JZ Zhao,MZ Xu,SL Sun,L You

DOI: https://doi.org/10.1109/tencon.2004.1414566

2004-01-01

Abstract:In this paper, an IDS framework based on data mining technique and immune principle is presented. Here data mining technique is used to discover frequently occurred patterns, which are equivalent to self proteins in immune system. Immune principle is explored to generate negative detectors, which does not match any self protein based on distance metric. These negative detectors are distributed into the network system to perform anomaly detection independently and concurrently. Our experiment shows that it has low false positive rate and high detection rate.

HUANG Jun-cai,WANG Feng-bi,LUO Xun,SHE Kun,ZHOU Ming-tian

DOI: https://doi.org/10.3969/j.issn.1001-0548.2006.01.025

2006-01-01

Abstract:The feasibility of applying artificial immune theory in intrusion detection system is Analyzed, establishes a model combining artificial immune theory and data mining technique is estoblished. Based on the statistical theory, the amount of information that is lost by splitting a data stream into unordered strings can be estimated, and this estimate can be used to guide the choice of string length. Based on information-theory, a lower bound on the size of the detector set is derived. Detector Generating algorithm is described. The performance of Artificial Immune Intrusion Detection System (AIIDS) is better than the normal intrusion detection system based on knowledge engineering.

Zhao Junzhong,Huang Houkuan

DOI: https://doi.org/10.1109/TENCON.2002.1181232

2002-01-01

Abstract:In this paper, we present a framework of evolving intrusion detection system (IDS), based on: immune principle. At first we describe the research and trend of intrusion detection system. Then we introduce the research on immunity-based intrusion detection system. Next a framework of intrusion detection system is presented based on the immune principle described above. Finally, the paper is concluded with general comments concerning our framework.

Lei Deng,De-yuan Gao

DOI: https://doi.org/10.1109/nswctc.2009.87

2009-01-01

Abstract:Intrusion Detection Systems (IDSs) are increasingly a key part of systems defense. Various approaches to Intrusion Detection are currently being used, but they are relatively ineffective. Recently applying Artificial Intelligence, machine learning and data mining techniques to IDS are increasing. Artificial Intelligence plays a driving role in security services. This paper proposes an Immune based Adaptive Intrusion Detection System Model (IAIDSM). Analyzing the training data obtaining from internet, the self behavior set and nonself behavior set can be obtained by the partitional clustering algorithm, then it extracts Self and nonself pattern sets from these two behavior sets by association rules and sequential patterns mining. The Self and nonself sets can update automatically and constantly online. So IAIDSM improves the ability of detecting new type intrusions and the adaptability of the system.

Hua Yang,Tao Li,Xinlei Hu,Feng Wang,Yang Zou

DOI: https://doi.org/10.1155/2014/156790

2014-01-01

The Scientific World JOURNAL

Abstract:In the area of computer security, Intrusion Detection (ID) is a mechanism that attempts to discover abnormal access to computers by analyzing various interactions. There is a lot of literature about ID, but this study only surveys the approaches based on Artificial Immune System (AIS). The use of AIS in ID is an appealing concept in current techniques. This paper summarizes AIS based ID methods from a new view point; moreover, a framework is proposed for the design of AIS based ID Systems (IDSs). This framework is analyzed and discussed based on three core aspects: antibody/antigen encoding, generation algorithm, and evolution mode. Then we collate the commonly used algorithms, their implementation characteristics, and the development of IDSs into this framework. Finally, some of the future challenges in this area are also highlighted.

匡银虎,张虹波

DOI: https://doi.org/10.3969/j.issn.1007-1423-b.2008.09.003

2008-01-01

Abstract:Introduces the immune principle of artificial immune system, proposes an intrusion detection system model based on AIS, analyzes some key technologies on emphasis, such as the differentiation of the self and non-self set, matching rules and detection algorithms. involving negative selection.

DONG Xiao-mei,YU Ge,XIAO Ke,XIANG Guang

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.10.013

2005-01-01

Abstract:The problems a computer security system faced and needed to solve is quite similar with those of a biological immune system. Immune based intrusion detection techniques can incorporate the advantages of both anomaly intrusion detection and misuse intrusion detection. In this paper, immune based intrusion detection approaches are studied. The methods of constructing self set and generating valid detectors are researched and improved. A novel valid detector generation algorithm is proposed based on the negative selection mechanism. According to the new algorithm, less valid detectors are needed to detect the abnormal activities in the network. Therefore, the speed of generating valid detectors and intrusion detection is improved. By comparing with those based on existing algorithms, the intrusion detection system based on the new algorithm has higher speed and is accuracy.

