Julie Greensmith,Uwe Aickelin,Jamie Twycross

DOI: https://doi.org/10.48550/arXiv.1002.0696

IF: 14.4

2010-02-03

Artificial Intelligence

Abstract:In recent years computer systems have become increasingly complex and consequently the challenge of protecting these systems has become increasingly difficult. Various techniques have been implemented to counteract the misuse of computer systems in the form of firewalls, anti-virus software and intrusion detection systems. The complexity of networks and dynamic nature of computer systems leaves current methods with significant room for improvement. Computer scientists have recently drawn inspiration from mechanisms found in biological systems and, in the context of computer security, have focused on the human immune system (HIS). The human immune system provides a high level of protection from constant attacks. By examining the precise mechanisms of the human immune system, it is hoped the paradigm will improve the performance of real intrusion detection systems. This paper presents an introduction to recent developments in the field of immunology. It discusses the incorporation of a novel immunological paradigm, Danger Theory, and how this concept is inspiring artificial immune systems (AIS). Applications within the context of computer security are outlined drawing direct reference to the underlying principles of Danger Theory and finally, the current state of intrusion detection systems is discussed and improvements suggested.

Jinquan Zeng,Yan Fu,Jianbing Hu,AnLong Chen,Lingxi Peng

2008-01-01

Journal of Information and Computational Science

Abstract:Artificial Immune System (AIS) has been successful in many realms, especially in computer security, and the correlative algorithms rely on self-nonself discrimination, as stipulated in classical immunology. But when the algorithms are used in practical applications, scaling problems of self and nonself, computational efficiency, and the changing problems of self and nonself have to be addressed. Meanwhile, immunologists are increasingly finding faults with traditional self-nonself discrimination and a new Danger Theory (DT) is emerging. This new theory suggests that Human Immune System (HIS) is more concerned with damages than nonself and HIS reacts to threats through the correlation of danger signals. Based on the DT, within the context of computer system, immune response model is presented. In the model, the definitions of the danger signal, response type and intensity, and etc. are given. Then the producing method of the danger signal is put forth, and they are significant in incorporating the DT into computer security applications. 1548-7741/Copyright © 2008 Binary Information Press October 2008.

Uwe Aickelin,Peter Bentley,Steve Cayzer,Kim Jungwon,Julie McLeod

DOI: https://doi.org/10.1007/b12020

2008-05-16

Abstract:We present ideas about creating a next generation Intrusion Detection System based on the latest immunological theories. The central challenge with computer security is determining the difference between normal and potentially harmful activity. For half a century, developers have protected their systems by coding rules that identify and block specific events. However, the nature of current and future threats in conjunction with ever larger IT systems urgently requires the development of automated and adaptive defensive tools. A promising solution is emerging in the form of Artificial Immune Systems. The Human Immune System can detect and defend against harmful and previously unseen invaders, so can we not build a similar Intrusion Detection System for our computers.

Neural and Evolutionary Computing,Artificial Intelligence,Cryptography and Security

Uwe Aickelin,Julie Greensmith

DOI: https://doi.org/10.48550/arXiv.0802.4002

2008-02-27

Neural and Evolutionary Computing

Abstract:The immune system provides an ideal metaphor for anomaly detection in general and computer security in particular. Based on this idea, artificial immune systems have been used for a number of years for intrusion detection, unfortunately so far with little success. However, these previous systems were largely based on immunological theory from the 1970s and 1980s and over the last decade our understanding of immunological processes has vastly improved. In this paper we present two new immune inspired algorithms based on the latest immunological discoveries, such as the behaviour of Dendritic Cells. The resultant algorithms are applied to real world intrusion problems and show encouraging results. Overall, we believe there is a bright future for these next generation artificial immune algorithms.

