Advertisement

Natural Computing

, Volume 6, Issue 4, pp 413–466 | Cite as

Immune system approaches to intrusion detection – a review

  • Jungwon Kim
  • Peter J. BentleyEmail author
  • Uwe Aickelin
  • Julie Greensmith
  • Gianni Tedesco
  • Jamie Twycross
Article

Abstract

The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. First, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Second, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we review the algorithms used, the development of the systems and the outcome of their implementation. We provide an introduction and analysis of the key developments within this field, in addition to making suggestions for future research.

Keywords

artificial immune systems intrusion detection systems literature review 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Notes

Acknowledgements

This project is supported by the EPSRC (GR/S47809/01), Hewlett- Packard Labs, Bristol, and the Firestorm intrusion detection system team.

References

  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6.
  7. 7.
    Aickelin U, Greensmith J and Twycross J (2004) Immune system approaches to intrusion detection – a review. In: Proceedings ICARIS-2004, 3rd International Conference on Artificial Immune Systems, LNCS 3239, pp. 316–329, Springer-Verlag, Catania, ItalyGoogle Scholar
  8. 8.
    Aickelin U, Bentley P, Cayzer S, Kim J and McLeod J (2003) Danger theory: The link between ais and ids. In: Proceedings of the Second International Conference on Artificial Immune Systems (ICARIS-03), pp. 147–155Google Scholar
  9. 9.
    Aickelin U and Cayzer S (2002) The danger theory and its application to ais. In: Timmis J and Bentley PJ (eds) Proceeding of the First International Conference on Artificial Immune System (ICARIS-2002), University of Kent at Canterbury, UK, September 2002, pp. 141–148. University of Kent at Canterbury Printing Unit.Google Scholar
  10. 10.
    Axelsson S (1999) Intrusion detection systems: a survey and taxonomy. Technical Report No 99–15, Chalmers University of Technology, SwedenGoogle Scholar
  11. 11.
    Ayara M, Timmis J, de Lemos R, de Castro LN and Duncan R (2002) Negative selection: how to generate detectors. In: Timmis J and Bentley P (eds) Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS'-02), Cantebury, UK, September 2002, pp. 89–98Google Scholar
  12. 12.
    Balthrop J (2004) Personal communication, NovemberGoogle Scholar
  13. 13.
    Balthrop J, Esponda F, Forrest S and Glickman M (2002) Coverage and generalization in an artificial immune system. In: Proceedings of GECCO, pp. 3–10Google Scholar
  14. 14.
    Balthrop J, Forrest S and Glickman M (2002) Revisiting lisys: parameters and normal behaviour. Proceedings of the Congress on Evolutionary Computation, pp. 1045–1050Google Scholar
  15. 15.
    Begnum K and Burgess M (2003) A scaled, immunological approach to anomaly countermeasures (combining ph with cfengine). Integrated Network Management, pp. 31–42Google Scholar
  16. 16.
    Bentley P, Greensmith J and Ujin S (2005) Two ways to grow tissue for artificial immune systems. In: Jacob C, Pilat MJ, Bentley PJ and Timmis J (eds) Proceeding of the 4th International Conference on Artificial Immune Systems (ICARIS-2005), Vol. 3627, Lecture Notes in Computer Science, Banff, Alta., Canada, August 2005, pp. 139–152. SpringerGoogle Scholar
  17. 17.
    Blake CL and Merz CJ (1998) Uci repository of machine learning databases. http://www.ics.uci.edu/mlearn/MLRepository.htm.. Irvine, CA: University of California, Department of Information and Computer Science
  18. 18.
    Le Boudec J and Sarafijanovic S (2003) An artificial immune system approach to misbehavior detection in mobile ad-hoc networks. Technical Report IC/2003/59, Ecole Polytechnique Federale de LausanneGoogle Scholar
  19. 19.
    Le Boudec J and Sarafijanovic S (2004) An artificial immune system approach to misbehavior detection in mobile ad-hoc networks. In: Proceedings of Bio-ADIT 2004 (The First International Workshop on Biologically Inspired Approaches to Advanced Information Technology), Lausanne, Switzerland, January 2004, pp. 96–111Google Scholar
  20. 20.
    Burgess M (1998) Computer immunology. In: Proceeding of the Systems Administration Conference (LISA-98), pp. 283–297Google Scholar
  21. 21.
    Burgess M (2000) Evaluating cfegine's immunity model of site maintenance. In: Proceeding of the 2nd SANE System Administration Conference (USENIX/NLUUG)Google Scholar
  22. 22.
    Burgess M (2001) Recent developments in cfengine. In: Proceedings of the 2nd Unix.nl Conference, NetherlandsGoogle Scholar
