Dendritic Cells for Anomaly Detection

Artificial immune systems, more specifically the negative selection algorithm, have previously been applied to intrusion detection. The aim of this research is to develop an intrusion detection system based on a novel concept in immunology, the Danger Theory. Dendritic Cells (DCs) are antigen presenting cells and key to the activation of the human signals from the host tissue and correlate these signals with proteins know as antigens. In algorithmic terms, individual DCs perform multi-sensor data fusion based on time-windows. The whole population of DCs asynchronously correlates the fused signals with a secondary data stream. The behaviour of human DCs is abstracted to form the DC Algorithm (DCA), which is implemented using an immune inspired framework, libtissue. This system is used to detect context switching for a basic machine learning dataset and to detect outgoing portscans in real-time. Experimental results show a significant difference between an outgoing portscan and normal traffic.Comment: 8 pages, 10 tables, 4 figures, IEEE Congress on Evolutionary Computation (CEC2006), Vancouver, Canad

Desenvolvimentos de uma nova abordagem em inteligência artificial para deteção de anomalias

Doutoramento em Engenharia InformáticaEste trabalho visou o desenvolvimento do modelo de frustração celular para aplicações à segurança informática. Neste âmbito foram desenvolvidos os processos necessários para materializar o modelo de frustração celular num algoritmo semi-supervisionado de deteção de anomalias. É por seguida efetuada uma comparação da capacidade de discriminação do algoritmo de frustração celular com algoritmos do estado de arte, nomeadamente máquinas de vetores de suporte e florestas aleatórias (com sigla em inglês de SVM e RF, respetivamente). Verifica-se que nos casos estudados o algoritmo de frustração celular obtém uma capacidade de discriminação de anomalias semelhante, senão melhor, que os algoritmos anteriormente descritos. São ainda descritas otimizações para reduzir o elevado custo computacional do algoritmo recorrendo a novos paradigmas de computação, i.e. pelo uso de placas gráficas, assim como otimizações que visam reduzir a complexidade do algoritmo. Em ambos os casos foi verificada uma redução do tempo computacional. Por fim, é ainda verificado que as melhorias introduzidas permitiram que a capacidade de discriminação do algoritmo se tornasse menos sensível à perturbação dos seus parâmetros.This work sought to develop the cellular frustration model for computer security applications. In this sense, the required processes to materialize the cellular frustration model in a semi-supervised anomaly detection algorithm were developed. The discrimination capability of the cellular frustration algorithm was then compared with the discrimination capability of state of the art algorithms, namely support vector machines and random forests (SVMs and RFs, respectively). In the studied cases it is observed that the cellular frustration algorithm exhibits comparable, if not better, anomaly detection capabilities. Optimizations to reduce the high computational cost that rely on new computational paradigms, i.e. by the use of graphic cards, as well as optimizations to reduce the algorithm complexity were also described. In both cases it was observed a reduction of the computational time required by the algorithm. Finally, it was verified that the introduced improvements allowed the anomaly detection capability of the algorithm to become less sensitive to the perturbation of its parameters

Discriminative power of the receptors activated by k-contiguous bits rule

The paper provides a brief introduction into a relatively new discipline: artificial immune systems (AIS). These are computer systems exploiting the natural immune system (or NIS for brevity) metaphor: protect an organism against invaders. Hence, a natural field of applications of AIS is computer security. But the notion of invader can be extended further: for instance a fault occurring in a system disturbs patterns of its regular functioning. Thus fault, or anomaly detection is another field of applications. It is convenient to represent the information about normal and abnormal functioning of a system in binary form (e.g. computer programs/viruses are binary files). Now the problem can be stated as follows: given a set of self patterns representing normal behaviour of a system under considerations find a set of detectors (i.e, antibodies, or more precisely, receptors) identifying all non self strings corresponding to abnormal states of the system. A new algorithm for generating antibody strings is presented. Its interesting property is that it allows to find in advance the number of of strings which cannot be detected by an "ideal" receptors repertoire.Facultad de Informátic

Intensity based interrogation of optical fibre sensors for industrial automation and intrusion detection systems