Uwe Aickelin,Julie Greensmith

2007-01-01

Abstract:Artificial Immune Systems (AIS) are a collection of algorithms inspired by aspects of the human immune system. The arguably most obvious application of AIS was to detect intrusions in computer networks. If we can fight viruses with our immune systems, then surely we can fight computer viruses with a computer immune system? Early AIS approaches used a technique called Negative Selection, which did not provide a sufficient level of protection against intrusions. Problems were found with scalability and large numbers of false positives (false alarms) were generated. In 2003, Dr Uwe Aickelin and his colleagues proposed that the reason for the poor performance of the AIS is that Negative Selection is based on outdated concepts in immunology. It was proposed that the incorporation of the Danger Theory, a modern principle of immunology, could improve the performance of AIS when applied to intrusion detection. The result of the proposal is the Danger Project (EPSRC Adventure Fund) – an interdisciplinary collaboration between computer security experts, computer scientists, and 'wetlab' immunologists. Recently, Uwe has been awarded an Advanced ESPRC Fellowship to investigate how OR models such as set covering problems can help direct future research. The work performed to achieve these goals is the focus of this part of the seminar. Instead of trying to improve on existing heuristics, Julie Greensmith spent one year trying to understand the intricate methods the human immune system uses to detect invaders when the body is under attack. A novel idea in immunology is that the immune system releases danger signals in response to damage caused by infection. One cell in particular is involved in the collection and processing of danger signals. These cells are called Dendritic Cells (DCs). DCs are a major control unit cell of the human immune system, but were previously ignored by the AIS

Uwe Aickelin,Steve Cayzer

DOI: https://doi.org/10.48550/arXiv.0801.3549

2008-01-23

Neural and Evolutionary Computing

Abstract:Over the last decade, a new idea challenging the classical self-non-self viewpoint has become popular amongst immunologists. It is called the Danger Theory. In this conceptual paper, we look at this theory from the perspective of Artificial Immune System practitioners. An overview of the Danger Theory is presented with particular emphasis on analogies in the Artificial Immune Systems world. A number of potential application areas are then used to provide a framing for a critical assessment of the concept, and its relevance for Artificial Immune Systems.

Lingxi Peng,Xudong Zhu,Jian Zhang,Rui Fan,Chunlin Liang,Jinquan Zeng,Caiming Liu

2009-01-01

Journal of Information and Computational Science

Abstract:A novel inspired intrusion detection system paradigm based on danger theory (NIIDS) is proposed. The danger theory, which depicts the immune system, is quite similar to the problems of network security, has been considering potential recognitional application values in network security problems. However, the definition of pivotal danger signals have not yet been defined in present literatures, which is also a hard problem that translate the danger theory into the realms of network security and limit its further application. In this paper, the definition danger signals are given. Furthermore, mathematic equations of the danger evaluation and danger alert are built in turn. NIIDS solves the problems of huge alerts and low quality of alert information, and can also evaluate the real-time intrusion attack and anomaly menace, which are troublesome in the existed intrusion detection models. Simulations of this model were performed, and the comparison experiment results show that NIIDS surmounts the current computer immune system and traditional intrusion detection models. Copyright ©2009 Binary Information Press.

Chun XU,Xiao-jie LIU,Tao LI,Hui ZHAO,Nian LIU,Sun-jun LIU

DOI: https://doi.org/10.3969/j.issn.1009-3087.2007.05.023

2007-01-01

Abstract:A new denial of service intrusion detection model based on the immune danger theory was presented, according to the characteristic of denial of service intrusion. The model and the antibody evolution algorithm were designed and realized. In the model, antigen/antibody was classified by consanguinity, the procedure of antigen ap-optosis and necrosis were defined, and both danger signal and risk of network were calculated. This model can detect denial of service intrusion by the danger signal and risk of network. The results of the experiment showed that the method can not only keep the advantages of self-learning and self-adaptation of intrusion detection based on tradition artificial immune artificial immune, but also decrease the false positive rate by 87.5%.

