ZHANG Yu,ZHOU Xi-chuan,SHEN Hai-bin

DOI: https://doi.org/10.3969/j.issn.1001-4551.2007.09.001

2007-01-01

Abstract:Negative selection algorithm is one of core algorithm of artificial immune system,the quantity of effective detectors and holes are two element of the system using negative select algorithm.A threshold adjustable negative algorithm was presented,which was based on continuous r bits matching rule and hamming distance matching rule.This new algorithm reduces the number of effective detectors and holes,which are inevitable in negative selection algorithm.Experimentations based on this algorithm show that the new algorithm reduces the number of detectors and holes dramatically.

FENG Yan-hua,ZHONG Cheng,LI Zhi

DOI: https://doi.org/10.3969/j.issn.1673-629x.2006.04.081

2006-01-01

Abstract:Presents an improved negative selection algorithm in intrusion detection system based on the artificial immune system.The different scales mature detectors are generated by the multi-level negative selection algorithm.In order to simulate the second respond mechanism of the human immune system,introduce the concept of memory detector and corresponding algorithm.The algorithm integrates the affinity maturation and somatic hypermutation to generate the memory detector which has the high recognition ability.

Yu Hu,Bin Li

DOI: https://doi.org/10.4028/www.scientific.net/AMR.204-210.42

2011-01-01

Abstract:The theory of artificial immune had been widely used in the research of network intrusion detection. Nowadays, the existing detector generating algorithms based on negative selection usually use a certain matching rule, as a result, too many detectors may generate, and the false alarm rate will become more serious. This paper proposes an improved negative selection algorithm using double matching rule: candidate detectors should be selected by the improved Hamming distance matching first, then the remaining detectors go through the segmented r-chunks(rch) matching rule. Experiments show that compared with traditional algorithms, this method brings a small number and more efficient detectors, reduces the false alarm rate and guarantees the efficiency of detectors.

GE Lina,ZHONG Cheng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.12.050

2005-01-01

Abstract:The intrusion detection technique based on artificial immune theory is a new research area. Based on artificial immune theory, thispaper designs the negative selection algorithms on the parallel computer systems by dividing the task into multiple sub-tasks, parallel solving themultiple sub-tasks and combining the sub-solutions into the final result. The analysis result shows that the parallel algorithms obtain linear speedup.

XR Yang,JY Shen,R Wang

DOI: https://doi.org/10.1109/icmlc.2002.1176712

2002-01-01

Abstract:A network intrusion detection model based on artificial immune theory is proposed in this paper. In this model, self patterns and non-self patterns are built upon frequent behaviors sequences, then a simple but efficient algorithm for encoding patterns is proposed. Based on the result of encoding, another algorithm for creating detectors is presented, which integrates a negative selection with the clonal selection. The algorithm performance is analyzed, which shows that this method can shrink each generation scale greatly and create a good niche for patterns evolving.

郭文忠,陈国龙,陈庆良

DOI: https://doi.org/10.3724/sp.j.1087.2009.00805

2009-01-01

Journal of Computer Applications

Abstract:Negative Selection(NS) algorithm of artificial immunology has been successfully applied to anomaly detection on some low-dimension data,but the performance becomes unfavorable on high-dimension data.Real-valued negative selection algorithm with variable-sized detectors(VRNS) was applied to network intrusion detection and a variation of it(IVRNS) was proposed to improve the performance on high-dimension data.In the improved algorithm,the detectors were used to control the coverage of them according to the overlap among the detectors.Experimental results prove the effectiveness of this novel algorithm on high-dimension data and a high detection rate with a lower false alarm rate in network intrusion.

Ruirui Zhang,Xin Xiao

DOI: https://doi.org/10.1155/2019/5451263

IF: 2.336

2019-01-01

Journal of Sensors

Abstract:Inspired by the biological immune system, many researchers apply artificial immune principles to intrusion detection in wireless sensor networks, such as negative selection algorithms, danger theory, and dendritic cell algorithms. When applying the negative selection algorithm to wireless sensor networks, the characteristics of wireless sensor networks, such as frequent changes in network topology and limited resources, are not considered too much, which makes the detection effect to need improvement. In this paper, a negative selection algorithm based on spatial partition is proposed and applied to hierarchical wireless sensor networks. The algorithm first analyzes the distribution of self-set in the real-valued space then divides the real-valued space, and several subspaces are obtained. Selves are filled into different subspaces. We implement the negative selection algorithm in the subspace. The randomly generated candidate detector only needs to be tolerated with selves in the subspace where the detector is located, not all the selves. This operation reduces the time cost of distance calculation. In the detection process of detectors, the antigen which is to be detected only needs to match the mature detectors in the subspace where the antigen is located, rather than all the detectors. This operation speeds up the antigen detection process. Theoretical analysis and experimental results show that the algorithm has better time efficiency and quality of detectors, saves sensor node resources and reduces the energy consumption, and is an effective algorithm for wireless sensor network intrusion detection.