In this study, the use of optical fibre sensors for intrusion detection and industrial automation systems has been demonstrated, with a particular focus on low cost, intensity-based, interrogation techniques. The use of optical fibre sensors for intrusion detection systems to secure residential, commercial, and industrial premises against potential security breaches has been extensively reviewed in this thesis. Fibre Bragg grating (FBG) sensing is one form of optical fibre sensing that has been underutilised in applications such as in-ground, in-fence, and window and door monitoring, and addressing that opportunity has been a major goal of this thesis. Both security and industrial sensor systems must include some centralised intelligence (electronic controller) and ideally both automation and security sensor systems would be controlled and monitored by the same centralised system. Optical fibre sensor systems that could be used for either application have been designed, developed, and tested in this study, and optoelectronic interfaces for integrating these sensors with electronic controllers have been demonstrated. The versatility of FBG sensors means that they are also ideal for certain mainstream industrial applications. Two novel transducers have been developed in this work; a highly sensitive low pressure FBG diaphragm transducer and a FBG load cell transducer. Both have been designed to allow interrogation of the optical signal could occur within the housing of the individual sensors themselves. This is achieved in a simple and low cost manner that enables the output of the transducers to be easily connected to standard electronic controllers, such as programmable logic controllers. Furthermore, some of the nonlinear characteristics of FBG sensors have been explored with the aim of developing transducers that are inherently decoupled from strain and temperature interference. One of the major advantages of optical fibre sensors is their ability to be both time division and wavelength division multiplexed. The intensity-based interrogation techniques used here complement this attribute and are a major consideration when developing the transducers and optoelectronic circuits. A time division multiplexing technique, using transmit-reflect detection and incorporating a dual bus, has also been developed. This system architecture enables all the different optical fibre transducers on the network to have the same Bragg wavelength and hence the number of spare replacement transducers required is minimal. Moreover, sensors can be replaced in an online control system without disrupting the network. In addition, by analysing both the transmitted and reflected signals, problems associated with optical power fluctuations are eliminated and the intensity of the sensor signals is increased through differential amplification. Overall, the research addresses the limitations of conventional electrical sensors, such as susceptibility to corrosive damage in wet and corrosive environments, and risk of causing an explosion in hazardous environments, as well as the limitations of current stand-alone optical fibre sensor systems. This thesis supports more alert, reliable, affordable, and coordinated, control and monitoring systems in an on-line environment

Detecção de elementos estranhos em modelos inspirados em imunologia

Mestrado em Engenharia FísicaNeste trabalho é apresentado um algoritmo para detecção de elementos estranhos (nonself) baseado no mecanismo de Frustração Celular. Este mecanismo apresenta uma nova abordagem às interacções celulares que ocorrem no sistema imunológico adaptativo. O conceito é o de que qualquer elemento estranho estabelecerá interacções menos frustradas do que os restantes elementos do sistema, podendo por isso, através do seu comportamento anómalo, ser detectado. O algoritmo proposto possui vantagens em relação aos sistemas imunológicos artificiais mais conhecidos. Entre elas está a possibilidade de obter detecção perfeita com um número reduzido de detectores. Nesta tese, analisa-se comparativamente este algoritmo com algoritmos de selecção negativa existentes na literatura.In this work an algorithm for nonself detection is presented, based on the Cellular Frustration mechanism. This mechanism presents a novel approach to cellular interactions occurring in the adaptive immune system. The concept is that any nonself element will establish less frustrated interactions than the remaining elements of the system, can thus, by its anomalous behaviour, be detected. The proposed algorithm has advantages over the most know artificial immune systems. Among the advantages there is the possibility to achieve perfect detection using a reduced number of detectors. In this thesis, this algorithm is analysed comparatively to negative selection algorithms that can be found in literature

Discriminative power of the receptors activated by k-contiguous bits rule

The paper provides a brief introduction into a relatively new discipline: artificial immune systems (AIS). These are computer systems exploiting the natural immune system (or NIS for brevity) metaphor: protect an organism against invaders. Hence, a natural field of applications of AIS is computer security. But the notion of invader can be extended further: for instance a fault occurring in a system disturbs patterns of its regular functioning. Thus fault, or anomaly detection is another field of applications. It is convenient to represent the information about normal and abnormal functioning of a system in binary form (e.g. computer programs/viruses are binary files). Now the problem can be stated as follows: given a set of self patterns representing normal behaviour of a system under considerations find a set of detectors (i.e, antibodies, or more precisely, receptors) identifying all non self strings corresponding to abnormal states of the system. A new algorithm for generating antibody strings is presented. Its interesting property is that it allows to find in advance the number of of strings which cannot be detected by an "ideal" receptors repertoire.Facultad de Informátic

Selected Algorithms of Computational Intelligence in Gastric Cancer Decision Making

