179 research outputs found
Dendritic Cells for Anomaly Detection
Artificial immune systems, more specifically the negative selection
algorithm, have previously been applied to intrusion detection. The aim of this
research is to develop an intrusion detection system based on a novel concept
in immunology, the Danger Theory. Dendritic Cells (DCs) are antigen presenting
cells and key to the activation of the human signals from the host tissue and
correlate these signals with proteins know as antigens. In algorithmic terms,
individual DCs perform multi-sensor data fusion based on time-windows. The
whole population of DCs asynchronously correlates the fused signals with a
secondary data stream. The behaviour of human DCs is abstracted to form the DC
Algorithm (DCA), which is implemented using an immune inspired framework,
libtissue. This system is used to detect context switching for a basic machine
learning dataset and to detect outgoing portscans in real-time. Experimental
results show a significant difference between an outgoing portscan and normal
traffic.Comment: 8 pages, 10 tables, 4 figures, IEEE Congress on Evolutionary
Computation (CEC2006), Vancouver, Canad
Desenvolvimentos de uma nova abordagem em inteligência artificial para deteção de anomalias
Doutoramento em Engenharia InformáticaEste trabalho visou o desenvolvimento do modelo de frustração celular para
aplicações à segurança informática. Neste âmbito foram desenvolvidos os
processos necessários para materializar o modelo de frustração celular num
algoritmo semi-supervisionado de deteção de anomalias. É por seguida
efetuada uma comparação da capacidade de discriminação do algoritmo
de frustração celular com algoritmos do estado de arte, nomeadamente
máquinas de vetores de suporte e florestas aleatórias (com sigla em inglês
de SVM e RF, respetivamente). Verifica-se que nos casos estudados o algoritmo
de frustração celular obtém uma capacidade de discriminação de
anomalias semelhante, senĂŁo melhor, que os algoritmos anteriormente descritos.
São ainda descritas otimizações para reduzir o elevado custo computacional
do algoritmo recorrendo a novos paradigmas de computação, i.e.
pelo uso de placas gráficas, assim como otimizações que visam reduzir a
complexidade do algoritmo. Em ambos os casos foi verificada uma redução
do tempo computacional. Por fim, Ă© ainda verificado que as melhorias introduzidas
permitiram que a capacidade de discriminação do algoritmo se
tornasse menos sensĂvel Ă perturbação dos seus parâmetros.This work sought to develop the cellular frustration model for computer security
applications. In this sense, the required processes to materialize the
cellular frustration model in a semi-supervised anomaly detection algorithm
were developed. The discrimination capability of the cellular frustration algorithm
was then compared with the discrimination capability of state of the
art algorithms, namely support vector machines and random forests (SVMs
and RFs, respectively). In the studied cases it is observed that the cellular
frustration algorithm exhibits comparable, if not better, anomaly detection
capabilities. Optimizations to reduce the high computational cost that rely
on new computational paradigms, i.e. by the use of graphic cards, as well
as optimizations to reduce the algorithm complexity were also described. In
both cases it was observed a reduction of the computational time required
by the algorithm. Finally, it was verified that the introduced improvements
allowed the anomaly detection capability of the algorithm to become less
sensitive to the perturbation of its parameters
Discriminative power of the receptors activated by k-contiguous bits rule
The paper provides a brief introduction into a relatively new discipline: artificial immune systems (AIS). These are computer systems exploiting the natural immune system (or NIS for brevity) metaphor: protect an organism against invaders. Hence, a natural field of applications of AIS is computer security. But the notion of invader can be extended further: for instance a fault occurring in a system disturbs patterns of its regular functioning. Thus fault, or anomaly detection is another field of applications. It is convenient to represent the information about normal and abnormal functioning of a system in binary form (e.g. computer programs/viruses are binary files). Now the problem can be stated as follows: given a set of self patterns representing normal behaviour of a system under considerations find a set of detectors (i.e, antibodies, or more precisely, receptors) identifying all non self strings corresponding to abnormal states of the system. A new algorithm for generating antibody strings is presented. Its interesting property is that it allows to find in advance the number of of strings which cannot be detected by an "ideal" receptors repertoire.Facultad de Informátic
Intensity based interrogation of optical fibre sensors for industrial automation and intrusion detection systems
In this study, the use of optical fibre sensors for intrusion detection and industrial automation systems has been demonstrated, with a particular focus on low cost, intensity-based, interrogation techniques. The use of optical fibre sensors for intrusion detection systems to secure residential, commercial, and industrial premises against potential security breaches has been extensively reviewed in this thesis. Fibre Bragg grating (FBG) sensing is one form of optical fibre sensing that has been underutilised in applications such as in-ground, in-fence, and window and door monitoring, and addressing that opportunity has been a major goal of this thesis. Both security and industrial sensor systems must include some centralised intelligence (electronic controller) and ideally both automation and security sensor systems would be controlled and monitored by the same centralised system. Optical fibre sensor systems that could be used for either application have been designed, developed, and tested in this study, and optoelectronic interfaces for integrating these sensors with electronic controllers have been demonstrated. The versatility of FBG sensors means that they are also ideal for certain mainstream industrial applications.