Chen Zhongmin,Wang Yu,Xu Baowen

DOI: https://doi.org/10.1109/wicom.2007.446

2007-01-01

Abstract:Mobile agent technology could be used to solve the problems on intrusion detection in network security area, while immune principle could supply reference to algorithm design of agent for detecting and analyzing data. In this paper, the detecting algorithm based on the immune principle, including the definition of problem domain, computation of affinity between the antibody and antigen,as well as between antibody, the generation of the detectors, has been elaborated. The algorithm of negative selection used in the agent has been improved The experimental result indicates that the algorithm is more adaptive than the original one.

HU Liang,WANG Cheng-ming,ZHAO Kuo,JIANG Qian

DOI: https://doi.org/10.13413/j.cnki.jdxblxb.2010.01.032

2010-01-01

Abstract:The Multi-level Negative Selection Algorithm was improved by introducing a new detector model and generating method.The new algorithm can solve the problem of a high number of detectors.Therefore,both the generation efficiency and the detecting efficiency are improved as well.The experimental results prove that both the number of detectors and the time for generating detectors are decreased greatly by the improved algorithm on the premise that the precision of detection is unchanged,making it approach the real-time detection.

Wenjian Luo,Xianbin Cao,Xufa Wang

DOI: https://doi.org/10.1007/3-540-45600-7_40

2001-01-01

Abstract:Current network intrusion detection systems are of low intelligence level and have the main deficiency as being unable to detect new intrusive behaviors of unknown signatures.The protection mechanism of natural immune system has brought us inspirations to design a novel network intrusion detection system. The research on modeling a NIDS with natural immune system just started, including the negative selection algorithm proposed by S. Forrest and the basic system model proposed by J. Kim. Based on their works, this paper proposed a novel system structure including affinity mutation, which was used to improve the performance of anomaly detection, and established an basic system based on artificial immunology. This paper stressed on the novel construction and testing experiments. Result of the experiments proved that the application of the protection mechanism of natural immune system to network intrusion detection system has an exciting perspective.

LIAN Jie,WANG Jie,LI Su-min,ZHU Xiang-qian

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.19.014

2006-01-01

Abstract:The immune theory of artificial immune system is introduced,the current intrusion detection system and its problems are analyzed.In order to solve these problems,an intrusion detection system model based on AIS is put forward.Detection rules are produced by negative selection algorithm.In the end,an implemental case of this system is given.The proposed intrusion detection system is designed to be adaptable,autonomy and robustness.

匡银虎,张虹波

DOI: https://doi.org/10.3969/j.issn.1007-1423-b.2008.09.003

2008-01-01

Abstract:Introduces the immune principle of artificial immune system, proposes an intrusion detection system model based on AIS, analyzes some key technologies on emphasis, such as the differentiation of the self and non-self set, matching rules and detection algorithms. involving negative selection.

Tao Yang,Wen Chen,Tao Li

DOI: https://doi.org/10.1515/phys-2017-0013

2017-01-01

Open Physics

Abstract:Traditional real negative selection algorithms (RNSAs) adopt the estimated coverage (c0) as the algorithm termination threshold, and generate detectors randomly. With increasing dimensions, the data samples could reside in the low-dimensional subspace, so that the traditional detectors cannot effectively distinguish these samples. Furthermore, in high-dimensional feature space, c0 cannot exactly reflect the detectors set coverage rate for the nonself space, and it could lead the algorithm to be terminated unexpectedly when the number of detectors is insufficient. These shortcomings make the traditional RNSAs to perform poorly in high-dimensional feature space. Based upon "evolutionary preference" theory in immunology, this paper presents a real negative selection algorithm with evolutionary preference (RNSAP). RNSAP utilizes the "unknown nonself space", "low-dimensional target subspace" and "known nonself feature" as the evolutionary preference to guide the generation of detectors, thus ensuring the detectors can cover the nonself space more effectively. Besides, RNSAP uses redundancy to replace c0 as the termination threshold, in this way RNSAP can generate adequate detectors under a proper convergence rate. The theoretical analysis and experimental result demonstrate that, compared to the classical RNSA (V-detector), RNSAP can achieve a higher detection rate, but with less detectors and computing cost.

方贤进,李龙澍,钱海

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.01.058

2010-01-01

Computer Science

Abstract:On the basis of author's previous research works,this paper integrates Immune Algorithm (IA) consisting of vaccine operator,mutation operator and other operators with Negative Selection Algorithm (NSA),called IA-NSA algorithm,to perform evolution of detector population,whose purposes are to quicken the process of affinity maturation and improve the efficiency of network intrusion detection.The algorithms of vaccine operator and adaptive extracting vaccines were given in detail.A novel network intrusion detection model and its algorithm based on IA-NSA were presented to establish anomaly detection.The network intrusion detection experiments based on IA-NSA algorithm and Clonal Selection Algorithm (CSA) were designed respectively,the experimental results show that the IA-NSA algorithm consisting of vaccine operator quickens the affinity maturation process of detector population and stably increases the detection rate along with increasing evolutionary generation.But in CSA-NSA algorithm,the affinity maturation process of detector population takes more time,the detection rate has a little degradation and maintains invariant for a long time.