Zhanfei Ma,Xuefeng Zheng

DOI: https://doi.org/10.1109/wgec.2008.56

2008-01-01

Abstract:Recently network intrusion detection is one of the hottest research topics. Existing network-based Intrusion Detection System (IDS) has drawbacks in many aspects, among of which the two outstanding problems are the high ratio of false alarms and the lack of self-adaptation. The powerful information processing capabilities of the biological immune system, such as feature extraction, pattern recognition, learning, memory, and its distributive multi-layer defence mechanisms provide rich metaphors for designing a computer immune defence system. In this approach, the authors propose a novel multi-layer defence mechanisms based on immunity, which is capable of detecting and identifying both known and unknown intrusions, elaborating a specialized response measure. Besides that, the proposed defence mechanisms have the same learning and adaptive capability of the biological immune system, and so it is able to monitor networked computer's activities at different levels, and to improve its response under subsequent exposures to the same attack. This on-going research effort is not to mimic simply the immunology characteristics but to explore and learn valuable lessons useful for self-adaptive immune intrusion prevention systems.

Yu-Fang Zhang,Gui-Hua Sun,Zhong-Yang Xiong

DOI: https://doi.org/10.1109/ICMLC.2006.258837

2006-01-01

Abstract:This paper presents a novel method of intrusion detection based on artificial immune system. Adopting the constraint-based detectors and any-r intervals matching rule, a novel solution is presented to encode the antibody-antigen. Some immune related concepts are introduced. In order to accelerate the accessing of the normal IP packets, the self-pattern class is proposed. Using the data sets of KDD CUP1999, the experiment results show that the proposed method can achieve a faster running speed and better detecting rates. It also can adapt to dynamically changing environments

Wan Tang,Limei Peng,Ximin Yang,Xia Xie,Yang Cao

DOI: https://doi.org/10.3837/tiis.2010.12.017

2010-01-01

KSII Transactions on Internet and Information Systems

Abstract:Immune-inspired intrusion detection is a promising technology for network security, and well known for its diversity, adaptation, self-tolerance, etc.However, scalability and coverage are two major drawbacks of the immune-inspired intrusion detection systems (IIDSes).In this paper, we propose an IIDS framework, named GEP-IIDS, with improved basic system elements to address these two problems.First, an additional bio-inspired technique, gene expression programming (GEP), is introduced in detector (corresponding to detection rules) representation.In addition, inspired by the avidity model of immunology, new avidity/affinity functions taking the priority of attributes into account are given.Based on the above two improved elements, we also propose a novel immune algorithm that is capable of integrating two bio-inspired mechanisms (i.e., negative selection and positive selection) by using a balance factor.Finally, a pruning algorithm is given to reduce redundant detectors that consume footprint and detection time but do not contribute to improving performance.Our experimental results show the feasibility and effectiveness of our solution to handle the scalability and coverage problems of IIDS.

Yao Lu,Shuyu Chen

2004-01-01

Abstract:The paper gives a brief introduction to the principle of Immune System,while it provides a survey of methods in intrusion detection based on immunological principle.In particular,the paper introduces the negative selection algorithm for detector generation and the string matching rule for detecting anomalous events.

LIAN Jie,WANG Jie,LI Su-min,ZHU Xiang-qian

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.19.014

2006-01-01

Abstract:The immune theory of artificial immune system is introduced,the current intrusion detection system and its problems are analyzed.In order to solve these problems,an intrusion detection system model based on AIS is put forward.Detection rules are produced by negative selection algorithm.In the end,an implemental case of this system is given.The proposed intrusion detection system is designed to be adaptable,autonomy and robustness.

Jh Sun,H Jin,H Chen,Zf Han,Dq Zou

DOI: https://doi.org/10.1007/978-3-540-45080-1_91

2003-01-01

Abstract:Intrusion Detection Systems (IDSs) have become a critical part of security systems. The goal of an intrusion detection system is to block intrusion effectively and accurately. However, the performance of IDS is not satisfying. In this paper, we study the issue of building a data mining based intrusion detection model to raise the detection performance. The key ideas are to use data mining techniques to discover consistent and useful patterns for intrusion and use the set of patterns to recognize intrusion. By applying statistics inference theory to this model, the patterns mined from a set of test data are effective to detect the attacks in the same category, and therefore can detect most novel attacks that are variants of known attacks.