Two novel transducers have been developed in this work; a highly sensitive low pressure FBG diaphragm transducer and a FBG load cell transducer. Both have been designed to allow interrogation of the optical signal could occur within the housing of the individual sensors themselves. This is achieved in a simple and low cost manner that enables the output of the transducers to be easily connected to standard electronic controllers, such as programmable logic controllers. Furthermore, some of the nonlinear characteristics of FBG sensors have been explored with the aim of developing transducers that are inherently decoupled from strain and temperature interference. One of the major advantages of optical fibre sensors is their ability to be both time division and wavelength division multiplexed. The intensity-based interrogation techniques used here complement this attribute and are a major consideration when developing the transducers and optoelectronic circuits. A time division multiplexing technique, using transmit-reflect detection and incorporating a dual bus, has also been developed. This system architecture enables all the different optical fibre transducers on the network to have the same Bragg wavelength and hence the number of spare replacement transducers required is minimal. Moreover, sensors can be replaced in an online control system without disrupting the network. In addition, by analysing both the transmitted and reflected signals, problems associated with optical power fluctuations are eliminated and the intensity of the sensor signals is increased through differential amplification.
Overall, the research addresses the limitations of conventional electrical sensors, such as susceptibility to corrosive damage in wet and corrosive environments, and risk of causing an explosion in hazardous environments, as well as the limitations of current stand-alone optical fibre sensor systems. This thesis supports more alert, reliable, affordable, and coordinated, control and monitoring systems in an on-line environment
Detecção de elementos estranhos em modelos inspirados em imunologia
Mestrado em Engenharia FĂsicaNeste trabalho Ă© apresentado um algoritmo para detecção de elementos
estranhos (nonself) baseado no mecanismo de Frustração Celular. Este
mecanismo apresenta uma nova abordagem às interacções celulares que
ocorrem no sistema imunolĂłgico adaptativo. O conceito Ă© o de que qualquer
elemento estranho estabelecerá interacções menos frustradas do que os
restantes elementos do sistema, podendo por isso, através do seu
comportamento anĂłmalo, ser detectado. O algoritmo proposto possui
vantagens em relação aos sistemas imunológicos artificiais mais conhecidos.
Entre elas está a possibilidade de obter detecção perfeita com um número
reduzido de detectores. Nesta tese, analisa-se comparativamente este
algoritmo com algoritmos de selecção negativa existentes na literatura.In this work an algorithm for nonself detection is presented, based on the
Cellular Frustration mechanism. This mechanism presents a novel approach to
cellular interactions occurring in the adaptive immune system. The concept is
that any nonself element will establish less frustrated interactions than the
remaining elements of the system, can thus, by its anomalous behaviour, be
detected. The proposed algorithm has advantages over the most know artificial
immune systems. Among the advantages there is the possibility to achieve
perfect detection using a reduced number of detectors. In this thesis, this
algorithm is analysed comparatively to negative selection algorithms that can
be found in literature
Discriminative power of the receptors activated by k-contiguous bits rule
The paper provides a brief introduction into a relatively new discipline: artificial immune systems (AIS). These are computer systems exploiting the natural immune system (or NIS for brevity) metaphor: protect an organism against invaders. Hence, a natural field of applications of AIS is computer security. But the notion of invader can be extended further: for instance a fault occurring in a system disturbs patterns of its regular functioning. Thus fault, or anomaly detection is another field of applications. It is convenient to represent the information about normal and abnormal functioning of a system in binary form (e.g. computer programs/viruses are binary files). Now the problem can be stated as follows: given a set of self patterns representing normal behaviour of a system under considerations find a set of detectors (i.e, antibodies, or more precisely, receptors) identifying all non self strings corresponding to abnormal states of the system. A new algorithm for generating antibody strings is presented. Its interesting property is that it allows to find in advance the number of of strings which cannot be detected by an "ideal" receptors repertoire.Facultad de Informátic
Selected Algorithms of Computational Intelligence in Gastric Cancer Decision Making
Due to the latest research the subject of Computational Intelligence has been
divided into five main regions, namely, neural networks, evolutionary
algorithms, swarm intelligence, immunological systems and fuzzy systems.
Our attention has been attracted by the possibilities of medical applications
provided by immunological computation algorithms. Immunological computation
systems are based on immune reactions of the living organisms in order to
defend the bodies from pathological substances. Especially, the mechanisms of
the T-cell reactions to detect strangers have been converted into artificial
numerical algorithms.