Zhanfei Ma,Xuefeng Zheng

DOI: https://doi.org/10.1109/wgec.2008.56

2008-01-01

Abstract:Recently network intrusion detection is one of the hottest research topics. Existing network-based Intrusion Detection System (IDS) has drawbacks in many aspects, among of which the two outstanding problems are the high ratio of false alarms and the lack of self-adaptation. The powerful information processing capabilities of the biological immune system, such as feature extraction, pattern recognition, learning, memory, and its distributive multi-layer defence mechanisms provide rich metaphors for designing a computer immune defence system. In this approach, the authors propose a novel multi-layer defence mechanisms based on immunity, which is capable of detecting and identifying both known and unknown intrusions, elaborating a specialized response measure. Besides that, the proposed defence mechanisms have the same learning and adaptive capability of the biological immune system, and so it is able to monitor networked computer's activities at different levels, and to improve its response under subsequent exposures to the same attack. This on-going research effort is not to mimic simply the immunology characteristics but to explore and learn valuable lessons useful for self-adaptive immune intrusion prevention systems.

DONG Xiao-mei,YU Ge,XIAO Ke,XIANG Guang

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.10.013

2005-01-01

Abstract:The problems a computer security system faced and needed to solve is quite similar with those of a biological immune system. Immune based intrusion detection techniques can incorporate the advantages of both anomaly intrusion detection and misuse intrusion detection. In this paper, immune based intrusion detection approaches are studied. The methods of constructing self set and generating valid detectors are researched and improved. A novel valid detector generation algorithm is proposed based on the negative selection mechanism. According to the new algorithm, less valid detectors are needed to detect the abnormal activities in the network. Therefore, the speed of generating valid detectors and intrusion detection is improved. By comparing with those based on existing algorithms, the intrusion detection system based on the new algorithm has higher speed and is accuracy.

Lei Wang,B. Hirsbrunner

DOI: https://doi.org/10.1109/ICMLC.2002.1175366

2002-11-04

Abstract:Referring to the mechanism of biological immune system, a novel model of computer security system is proposed, which is a dynamic, multi-layered and co-operational system. Through dynamically supervising abnormal behaviors with multi agent immune systems, a two-level defense system is set up for improving the whole performance: one is based on a host and mainly used for. detecting viruses; and the other is based on a network for supervising potential attacks. On the other hand, a pseudo-random technology is adopted for designing the sub-system of data transmission, in order to increase the ability of protecting information against intended interference and monitoring. Simulations on information transmission show that this system has good robustness, error tolerance and self-adaptiveness, although more practice is needed.

Computer Science

XU Chun,WU Liang-fu,CHEN Xing-shu,YOU Hong-yue,LIU Xue-hong

DOI: https://doi.org/10.15961/j.jsuese.2011.03.024

2011-01-01

Abstract:Based on immune danger theory,a danger zone generating mechanism,a danger zone radius calculation method and the calculating formula of the danger signals signal_0 by antigen necrosis and the antigen detected danger signals signal_1 were given according to the intrusion detection application.In addition,a detection algorithm in the danger zone was presented according to the signal_0 and signal_1.The experiments showed that the proper selection of the dangerous area radius is helpful for the improvement of the efficiency of intrusion detection system,and make both the false negative rate and false detection rates remained at a lower level.

U. Aickelin

2016-01-01

Abstract:Over the last decade, a new idea challenging the classical self-non-self viewpoint has become popular amongst immunologists. It is called the Danger Theory. In this conceptual paper, we look at this theory from the perspective of Artificial Immune System practitioners. An overview of the Danger Theory is presented with particular emphasis on analogies in the Artificial Immune Systems world. A number of potential application areas are then used to provide a framing for a critical assessment of the concept, and its relevance for Artificial Immune Systems.

