824 research outputs found
Information Fusion for Anomaly Detection with the Dendritic Cell Algorithm
Dendritic cells are antigen presenting cells that provide a vital link
between the innate and adaptive immune system, providing the initial detection
of pathogenic invaders. Research into this family of cells has revealed that
they perform information fusion which directs immune responses. We have derived
a Dendritic Cell Algorithm based on the functionality of these cells, by
modelling the biological signals and differentiation pathways to build a
control mechanism for an artificial immune system. We present algorithmic
details in addition to experimental results, when the algorithm was applied to
anomaly detection for the detection of port scans. The results show the
Dendritic Cell Algorithm is sucessful at detecting port scans.Comment: 21 pages, 17 figures, Information Fusio
Dendritic Cells for Anomaly Detection
Artificial immune systems, more specifically the negative selection
algorithm, have previously been applied to intrusion detection. The aim of this
research is to develop an intrusion detection system based on a novel concept
in immunology, the Danger Theory. Dendritic Cells (DCs) are antigen presenting
cells and key to the activation of the human signals from the host tissue and
correlate these signals with proteins know as antigens. In algorithmic terms,
individual DCs perform multi-sensor data fusion based on time-windows. The
whole population of DCs asynchronously correlates the fused signals with a
secondary data stream. The behaviour of human DCs is abstracted to form the DC
Algorithm (DCA), which is implemented using an immune inspired framework,
libtissue. This system is used to detect context switching for a basic machine
learning dataset and to detect outgoing portscans in real-time. Experimental
results show a significant difference between an outgoing portscan and normal
traffic.Comment: 8 pages, 10 tables, 4 figures, IEEE Congress on Evolutionary
Computation (CEC2006), Vancouver, Canad
The dendritic cell algorithm for intrusion detection
As one of the solutions to intrusion detection problems, Artificial Immune
Systems (AIS) have shown their advantages. Unlike genetic algorithms, there is
no one archetypal AIS, instead there are four major paradigms. Among them, the
Dendritic Cell Algorithm (DCA) has produced promising results in various
applications. The aim of this chapter is to demonstrate the potential for the
DCA as a suitable candidate for intrusion detection problems. We review some of
the commonly used AIS paradigms for intrusion detection problems and
demonstrate the advantages of one particular algorithm, the DCA. In order to
clearly describe the algorithm, the background to its development and a formal
definition are given. In addition, improvements to the original DCA are
presented and their implications are discussed, including previous work done on
an online analysis component with segmentation and ongoing work on automated
data preprocessing. Based on preliminary results, both improvements appear to
be promising for online anomaly-based intrusion detection.Comment: Bio-Inspired Communications and Networking, IGI Global, 84-102, 201
The deterministic Dendritic Cell Algorithm
The Dendritic Cell Algorithm is an immune-inspired algorithm originally based on the function of natural dendritic cells. The original instantiation of the algorithm is a highly stochastic algorithm. While the performance of the algorithm is good when applied to large real-time datasets, it is difficult to analyse due to the number of random-based elements. In this paper a deterministic version of the algorithm is proposed, implemented and tested using a port scan dataset to provide a controllable system. This version consists of a controllable amount of parameters, which are experimented with in this paper. In addition the effects are examined of the use of time windows and variation on the number of cells, both which are shown to influence the algorithm. Finally a novel metric for the assessment of the algorithms output is introduced and proves to be a more sensitive metric than the metric used with the original Dendritic Cell Algorithm
- …