'Immune System Approaches to Intrusion Detection - A Review'

Abstract. The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we collate the algorithms used, the development of the systems and the outcome of their implementation. It provides an introduction and review of the key developments within this field, in addition to making suggestions for future research

Artificial immune systems

The human immune system has numerous properties that make it ripe for exploitation in the computational domain, such as robustness and fault tolerance, and many different algorithms, collectively termed Artificial Immune Systems (AIS), have been inspired by it. Two generations of AIS are currently in use, with the first generation relying on simplified immune models and the second generation utilising interdisciplinary collaboration to develop a deeper understanding of the immune system and hence produce more complex models. Both generations of algorithms have been successfully applied to a variety of problems, including anomaly detection, pattern recognition, optimisation and robotics. In this chapter an overview of AIS is presented, its evolution is discussed, and it is shown that the diversification of the field is linked to the diversity of the immune system itself, leading to a number of algorithms as opposed to one archetypal system. Two case studies are also presented to help provide insight into the mechanisms of AIS; these are the idiotypic network approach and the Dendritic Cell Algorithm

Studies on Real-Valued Negative Selection Algorithms for Self-Nonself Discrimination

The artificial immune system (AIS) is an emerging research field of computational intelligence that is inspired by the principle of biological immune systems. With the adaptive learning ability and a self-organization and robustness nature, the immunology based AIS algorithms have successfully been applied to solve many engineering problems in recent years, such as computer network security analysis, fault detection, and data mining. The real-valued negative selection algorithm (RNSA) is a computational model of the self/non-self discrimination process performed by the T-cells in natural immune systems. In this research, three different real-valued negative selection algorithms (i.e., the detectors with fixed radius, the V-detector with variable radius, and the proliferating detectors) are studied and their applications in data classification and bioinformatics are investigated. A comprehensive study on various parameters that are related with the performance of RNSA, such as the dimensionality of input vectors, the estimation of detector coverage, and most importantly the selection of an appropriate distance metric, is conducted and the figure of merit (FOM) of each algorithm is evaluated using real-world datasets. As a comparison, a model based on artificial neural network is also included to further demonstrate the effectiveness and advantages of RNSA for specific applications

Nature inspired computational intelligence for financial contagion modelling

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Financial contagion refers to a scenario in which small shocks, which initially affect only a few financial institutions or a particular region of the economy, spread to the rest of the financial sector and other countries whose economies were previously healthy. This resembles the “transmission” of a medical disease. Financial contagion happens both at domestic level and international level. At domestic level, usually the failure of a domestic bank or financial intermediary triggers transmission by defaulting on inter-bank liabilities, selling assets in a fire sale, and undermining confidence in similar banks. An example of this phenomenon is the failure of Lehman Brothers and the subsequent turmoil in the US financial markets. International financial contagion happens in both advanced economies and developing economies, and is the transmission of financial crises across financial markets. Within the current globalise financial system, with large volumes of cash flow and cross-regional operations of large banks and hedge funds, financial contagion usually happens simultaneously among both domestic institutions and across countries. There is no conclusive definition of financial contagion, most research papers study contagion by analyzing the change in the variance-covariance matrix during the period of market turmoil. King and Wadhwani (1990) first test the correlations between the US, UK and Japan, during the US stock market crash of 1987. Boyer (1997) finds significant increases in correlation during financial crises, and reinforces a definition of financial contagion as a correlation changing during the crash period. Forbes and Rigobon (2002) give a definition of financial contagion. In their work, the term interdependence is used as the alternative to contagion. They claim that for the period they study, there is no contagion but only interdependence. Interdependence leads to common price movements during periods both of stability and turmoil. In the past two decades, many studies (e.g. Kaminsky et at., 1998; Kaminsky 1999) have developed early warning systems focused on the origins of financial crises rather than on financial contagion. Further authors (e.g. Forbes and Rigobon, 2002; Caporale et al, 2005), on the other hand, have focused on studying contagion or interdependence. In this thesis, an overall mechanism is proposed that simulates characteristics of propagating crisis through contagion. Within that scope, a new co-evolutionary market model is developed, where some of the technical traders change their behaviour during crisis to transform into herd traders making their decisions based on market sentiment rather than underlying strategies or factors. The thesis focuses on the transformation of market interdependence into contagion and on the contagion effects. The author first build a multi-national platform to allow different type of players to trade implementing their own rules and considering information from the domestic and a foreign market. Traders’ strategies and the performance of the simulated domestic market are trained using historical prices on both markets, and optimizing artificial market’s parameters through immune - particle swarm optimization techniques (I-PSO). The author also introduces a mechanism contributing to the transformation of technical into herd traders. A generalized auto-regressive conditional heteroscedasticity - copula (GARCH-copula) is further applied to calculate the tail dependence between the affected market and the origin of the crisis, and that parameter is used in the fitness function for selecting the best solutions within the evolving population of possible model parameters, and therefore in the optimization criteria for contagion simulation. The overall model is also applied in predictive mode, where the author optimize in the pre-crisis period using data from the domestic market and the crisis-origin foreign market, and predict in the crisis period using data from the foreign market and predicting the affected domestic market

