38 research outputs found
libtissue - implementing innate immunity
In a previous paper the authors argued the case for incorporating ideas from
innate immunity into articficial immune systems (AISs) and presented an outline
for a conceptual framework for such systems. A number of key general properties
observed in the biological innate and adaptive immune systems were hughlighted,
and how such properties might be instantiated in artificial systems was
discussed in detail. The next logical step is to take these ideas and build a
software system with which AISs with these properties can be implemented and
experimentally evaluated. This paper reports on the results of that step - the
libtissue system.Comment: 8 pages, 4 tables, 5 figures, Workshop on Artificial Immune Systems
and Immune System Modelling (AISB06), Bristol, U
Experimenting with Innate Immunity
libtissue is a software system for implementing and testing AIS algorithms on real-world computer security problems. AIS algorithms are implemented as a collection of cells, antigen and signals interacting within a tissue compartment. Input data to the tissue comes in the form of realtime events generated by sensors monitoring a system under surveillance, and cells are actively able to affect the monitored system through response mechanisms. libtissue is being used by researchers on a project at the University of Nottingham to explore the application of a range of immune-inspired algorithms to problems in intrusion detection. This talk describes the architecture and design of libtissue, along with the implementation of a simple algorithm and its application to a computer security problem
Dendritic Cells for Anomaly Detection
Artificial immune systems, more specifically the negative selection
algorithm, have previously been applied to intrusion detection. The aim of this
research is to develop an intrusion detection system based on a novel concept
in immunology, the Danger Theory. Dendritic Cells (DCs) are antigen presenting
cells and key to the activation of the human signals from the host tissue and
correlate these signals with proteins know as antigens. In algorithmic terms,
individual DCs perform multi-sensor data fusion based on time-windows. The
whole population of DCs asynchronously correlates the fused signals with a
secondary data stream. The behaviour of human DCs is abstracted to form the DC
Algorithm (DCA), which is implemented using an immune inspired framework,
libtissue. This system is used to detect context switching for a basic machine
learning dataset and to detect outgoing portscans in real-time. Experimental
results show a significant difference between an outgoing portscan and normal
traffic.Comment: 8 pages, 10 tables, 4 figures, IEEE Congress on Evolutionary
Computation (CEC2006), Vancouver, Canad
An Immune Inspired Approach to Anomaly Detection
The immune system provides a rich metaphor for computer security: anomaly
detection that works in nature should work for machines. However, early
artificial immune system approaches for computer security had only limited
success. Arguably, this was due to these artificial systems being based on too
simplistic a view of the immune system. We present here a second generation
artificial immune system for process anomaly detection. It improves on earlier
systems by having different artificial cell types that process information.
Following detailed information about how to build such second generation
systems, we find that communication between cells types is key to performance.
Through realistic testing and validation we show that second generation
artificial immune systems are capable of anomaly detection beyond generic
system policies. The paper concludes with a discussion and outline of the next
steps in this exciting area of computer security.Comment: 19 pages, 4 tables, 2 figures, Handbook of Research on Information
Security and Assuranc
Information Fusion for Anomaly Detection with the Dendritic Cell Algorithm
Dendritic cells are antigen presenting cells that provide a vital link
between the innate and adaptive immune system, providing the initial detection
of pathogenic invaders. Research into this family of cells has revealed that
they perform information fusion which directs immune responses. We have derived
a Dendritic Cell Algorithm based on the functionality of these cells, by
modelling the biological signals and differentiation pathways to build a
control mechanism for an artificial immune system. We present algorithmic
details in addition to experimental results, when the algorithm was applied to
anomaly detection for the detection of port scans. The results show the
Dendritic Cell Algorithm is sucessful at detecting port scans.Comment: 21 pages, 17 figures, Information Fusio
Information Fusion in the Immune System
Biologically-inspired methods such as evolutionary algorithms and neural
networks are proving useful in the field of information fusion. Artificial
Immune Systems (AISs) are a biologically-inspired approach which take
inspiration from the biological immune system. Interestingly, recent research
has show how AISs which use multi-level information sources as input data can
be used to build effective algorithms for real time computer intrusion
detection. This research is based on biological information fusion mechanisms
used by the human immune system and as such might be of interest to the
information fusion community. The aim of this paper is to present a summary of
some of the biological information fusion mechanisms seen in the human immune
system, and of how these mechanisms have been implemented as AISsComment: 10 pages, 6 tables, 6 figures, Information Fusio
Sensing Danger: Innate Immunology for Intrusion Detection
The immune system provides an ideal metaphor for anomaly detection in general
and computer security in particular. Based on this idea, artificial immune
systems have been used for a number of years for intrusion detection,
unfortunately so far with little success. However, these previous systems were
largely based on immunological theory from the 1970s and 1980s and over the
last decade our understanding of immunological processes has vastly improved.
In this paper we present two new immune inspired algorithms based on the latest
immunological discoveries, such as the behaviour of Dendritic Cells. The
resultant algorithms are applied to real world intrusion problems and show
encouraging results. Overall, we believe there is a bright future for these
next generation artificial immune algorithms