2014-01-01

Abstract:The author puts forward an integrated intrusion detection (ID) model based on artificial immune (IIDAI), a vaccination strategy based on the significance degree of genes and a method to generate initial memory antibodies with rough set (RS). IIDAI integrates two kinds of intrusion detection mode: misuse detection and anonymous detection. Misuse detection and anonymous detection are applied to detect the known and the unknown attacks, respectively. On the basis of IIDAI model, an ID algorithm is presented. Simulation shows that the IIDAI has better performance than traditional ID methods in feasibility and effectiveness. It is very prone to achieve a higher convergence rate by using the vaccination strategy. Moreover, RS can remove the redundancy attributes and increase the detection speed. It can also increase detection rate by applying the integrated method.

梁文,曹先彬,张四海,王煦法

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.01.005

2005-01-01

Abstract:Immune network intrusion system is a new approach of anomaly detection and it detects relatively infinite foreign antigens using finite detectors. Cur rent work recognizes unknown antigens by traditional evolution methods but the e xperiment result is not satisfying. This paper points that particularity of NIDS requires many detectors rather than several best ones. Inspired by affinity mut ation mechanism in the biological immune system this paper proposes an immune re cognition method, in which polymorphism is introduced. Experiments results show that this model suits NID well and has excellent ability of recognizing unknown intrusion patterns.

Liu Fang,Qu Bo,Chen Rongsheng

DOI: https://doi.org/10.1007/978-3-540-30549-1_127

2004-01-01

Abstract:Immune clone selection algorithm is a new intelligent algorithm which can effectively overcome the prematurity and slow convergence speed of traditional evolution algorithm because of the clonal selection strategy and clonal mutation strategy. We apply the immune clonal selection algorithm to the process of modeling normal behavior. We compare our algorithm with the algorithm which applies the genetic algorithm to intrusion detection and applies the negative selection algorithm of the artificial immune system to intrusion detection in the dataset kddcup99. The experiment results have shown that the rule set obtained by our algorithm can detect unknown attack behavior effectively and have higher detection rate and lower false positive rate.

DONG Xiao-mei,YU Ge,XIAO Ke,XIANG Guang

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.10.013

2005-01-01

Abstract:The problems a computer security system faced and needed to solve is quite similar with those of a biological immune system. Immune based intrusion detection techniques can incorporate the advantages of both anomaly intrusion detection and misuse intrusion detection. In this paper, immune based intrusion detection approaches are studied. The methods of constructing self set and generating valid detectors are researched and improved. A novel valid detector generation algorithm is proposed based on the negative selection mechanism. According to the new algorithm, less valid detectors are needed to detect the abnormal activities in the network. Therefore, the speed of generating valid detectors and intrusion detection is improved. By comparing with those based on existing algorithms, the intrusion detection system based on the new algorithm has higher speed and is accuracy.

Yu-Fang Zhang,Gui-Hua Sun,Zhong-Yang Xiong

DOI: https://doi.org/10.1109/ICMLC.2006.258837

2006-01-01

Abstract:This paper presents a novel method of intrusion detection based on artificial immune system. Adopting the constraint-based detectors and any-r intervals matching rule, a novel solution is presented to encode the antibody-antigen. Some immune related concepts are introduced. In order to accelerate the accessing of the normal IP packets, the self-pattern class is proposed. Using the data sets of KDD CUP1999, the experiment results show that the proposed method can achieve a faster running speed and better detecting rates. It also can adapt to dynamically changing environments

LIAN Jie,WANG Jie,LI Su-min,ZHU Xiang-qian

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.19.014

2006-01-01

Abstract:The immune theory of artificial immune system is introduced,the current intrusion detection system and its problems are analyzed.In order to solve these problems,an intrusion detection system model based on AIS is put forward.Detection rules are produced by negative selection algorithm.In the end,an implemental case of this system is given.The proposed intrusion detection system is designed to be adaptable,autonomy and robustness.

Z Liu,L Tan,MT Zhou

DOI: https://doi.org/10.1142/9789812702654_0120

2004-01-01

Abstract:Among many kinds of IDSs(Intrusion Detection system),how to recognize and identify network intrusions is a base criterion to evaluate an IDS. Traditional IDS implements this by security rules matching. However, new network intrusions emerge in endlessly. Obviously this detecting way can't meet new situation's need and will be out of date in the near future. Aiming at this problem, This paper bring forward a new kind of recognition model of network intrusions which make use of immune antibody's self-organized learning ability and may accomplish the recognition for variation of network intrusions properly.

