Discriminative power of the receptors activated by k-contiguous bits rule

The paper provides a brief introduction into a relatively new discipline: artificial immune systems (AIS). These are computer systems exploiting the natural immune system (or NIS for brevity) metaphor: protect an organism against invaders. Hence, a natural field of applications of AIS is computer security. But the notion of invader can be extended further: for instance a fault occurring in a system disturbs patterns of its regular functioning. Thus fault, or anomaly detection is another field of applications. It is convenient to represent the information about normal and abnormal functioning of a system in binary form (e.g. computer programs/viruses are binary files). Now the problem can be stated as follows: given a set of self patterns representing normal behaviour of a system under considerations find a set of detectors (i.e, antibodies, or more precisely, receptors) identifying all non self strings corresponding to abnormal states of the system. A new algorithm for generating antibody strings is presented. Its interesting property is that it allows to find in advance the number of of strings which cannot be detected by an "ideal" receptors repertoire.Facultad de Informátic

Discriminative power of the receptors activated by k-contiguous bits rule

The paper provides a brief introduction into a relatively new discipline: artificial immune systems (AIS). These are computer systems exploiting the natural immune system (or NIS for brevity) metaphor: protect an organism against invaders. Hence, a natural field of applications of AIS is computer security. But the notion of invader can be extended further: for instance a fault occurring in a system disturbs patterns of its regular functioning. Thus fault, or anomaly detection is another field of applications. It is convenient to represent the information about normal and abnormal functioning of a system in binary form (e.g. computer programs/viruses are binary files). Now the problem can be stated as follows: given a set of self patterns representing normal behaviour of a system under considerations find a set of detectors (i.e, antibodies, or more precisely, receptors) identifying all non self strings corresponding to abnormal states of the system. A new algorithm for generating antibody strings is presented. Its interesting property is that it allows to find in advance the number of of strings which cannot be detected by an "ideal" receptors repertoire.Facultad de Informátic

Immunology as a metaphor for computational information processing : fact or fiction?

The biological immune system exhibits powerful information processing capabilities, and therefore is of great interest to the computer scientist. A rapidly expanding research area has attempted to model many of the features inherent in the natural immune system in order to solve complex computational problems. This thesis examines the metaphor in detail, in an effort to understand and capitalise on those features of the metaphor which distinguish it from other existing methodologies. Two problem domains are considered — those of scheduling and data-clustering. It is argued that these domains exhibit similar characteristics to the environment in which the biological immune system operates and therefore that they are suitable candidates for application of the metaphor. For each problem domain, two distinct models are developed, incor-porating a variety of immunological principles. The models are tested on a number of artifical benchmark datasets. The success of the models on the problems considered confirms the utility of the metaphor

An Artificial Immune System-Inspired Multiobjective Evolutionary Algorithm with Application to the Detection of Distributed Computer Network Intrusions

Today\u27s predominantly-employed signature-based intrusion detection systems are reactive in nature and storage-limited. Their operation depends upon catching an instance of an intrusion or virus after a potentially successful attack, performing post-mortem analysis on that instance and encoding it into a signature that is stored in its anomaly database. The time required to perform these tasks provides a window of vulnerability to DoD computer systems. Further, because of the current maximum size of an Internet Protocol-based message, the database would have to be able to maintain 25665535 possible signature combinations. In order to tighten this response cycle within storage constraints, this thesis presents an Artificial Immune System-inspired Multiobjective Evolutionary Algorithm intended to measure the vector of trade-off solutions among detectors with regard to two independent objectives: best classification fitness and optimal hypervolume size. Modeled in the spirit of the human biological immune system and intended to augment DoD network defense systems, our algorithm generates network traffic detectors that are dispersed throughout the network. These detectors promiscuously monitor network traffic for exact and variant abnormal system events, based on only the detector\u27s own data structure and the ID domain truth set, and respond heuristically. The application domain employed for testing was the MIT-DARPA 1999 intrusion detection data set, composed of 7.2 million packets of notional Air Force Base network traffic. Results show our proof-of-concept algorithm correctly classifies at best 86.48% of the normal and 99.9% of the abnormal events, attributed to a detector affinity threshold typically between 39-44%. Further, four of the 16 intrusion sequences were classified with a 0% false positive rate

Bio-inspired approaches for critical infrastructure protection: Application of clonal selection principle for intrusion detection and FACTS placement

In this research, Clonal Selection, an immune system inspired approach, is utilized along with Evolutionary Algorithms to solve complex engineering problems such as Intrusion Detection and optimization of Flexible AC Transmission System (FACTS) device placement in a power grid. The clonal selection principle increases the strength of good solutions and alters their properties to find better solutions in a problem space. A special class of evolutionary algorithms that utilizes the clonal selection principle to guide its heuristic search process is termed Clonal EA. Clonal EAs can be used to solve complex pattern recognition and function optimization problems, which involve searching an enormous problem space for a solution. Intrusion Detection is modeled, in this research, as a pattern recognition problem wherein efficient detectors are to be designed to detect intrusive behavior. Optimization of FACTS device placement in a power grid is modeled as a function optimization problem wherein optimal placement positions for FACTS devices are to be determined, in order to balance load across power lines. Clonal EAs are designed to implement the solution models. The benefits and limitations of using Clonal EAs to solve the above mentioned problems are discussed and the performance of Clonal EAs is compared with that of traditional evolutionary algorithms and greedy algorithms --Abstract, page iii

A Self-Adaptive Evolutionary Negative Selection Approach for Anomaly Detection

Forrest et al. (1994; 1997) proposed a negative selection algorithm, also termed the exhaustive detector generating algorithm, for various anomaly detection problems. The negative selection algorithm was inspired by the thymic negative selection process that is intrinsic to natural immune systems, consisting of screening and deleting self-reactive T-cells, i.e., those T-cells that recognize self-cells. The negative selection algorithm takes considerable time (exponential to the size of the self-data) and produces redundant detectors. This time/size limitation motivated the development of different approaches to generate the set of candidate detectors. A reasonable way to find suitable parameter settings is to let an evolutionary algorithm determine the settings itself by using self-adaptive techniques. The objective of the research presented in this dissertation was to analyze, explain, and demonstrate that a novel evolutionary negative selection algorithm for anomaly detection (in non-stationary environments) can generate competent non redundant detectors with better computational time performance than the NSMutation algorithm when the mutation step size of the detectors is self-adapted