XR Yang,JY Shen,R Wang

DOI: https://doi.org/10.1109/icmlc.2002.1176712

2002-01-01

Abstract:A network intrusion detection model based on artificial immune theory is proposed in this paper. In this model, self patterns and non-self patterns are built upon frequent behaviors sequences, then a simple but efficient algorithm for encoding patterns is proposed. Based on the result of encoding, another algorithm for creating detectors is presented, which integrates a negative selection with the clonal selection. The algorithm performance is analyzed, which shows that this method can shrink each generation scale greatly and create a good niche for patterns evolving.

Gianni Tedesco,Jamie Twycross,Uwe Aickelin

DOI: https://doi.org/10.1007/11823940_15

2010-01-01

Abstract:Network Intrusion Detection Systems (NIDS) monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDS's rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to an intrusion detection problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.

傅涛,孙文静,孙亚民,崔萌萌

DOI: https://doi.org/10.3969/j.issn.1002-137x.2008.06.016

2008-01-01

Computer Science

Abstract:This paper discusses the architecture of Intrusion Detection System (IDS) based on immunology and functions of each module. It emphasizes on system design of immunization detection module based on the snort which is a kind of open souce IDS and the detection processes of immunization detector. This article takes KDDCup99 dataset as a sample and do the intrusion detection experiment by using principle of immunology. The average detection rate of 18 kinds of intrusion actions is 64.94%, the result is encouraging.

CHEN Yue-bing,FENG Chao,ZHANG Quan,TANG Chao-jing

DOI: https://doi.org/10.3969/j.issn.1000-436x.2012.02.018

2012-01-01

Journal of Communications

Abstract:According to the practical requirements of intrusion detection,an integrated artificial immune system (IAIS) was proposed.The system combined dendritic cell algorithm(DCA)and negative selection algorithm(NSA).DCA was used to detect behavioral features.NSA was used to detect structural features.IAIS was validated on KDD 99 dataset.Comparisons to other approaches were made.The experimental results show that the detection performance of IAIS is comparable to classic classification algorithm.IAIS does not rely on labeled data to train detectors.It combines behavioral features and structural features to detect intrusions in real-time mode.

Uwe Aickelin,Julie Greensmith

DOI: https://doi.org/10.48550/arXiv.0802.4002

2008-02-27

Neural and Evolutionary Computing

Abstract:The immune system provides an ideal metaphor for anomaly detection in general and computer security in particular. Based on this idea, artificial immune systems have been used for a number of years for intrusion detection, unfortunately so far with little success. However, these previous systems were largely based on immunological theory from the 1970s and 1980s and over the last decade our understanding of immunological processes has vastly improved. In this paper we present two new immune inspired algorithms based on the latest immunological discoveries, such as the behaviour of Dendritic Cells. The resultant algorithms are applied to real world intrusion problems and show encouraging results. Overall, we believe there is a bright future for these next generation artificial immune algorithms.

Ling ZHANG,Zhong-ying BAI,Yun-long LU,Ya-xing ZHA,Zhen-wen LI

DOI: https://doi.org/10.1016/s1005-8885(14)60290-9

2014-01-01

Abstract:The author puts forward an integrated intrusion detection (ID) model based on artificial immune (IIDAI), a vaccination strategy based on the significance degree of genes and a method to generate initial memory antibodies with rough set (RS). IIDAI integrates two kinds of intrusion detection mode: misuse detection and anonymous detection. Misuse detection and anonymous detection are applied to detect the known and the unknown attacks, respectively. On the basis of IIDAI model, an ID algorithm is presented. Simulation shows that the IIDAI has better performance than traditional ID methods in feasibility and effectiveness. It is very prone to achieve a higher convergence rate by using the vaccination strategy. Moreover, RS can remove the redundancy attributes and increase the detection speed. It can also increase detection rate by applying the integrated method.

Min Zhao,Hongwei Wang,Tao Zhang,Yusen Zhang

2009-01-01

Journal of Computer Research and Development

Abstract:The current artifieial immune-based intrusion detection systems use information from OS or network,but the data in database has its own structure and semantics.They can not detect database intrusion exactly and efficiently.To address these problems,an artificial immune-based database intrusion model is brought forward and a prototype system is implemented.The experiment results show that the system can obtain higher detection rate and decrease the false positive rate.