Hua Yang,Tao Li,Xinlei Hu,Feng Wang,Yang Zou

DOI: https://doi.org/10.1155/2014/156790

2014-01-01

The Scientific World JOURNAL

Abstract:In the area of computer security, Intrusion Detection (ID) is a mechanism that attempts to discover abnormal access to computers by analyzing various interactions. There is a lot of literature about ID, but this study only surveys the approaches based on Artificial Immune System (AIS). The use of AIS in ID is an appealing concept in current techniques. This paper summarizes AIS based ID methods from a new view point; moreover, a framework is proposed for the design of AIS based ID Systems (IDSs). This framework is analyzed and discussed based on three core aspects: antibody/antigen encoding, generation algorithm, and evolution mode. Then we collate the commonly used algorithms, their implementation characteristics, and the development of IDSs into this framework. Finally, some of the future challenges in this area are also highlighted.

Chang-You Zhang,Wen-Qing Li,Yuan-Da Cao,Zeng-Lu Fan

DOI: https://doi.org/10.1007/978-3-642-10238-7_20

2009-01-01

Abstract:Artificial Immune System (AIS) is a set of principles and algorithm following the properties of nature immune system. In order to improve the performance of IDS, a synthetic dimension reduction model is proposed in this paper. First of all, we define a similarity distance algorithm between two vectors based on analogy reasoning. Then, we introduce an optimization method to meliorate the normal-behavior-set and abnormal-behavior-set based on AIS and Genetic Algorithm (GA). And then, we construct a synthetic reverse model taking both of the above mentioned behaviour set. When a new behavior sample is sniffered from network, the distances between this behavior and each of the two meliorated sets are calculated. Finally, we treat these two distances as ordinate and abscissa, the new behavior sample is mapped from a multi-dimensional vector space into a point in a two-dimensional coordinate plane. According to the position of this point, we determine whether a behavior is an intrusion or not.

Wan Tang,Xi-Min Yang,Xia Xie,Li-Mei Peng,Chan-Hyun Youn,Yang Cao

DOI: https://doi.org/10.1109/IWQoS.2010.5542731

2010-01-01

Abstract:To make an immune-inspired network intrusion detection system (IDS) effective, this paper proposes a new framework, which includes our avidity-model based clonal selection (AMCS) algorithm as core element. The AMCS algorithm uses an improved representation for antigens (corresponding to network access patterns) and detectors (corresponding to detection rules). In particular, a bio-inspired technique called gene expression programming (GEP) is integrated with artificial immune system (AIS) in detector representation. In addition, inspired by the avidity model of immunology, this paper also defines new avidity/affinity functions (corresponding to the metric for quantify the interactions between detector and antigens) that take the priorities of attribute into account. Accordingly, the proposed algorithm integrates both negative selection and positive selection with a balance factor k to assign appropriate weights to self and non-self avidity. The well known KDD CUP'99 DATA set is used for performance evaluation. The results show that the intrusion detection based on AMCS provides a higher detection rate of DoS attack, a lower false alarm rate, and a lower detectors generation cost. Our results indicate that breaking the bottleneck of immune-inspired network IDS through adjusting basic elements is feasible and effective.

Lei Deng,De-yuan Gao

DOI: https://doi.org/10.1109/nswctc.2009.87

2009-01-01

Abstract:Intrusion Detection Systems (IDSs) are increasingly a key part of systems defense. Various approaches to Intrusion Detection are currently being used, but they are relatively ineffective. Recently applying Artificial Intelligence, machine learning and data mining techniques to IDS are increasing. Artificial Intelligence plays a driving role in security services. This paper proposes an Immune based Adaptive Intrusion Detection System Model (IAIDSM). Analyzing the training data obtaining from internet, the self behavior set and nonself behavior set can be obtained by the partitional clustering algorithm, then it extracts Self and nonself pattern sets from these two behavior sets by association rules and sequential patterns mining. The Self and nonself sets can update automatically and constantly online. So IAIDSM improves the ability of detecting new type intrusions and the adaptability of the system.