GUO Chen,LIANG Jia-rong,XIA Jie-wu

DOI: https://doi.org/10.3969/j.issn.1001-3695.2007.06.006

2007-01-01

Abstract:This paper intended to give a comprehensive overview of DT based on a preliminary theoretical framework,which was started with the brief interpretative introduction of biological immune models of danger theory,then followed with the metaphor algorithms.And then intsoduced the significant applications in the representative domain.Finally,some possible research directions of DT were given in a further step as the summary of this paper.

Song Yuan,Qi-juan Chen,Peng Li

DOI: https://doi.org/10.1109/wicom.2009.5302354

2009-01-01

Abstract:Owing to the similarity between biological immune system and intrusion detection system, a four-layer model for network intrusion detection system based on Dendritic cells (DC) in danger theory is constructed . DC detectors are introduced and a DC-based algorithm is proposed in this model. It involves comprehensive evaluation and improves the detection ability of undefined intrusion.

GUO Chen,LIANG Jia-rong,WANG Hou-Qian

DOI: https://doi.org/10.3969/j.issn.1673-5196.2005.04.022

2005-01-01

Abstract:The general situation and running mechanism of danger mode were expounded and a novel model of intrusion detection system based on danger model immune algorithm was developed.The system exhibited remarkably its high-efficiency of processing and its self-adaptive evolutionary ability,providing a new approach to the field of network security.

Xu Chun,Chen Xing-Shu,Zhao Hui,Jiang Yu-Ming,Liu Nian,Wang Tie-Fang

DOI: https://doi.org/10.1109/ISDPE.2007.108

2007-01-01

Abstract:Denial of Service (DoS) attack is one of the most common network attacks on network in the present. Usually DoS attack is often executed in fraudulent way, so they have the characteristic of fraudulence and danger. A new method of DoS intrusion detection based on the immune danger theory is presented in the paper, according to the characteristic of DoS intrusion. In the method a definition of danger signal with a formula of computing it quantificationally, is presented And the method is tested by experiment in which DoS intrusion is detected in the real-time way. The results of the experiment show that the method can not only detect DoS intrusion in the real-time way, but also have the advantage of working with less false positive rate and with faster response. It is an effective method for DoS intrusion detection.

Tie-Shan Zhao,Zeng-Zhi Li,Ze-Min Wang,Xiao-Jun Lin

DOI: https://doi.org/10.1109/robio.2007.4522517

2007-01-01

Abstract:It is very useful to design adaptive LAN intrusion detection systems to improve the security of LANs. If a network connection links to an open port of an active host, it is defined as a normal one; otherwise, it is defined as an abnormal one. Rationality of the definitions is proved. Normal connections are self-bodies. A correct and complete self-body set can be used for an antibody set. If a new network connection doesn't match any self-body, it is abnormal. An adaptive antibody generation model is presented firstly. Based on it, an adaptive intrusion detection system is introduced. Experiments show that the system is feasible: the detection rate of intruders' scans is 100%, of intruders' random probes is more than 98%, and there are no false alerts.

Zhan-Fei MA

DOI: https://doi.org/10.3969/j.issn.1004-1869-B.2007.02.011

2007-01-01

Abstract:Recently, biology immunology-based network intrusion detection has been become a focus in intrusion detection system (IDS). Its merits are to detect and respond intrusion by virtue of theory, rule and mechanism of biology immunology. There are essential comparability between IDS and biology immune system. Biology immune system can distinguish self from non-self cell, and clear away abnormal cell; IDS can identify normal and abnormal model, and take some actions to protect system from intrusion action. Some exploratory researches have been made on IDS, and applied the algorithm, theory and mechanism of biology immune system and characteristic of intrusion detection.

黄炳洁,许新征

DOI: https://doi.org/10.3969/j.issn.1009-3044.2008.31.035

2008-01-01

Abstract:The theory of immunity principle and intrusion detection system were introduced. The application of immunology principle in intrusion detection was reviewed. The research on the application of negative selection model and danger theory and algorithms in intrusion detection system were emphasized. Based on the disadvantages of current methods, the development directions were discussed.