Immunological systems have been developed in scientific books and reports
appearing during the two last decades. The basic negative selection algorithm
NS was invented by Stefanie Forrest to give rise to some technical
applications. We can note such applications of NS as computer virus detection,
reduction of noise effect, communication of autonomous agents or identification
of time varying systems. Even a trial of connection between a computer and
biological systems has been proved by means of immunological computation.
Hybrids made between different fields can provide researchers with richer
results; therefore associations between immunological systems and neural
networks have been developed as well.
In the current chapter we propose another hybrid between the NS algorithm and
chosen solutions coming from fuzzy systems. This hybrid constitutes the own
model of adapting the NS algorithm to the operation decisions “operate” contra
“do not operate” in gastric cancer surgery. The choice between two
possibilities to treat patients is identified with the partition of a decision
region in self and non-self, which is similar to the action of the NS
algorithm. The partition is accomplished on the basis of patient data
strings/vectors that contain codes of states concerning some essential
biological markers. To be able to identify the strings that characterize the
“operate” decision we add the own method of computing the patients’
characteristics as real values. The evaluation of the patients’ characteristics
is supported by inserting importance weights assigned to powerful biological
indices taking place in the operation decision process. To compute the weights
of importance the Saaty algorithm is adopted
Artificial immune systems based committee machine for classification application
This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.A new adaptive learning Artificial Immune System (AIS) based committee machine is developed in this thesis. The new proposed approach efficiently tackles the general problem of clustering high-dimensional data. In addition, it helps on deriving useful decision and results related to other application domains such classification and prediction. Artificial Immune System (AIS) is a branch of computational intelligence field inspired by the biological immune system, and has gained increasing interest among researchers in the development of immune-based models and techniques to solve diverse complex computational or engineering problems. This work presents some applications of AIS techniques to health problems, and a thorough survey of existing AIS models and algorithms. The main focus of this research is devoted to building an ensemble model integrating different AIS techniques (i.e. Artificial Immune Networks, Clonal Selection, and Negative Selection) for classification applications to achieve better classification results. A new AIS-based ensemble architecture with adaptive learning features is proposed by integrating different learning and adaptation techniques to overcome individual limitations and to achieve synergetic effects through the combination of these techniques. Various techniques related to the design and enhancements of the new adaptive learning architecture are studied, including a neuro-fuzzy based detector and an optimizer using particle swarm optimization method to achieve enhanced classification performance. An evaluation study was conducted to show the performance of the new proposed adaptive learning ensemble and to compare it to alternative combining techniques. Several experiments are presented using different medical datasets for the classification problem and findings and outcomes are discussed. The new adaptive learning architecture improves the accuracy of the ensemble. Moreover, there is an improvement over the existing aggregation techniques. The outcomes, assumptions and limitations of the proposed methods with its implications for further research in this area draw this research to its conclusion
Nature-inspired survivability: Prey-inspired survivability countermeasures for cloud computing security challenges
As cloud computing environments become complex, adversaries have become highly sophisticated and unpredictable. Moreover, they can easily increase attack power and persist longer before detection. Uncertain malicious actions, latent risks, Unobserved or Unobservable risks (UUURs) characterise this new threat domain. This thesis proposes prey-inspired survivability to address unpredictable security challenges borne out of UUURs. While survivability is a well-addressed phenomenon in non-extinct prey animals, applying prey survivability to cloud computing directly is challenging due to contradicting end goals. How to manage evolving survivability goals and requirements under contradicting environmental conditions adds to the challenges. To address these challenges, this thesis proposes a holistic taxonomy which integrate multiple and disparate perspectives of cloud security challenges. In addition, it proposes the TRIZ (Teorija Rezbenija Izobretatelskib Zadach) to derive prey-inspired solutions through resolving contradiction. First, it develops a 3-step process to facilitate interdomain transfer of
concepts from nature to cloud. Moreover, TRIZ’s generic approach suggests specific
solutions for cloud computing survivability. Then, the thesis presents the conceptual prey-inspired cloud computing survivability framework (Pi-CCSF), built upon TRIZ derived solutions. The framework run-time is pushed to the user-space to support evolving survivability design goals. Furthermore, a target-based decision-making technique (TBDM) is proposed to manage survivability decisions. To evaluate the prey-inspired survivability concept, Pi-CCSF simulator is developed and implemented. Evaluation results shows that escalating survivability actions improve the vitality of vulnerable and compromised virtual machines (VMs) by 5% and dramatically improve their overall survivability. Hypothesis testing conclusively supports the hypothesis that the escalation mechanisms can be applied to enhance the survivability of cloud computing systems. Numeric analysis of TBDM shows that by considering survivability preferences and attitudes (these directly impacts survivability actions), the TBDM method brings unpredictable survivability information closer to decision processes. This enables efficient execution of variable escalating survivability actions, which enables the Pi-CCSF’s decision
system (DS) to focus upon decisions that achieve survivability outcomes under unpredictability imposed by UUUR
- …