Due to the latest research the subject of Computational Intelligence has been divided into five main regions, namely, neural networks, evolutionary algorithms, swarm intelligence, immunological systems and fuzzy systems. Our attention has been attracted by the possibilities of medical applications provided by immunological computation algorithms. Immunological computation systems are based on immune reactions of the living organisms in order to defend the bodies from pathological substances. Especially, the mechanisms of the T-cell reactions to detect strangers have been converted into artificial numerical algorithms. Immunological systems have been developed in scientific books and reports appearing during the two last decades. The basic negative selection algorithm NS was invented by Stefanie Forrest to give rise to some technical applications. We can note such applications of NS as computer virus detection, reduction of noise effect, communication of autonomous agents or identification of time varying systems. Even a trial of connection between a computer and biological systems has been proved by means of immunological computation. Hybrids made between different fields can provide researchers with richer results; therefore associations between immunological systems and neural networks have been developed as well. In the current chapter we propose another hybrid between the NS algorithm and chosen solutions coming from fuzzy systems. This hybrid constitutes the own model of adapting the NS algorithm to the operation decisions “operate” contra “do not operate” in gastric cancer surgery. The choice between two possibilities to treat patients is identified with the partition of a decision region in self and non-self, which is similar to the action of the NS algorithm. The partition is accomplished on the basis of patient data strings/vectors that contain codes of states concerning some essential biological markers. To be able to identify the strings that characterize the “operate” decision we add the own method of computing the patients’ characteristics as real values. The evaluation of the patients’ characteristics is supported by inserting importance weights assigned to powerful biological indices taking place in the operation decision process. To compute the weights of importance the Saaty algorithm is adopted

Artificial immune systems based committee machine for classification application

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.A new adaptive learning Artificial Immune System (AIS) based committee machine is developed in this thesis. The new proposed approach efficiently tackles the general problem of clustering high-dimensional data. In addition, it helps on deriving useful decision and results related to other application domains such classification and prediction. Artificial Immune System (AIS) is a branch of computational intelligence field inspired by the biological immune system, and has gained increasing interest among researchers in the development of immune-based models and techniques to solve diverse complex computational or engineering problems. This work presents some applications of AIS techniques to health problems, and a thorough survey of existing AIS models and algorithms. The main focus of this research is devoted to building an ensemble model integrating different AIS techniques (i.e. Artificial Immune Networks, Clonal Selection, and Negative Selection) for classification applications to achieve better classification results. A new AIS-based ensemble architecture with adaptive learning features is proposed by integrating different learning and adaptation techniques to overcome individual limitations and to achieve synergetic effects through the combination of these techniques. Various techniques related to the design and enhancements of the new adaptive learning architecture are studied, including a neuro-fuzzy based detector and an optimizer using particle swarm optimization method to achieve enhanced classification performance. An evaluation study was conducted to show the performance of the new proposed adaptive learning ensemble and to compare it to alternative combining techniques. Several experiments are presented using different medical datasets for the classification problem and findings and outcomes are discussed. The new adaptive learning architecture improves the accuracy of the ensemble. Moreover, there is an improvement over the existing aggregation techniques. The outcomes, assumptions and limitations of the proposed methods with its implications for further research in this area draw this research to its conclusion

Nature-inspired survivability: Prey-inspired survivability countermeasures for cloud computing security challenges

As cloud computing environments become complex, adversaries have become highly sophisticated and unpredictable. Moreover, they can easily increase attack power and persist longer before detection. Uncertain malicious actions, latent risks, Unobserved or Unobservable risks (UUURs) characterise this new threat domain. This thesis proposes prey-inspired survivability to address unpredictable security challenges borne out of UUURs. While survivability is a well-addressed phenomenon in non-extinct prey animals, applying prey survivability to cloud computing directly is challenging due to contradicting end goals. How to manage evolving survivability goals and requirements under contradicting environmental conditions adds to the challenges. To address these challenges, this thesis proposes a holistic taxonomy which integrate multiple and disparate perspectives of cloud security challenges. In addition, it proposes the TRIZ (Teorija Rezbenija Izobretatelskib Zadach) to derive prey-inspired solutions through resolving contradiction. First, it develops a 3-step process to facilitate interdomain transfer of concepts from nature to cloud. Moreover, TRIZ’s generic approach suggests specific solutions for cloud computing survivability. Then, the thesis presents the conceptual prey-inspired cloud computing survivability framework (Pi-CCSF), built upon TRIZ derived solutions. The framework run-time is pushed to the user-space to support evolving survivability design goals. Furthermore, a target-based decision-making technique (TBDM) is proposed to manage survivability decisions. To evaluate the prey-inspired survivability concept, Pi-CCSF simulator is developed and implemented. Evaluation results shows that escalating survivability actions improve the vitality of vulnerable and compromised virtual machines (VMs) by 5% and dramatically improve their overall survivability. Hypothesis testing conclusively supports the hypothesis that the escalation mechanisms can be applied to enhance the survivability of cloud computing systems. Numeric analysis of TBDM shows that by considering survivability preferences and attitudes (these directly impacts survivability actions), the TBDM method brings unpredictable survivability information closer to decision processes. This enables efficient execution of variable escalating survivability actions, which enables the Pi-CCSF’s decision system (DS) to focus upon decisions that achieve survivability outcomes under unpredictability imposed by UUUR