Representation and decision making in the immune system

The immune system has long been attributed cognitive capacities such as "recognition" of pathogenic agents; "memory" of previous infections; "regulation" of a cavalry of detector and effector cells; and "adaptation" to a changing environment and evolving threats. Ostensibly, in preventing disease the immune system must be capable of discriminating states of pathology in the organism; identifying causal agents or ``pathogens''; and correctly deploying lethal effector mechanisms. What is more, these behaviours must be learnt insomuch as the paternal genes cannot encode the pathogenic environment of the child. Insights into the mechanisms underlying these phenomena are of interest, not only to immunologists, but to computer scientists pushing the envelope of machine autonomy. This thesis approaches these phenomena from the perspective that immunological processes are inherently inferential processes. By considering the immune system as a statistical decision maker, we attempt to build a bridge between the traditionally distinct fields of biological modelling and statistical modelling. Through a mixture of novel theoretical and empirical analysis we assert the efficacy of competitive exclusion as a general principle that benefits both. For the immunologist, the statistical modelling perspective allows us to better determine that which is phenomenologically sufficient from the mass of observational data, providing quantitative insight that may offer relief from existing dichotomies. For the computer scientist, the biological modelling perspective results in a theoretically transparent and empirically effective numerical method that is able to finesse the trade-off between myopic greediness and intractability in domains such as sparse approximation, continuous learning and boosting weak heuristics. Together, we offer this as a modern reformulation of the interface between computer science and immunology, established in the seminal work of Perelson and collaborators, over 20 years ago.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Desenvolvimentos de uma nova abordagem em inteligência artificial para deteção de anomalias

Doutoramento em Engenharia InformáticaEste trabalho visou o desenvolvimento do modelo de frustração celular para aplicações à segurança informática. Neste âmbito foram desenvolvidos os processos necessários para materializar o modelo de frustração celular num algoritmo semi-supervisionado de deteção de anomalias. É por seguida efetuada uma comparação da capacidade de discriminação do algoritmo de frustração celular com algoritmos do estado de arte, nomeadamente máquinas de vetores de suporte e florestas aleatórias (com sigla em inglês de SVM e RF, respetivamente). Verifica-se que nos casos estudados o algoritmo de frustração celular obtém uma capacidade de discriminação de anomalias semelhante, senão melhor, que os algoritmos anteriormente descritos. São ainda descritas otimizações para reduzir o elevado custo computacional do algoritmo recorrendo a novos paradigmas de computação, i.e. pelo uso de placas gráficas, assim como otimizações que visam reduzir a complexidade do algoritmo. Em ambos os casos foi verificada uma redução do tempo computacional. Por fim, é ainda verificado que as melhorias introduzidas permitiram que a capacidade de discriminação do algoritmo se tornasse menos sensível à perturbação dos seus parâmetros.This work sought to develop the cellular frustration model for computer security applications. In this sense, the required processes to materialize the cellular frustration model in a semi-supervised anomaly detection algorithm were developed. The discrimination capability of the cellular frustration algorithm was then compared with the discrimination capability of state of the art algorithms, namely support vector machines and random forests (SVMs and RFs, respectively). In the studied cases it is observed that the cellular frustration algorithm exhibits comparable, if not better, anomaly detection capabilities. Optimizations to reduce the high computational cost that rely on new computational paradigms, i.e. by the use of graphic cards, as well as optimizations to reduce the algorithm complexity were also described. In both cases it was observed a reduction of the computational time required by the algorithm. Finally, it was verified that the introduced improvements allowed the anomaly detection capability of the algorithm to become less sensitive to the perturbation of its parameters

Representation and Decision Making in the Immune System

The immune system has long been attributed cognitive capacities such as "recognition" of pathogenic agents; "memory" of previous infections; "regulation" of a cavalry of detector and effector cells; and "adaptation" to a changing environment and evolving threats. Ostensibly, in preventing disease the immune system must be capable of discriminating states of pathology in the organism; identifying causal agents or "pathogens"; and correctly deploying lethal effector mechanisms. What is more, these behaviours must be learnt insomuch as the paternal genes cannot encode the pathogenic environment of the child. Insights into the mechanisms underlying these phenomena are of interest, not only to immunologists, but to computer scientists pushing the envelope of machine autonomy.This thesis approaches these phenomena from the perspective that immunological processes are inherently inferential processes. By considering the immune system as a statistical decision maker, we attempt to build a bridge between the traditionally distinct fields of biological modelling and statistical modelling. Through a mixture of novel theoretical and empirical analysis we assert the efficacy of competitive exclusion as a general principle that benefits both. For the immunologist, the statistical modelling perspective allows us to better determine that which is phenomenologically sufficient from the mass of observational data, providing quantitative insight that may offer relief from existing dichotomies. For the computer scientist, the biological modelling perspective results in a theoretically transparent and empirically effective numerical method that is able to finesse the trade-off between myopic greediness and intractability in domains such as sparse approximation, continuous learning and boosting weak heuristics. Together, we offer this as a modern reformulation of the interface between computer science and immunology, established in the seminal work of Perelson and collaborators, over 20 years ago