Xuekun Zhang,Jing An,Yongbin Wang,Wen Liu

DOI: https://doi.org/10.1109/icis.2017.7960066

2017-01-01

Abstract:At present, most of the key algorithms of the existing intrusion detection system adopt simple matching technology, only detect the known attack and the false positive and false negative rate is high. The immune cloning algorithm is a search algorithm for iterative process with generating and detecting. In the iterative process, immune cloning algorithm, under the premise of reserving the best individuals of the previous generation, is a global convergence[1]. After further research and improvement based on the operation mechanism and principle of the immune-based intrusion detection system, immune cloning algorithm is applied to the intrusion detection system, which has a very important significance in improving the emergency response capability of the network security system, mitigating the harm of the network attack and enhancing the system's capacity to fight back and so on. This paper, the immune cloning algorithm is used to optimize the detection of the intrusion detection system, use MATLAB software to carry out simulation and obtain the result analysis, and compare with the performance difference of the detector before and after the improvement according to the simulation results.

Rong Deng,Xiu Yin Zhang

DOI: https://doi.org/10.4028/www.scientific.net/AMR.121-122.482

2010-01-01

Abstract:In this article an Immune Based Intrusion Detection Model (IBIDM) was built to simulate the dynamic relationships between the intrusion antigen intensity and the antibody concentration in the biological immune systems. In IBIDM, traditional detection rules and network traffic patterns are mapped to antibodies and antigens respectively. The network security situation is presented in the form of detector numbers to help reduce false alarm rate. Computer simulations show that the proposed model is effective for intrusion detection.

JZ Zhao,HK Huang

DOI: https://doi.org/10.1109/icmlc.2002.1176811

2002-01-01

Abstract:In this paper, a framework of an immune-based intrusion detection system (IDS) is presented. Here data mining techniques are used to discover frequently occurring patterns, which are equivalent to self proteins in the immune system. During the tolerance process known as negative selection, a set of valid detectors that does not match any self protein mined previously is generated in the space of nonself based on a distance metric. These negative detectors are distributed into the network system to perform anomaly detection independently and concurrently. Our experiment confirms a low false positive rate and a high detection rate.

XR Yang,JY Shen,R Wang

DOI: https://doi.org/10.1109/icmlc.2002.1176712

2002-01-01

Abstract:A network intrusion detection model based on artificial immune theory is proposed in this paper. In this model, self patterns and non-self patterns are built upon frequent behaviors sequences, then a simple but efficient algorithm for encoding patterns is proposed. Based on the result of encoding, another algorithm for creating detectors is presented, which integrates a negative selection with the clonal selection. The algorithm performance is analyzed, which shows that this method can shrink each generation scale greatly and create a good niche for patterns evolving.

Linhui Zhao,Xin Fang,Yaping Dai

DOI: https://doi.org/10.1109/inds.2009.5228006

2009-01-01

Abstract:Although neural networks and idiotypic networks are similar in functions, they are different in many aspects. This paper compares them in topological structures, initializing ways, learning methods, et al. Based on the comparison and combined with pattern recognition technology, this paper proposes a novel adaptive intrusion detection approach using idiotypic networks. Additionally, the approach is compared with detection approach using neural networks. Idiotypic networks' memory and learning abilities, especially their dynamic adjustable ability enable them superior to neural networks in the application for intrusion detection. This paper presents a new detection algorithm according to immune response principles and a new multimutation pattern idiotypic network model to implement the detection algorithm. By utilizing some immune principles, the proposed approach can overcome problems existing in detection approaches based on neural networks. Firstly, idiotypic networks can adjust automatically with presenting of antigens, making new features fused into networks continuously. Thus, this approach needs not to be updated periodically. Secondly, the trained network model can still be changed to learn new features of attacks, so the performance of detecting unknown attacks is improved. Thirdly, clone expansion of antibodies is suppressed by idiotypic effects, thus false positive rate is decreased. Experiments are carried out on Fisher Iris dataset and KDD-CUP-99 database to verify the performance of this adaptive detection approach. Compared with the detection approach based on a multilayer perception network, the false positive rate is decreased and the detection accuracy of unknown attacks is increased.

HUANG Jun-cai,WANG Feng-bi,LUO Xun,SHE Kun,ZHOU Ming-tian

DOI: https://doi.org/10.3969/j.issn.1001-0548.2006.01.025

2006-01-01

Abstract:The feasibility of applying artificial immune theory in intrusion detection system is Analyzed, establishes a model combining artificial immune theory and data mining technique is estoblished. Based on the statistical theory, the amount of information that is lost by splitting a data stream into unordered strings can be estimated, and this estimate can be used to guide the choice of string length. Based on information-theory, a lower bound on the size of the detector set is derived. Detector Generating algorithm is described. The performance of Artificial Immune Intrusion Detection System (AIIDS) is better than the normal intrusion detection system based on knowledge engineering.