Liu Fang,Qu Bo,Chen Rongsheng

DOI: https://doi.org/10.1007/978-3-540-30549-1_127

2004-01-01

Abstract:Immune clone selection algorithm is a new intelligent algorithm which can effectively overcome the prematurity and slow convergence speed of traditional evolution algorithm because of the clonal selection strategy and clonal mutation strategy. We apply the immune clonal selection algorithm to the process of modeling normal behavior. We compare our algorithm with the algorithm which applies the genetic algorithm to intrusion detection and applies the negative selection algorithm of the artificial immune system to intrusion detection in the dataset kddcup99. The experiment results have shown that the rule set obtained by our algorithm can detect unknown attack behavior effectively and have higher detection rate and lower false positive rate.

Peng-xiang BAI,Qing-hua ZHANG,Fu DUAN,Zhong-ming YANG

DOI: https://doi.org/10.16208/j.issn1000-7024.2015.12.017

2016-01-01

Abstract:One of the severe problems existing in the network intrusion system is the huge number of false alerts generated,and an artificial immune algorithm based on fuzzy rules was proposed to solve it.The correlation probability was computed by disco-vering and learning the degree of correlation of two alerts,and to correlate two alerts,the fuzzy rules based on the correlation probability was used,and then the artificial immune algorithm was employed to optimize it before comparing the correlation pro-bability with the threshold value to make a judgment.Using the proposed algorithm can not only reduce the number of false alerts,but also decrease the load of the detection system and ease the pressure of administrator on processing alerts.Thus,com-paring with the other algorithms in terms of detection rate,detecting time and other standards by the simulation experiment,this method illustrates its feasibility and validation.

LUO Yi-Dan,CAI Zi-Xing,WANG Yong,JIANG Zhong-Yang

DOI: https://doi.org/10.3969/j.issn.1002-137X.2008.03.045

2008-01-01

Computer Science

Abstract:Considering the weakness of self-repairing and misjudgment of negative selection of immune algorithm,a new negative selection algorithm based on immune reconfiguration is proposed. Based on the interior study mechanism of biological immune system and reconfigurable system of industrial field,the new algorithm proposes the conceptions and application methods of reconfigurable string,reconfigurable operator and reconfigurable model and integrates the idea of reconfigurable system into negative selection algorithm. In the case of accidents the system can be recovered and reformed in time. A Web system is utilized to test this method and the simulation results suggest that this algorithm has good performance.

Geying Yang,Lina Wang,Rongwei Yu,Junjiang He,Bo Zeng,Tian Wu

DOI: https://doi.org/10.1155/2023/8980876

IF: 8.993

2023-01-01

International Journal of Intelligent Systems

Abstract:Intrusion detection systems are crucial in fighting against various network attacks. By monitoring the network behavior in real time, possible attack attempts can be detected and acted upon. However, with the development of openness and flexibility of networks, artificial immunity-based network anomaly detection methods lack continuous adaptability and hence have poor detection performance. Thus, a novel framework for network anomaly detection with adaptive regulation is built in this paper. First, a heuristic dimensionality reduction algorithm based on unsupervised clustering is proposed. This algorithm uses the correlation between features to select the best subset. Then, a hybrid partitioning strategy is introduced in the negative selection algorithm (NSA), which divides the feature space into a grid based on the sample distribution density and generates specific candidate detectors in the boundary grid to effectively mitigate the holes caused by boundary diversity. Finally, the NSA is improved by self-set clustering and a novel gray wolf optimizer to achieve adaptive adjustment of the detector radius and position. The results show that the proposed NSA algorithm based on mixed hierarchical division and gray wolf optimization (MDGWO-NSA) achieves a higher detection rate, lower false alarm rate, and better generation quality than other network anomaly detection algorithms.

KANG Qi-chao,ZHANG Qing-hua,QIN Yong,DUAN Fu

DOI: https://doi.org/10.3969/j.issn.2095-2562.2012.03.011

2012-01-01

Abstract:In this paper,with the basic principle of biological immune,the network intrusion detection principle and applications based on artificial immune are introduced,including self-set,error tolerance and self-adaptation of application,and so on.The paper also focuses on basic matching algorithm of artificial immune,which makes a thorough discussion and points out the similarities and differences of the various algorithms and their research direction.Finally through analyzing the characteristics and existing problems of the current algorithms,the paper proposes an algorithm design idea in the huge loads application,and prospects the research hotspot and focus in the future.

Li-zhong Geng,Hui-bo Jia

DOI: https://doi.org/10.1109/aici.2009.92

2009-01-01

Abstract:Intrusion detection systems could rely on short sequences of system calls to distinguish between legitimate and illegitimate activities. We found that the frequencies of system calls in a particular process generally follow the Zipf’s law. It means that there are many sequences which are meaningless to differentiate the ongoing behavior but generate lots of computing waste. Due to improve the performance of existing intrusion detection methods which are implemented in the kernel of operating system, this paper focuses on the negative selection algorithm using maximum entropy model to avoid the degeneration caused by the Valueless repetition of system calls. The improved scheme uses negative selection method to remove the useless computing which is predicted by maximum entropy model. Experimental results demonstrate that the computing cost has a reduction of 50~80% with the same Detection Rate