  23. 23.
    Burgess M (2002) Two dimensional time-series for anomaly detection and regulation in adaptive systems. In: Feridum M et al. (eds) Proceedings of 13th IFIP/IEEE International Workshop on Distributed System, Operations and Management (DSOM 2002), Vol. 2506, Lecture Notes in Computer Science, pp. 169–180. Springer-VerlagGoogle Scholar
  24. 24.
    Burgess M (2004) Configurable immunity for evolving human-computer systems. Science of Computer Programming 51:197–213zbMATHMathSciNetCrossRefGoogle Scholar
  25. 25.
    Burgess M (2004) Principle components and importance ranking of distributed anomalies. Machine Learning 58: 217–230Google Scholar
  26. 26.
    Burgess M (2006) Probabilistic anomaly detection in distributed computer networks. Science of Computer Programming 60: 1–26zbMATHMathSciNetCrossRefGoogle Scholar
  27. 27.
    De Castro LN and Von Zuben FJ (2000) An evolutionary immune network for data clustering. In: França FMG and Ribeiro CHC (eds) Proceedings of 6th Brazilian Symposium on Neural Networks (SBRN 2000), pp. 84–89. IEEE Computer SocietyGoogle Scholar
  28. 28.
    Dain O and Cunningham RK (2001) Fusing a hetrogenous alert stream into scenarios. In: ACM Workshop on Data Mining for Security Applications, pp. 1–13Google Scholar
  29. 29.
    Dasgupta D (1999) Immunity-based intrusion detection systems: a general framework. In: Proceeding of the 22nd National Information Systems Security Conference (NISSC), October 1999Google Scholar
  30. 30.
    Dasgupta D and Brian H (2001) Mobile security agent for network traffic analysis. In: Proceeding of DARPA Information Survivability Conference and Exposition II (DISCEX-II), June 2001, Anaheium, CAGoogle Scholar
  31. 31.
    Dasgupta D, Gonzalez F (2002) An immunity-based technique to characterize intrusions in computer networks. IEEE Transactions on Evolutionary Computation 6(3):281–291CrossRefGoogle Scholar
  32. 32.
    de Castro L and Timmis J (2002) Artificial Immune Systems: A New Computational Intelligence Approach. SpringerGoogle Scholar
  33. 33.
    de Paula FS, de Castro LN and de Geus PL (2004) An intrusion detection system using ideas from the immune system. In: Proceeding of IEEE Congress on Evolutionary Computation (CEC-2004), Portland, OR, USA, June 2004, pp. 1059–1066Google Scholar
  34. 34.
    Debar H, Becker M and Siboni D (1992) A neural network component for an intrusion detection system. In: SP '92: Proceedings of the 1992 IEEE Symposium on Security and Privacy, p. 240. IEEE Computer SocietyGoogle Scholar
  35. 35.
    Debar H, Dacier M, Wespi A (2000) A revised taxonomy of intrusion-detection systems. Annales des Telecommunications 55:83–100Google Scholar
  36. 36.
    D'haeseleer P, Forrest S and Helman P (1996) An immunological approach to change detection: theoretical results. In: Proceedings of the 9th IEEE Computer Security Foundations Workshop, Washington, DC, USA, pp. 18–27. IEEE Computer SocietyGoogle Scholar
  37. 37.
    D'haeseleer P, Forrest S and Helman P (1996) An immunology approach to change detection: algorithm, analysis and implications. In: Proceeding of 1996 IEEE Symposium on Computer Security and Privacy, Los Alamitos, CA, pp. 110–119. IEEE Computer SocietyGoogle Scholar
  38. 38.
    Dozier G, Brown D, Hurley J and Cain K (2004) Vulnerability analysis of immunity-based intrusion detection systems using evolutionary hackers. In: Deb K et al. (eds) Genetic and Evolutionary Computation – GECCO-2004, Part I, Vol. 3102, Lecture Notes in Computer Science, Seattle, WA, USA, 26–30 June 2004, pp. 263–274. ISGEC, Springer-VerlagGoogle Scholar
  39. 39.
    Ebner M, Breunig H and Albert J (2002) On the use of negative selection in an artificial immune system. In: Proceedings of GECCO-2002, New York, USA, July 2002, pp. 957–964. Morgan KaufmannGoogle Scholar
  40. 40.
    Eiben A, Hinterding R, Michalewicz Z (1999) Parameter control in evolutionary algorithms. IEEE Transactions on Evolutionary Computation 3:124–141CrossRefGoogle Scholar
  41. 41.
    Esponda F, Forrest S and Helman P (2003) The crossover closure and partial match detection. In: Timmis J, Bentley P and Hart E (eds) Proceedings of the 2nd International Conference on Artificial Immune Systems (ICARIS'-03), Vol. 2787, Lecture Notes in Computer Science, Edinburgh, UK, September 2003, pp. 249–260. Springer-VerlagGoogle Scholar
  42. 42.
    Esponda F, Forrest S, Helman P (2004) A formal framework for positive and negative detection schemes. IEEE Transactions on Systems, Man, and Cybernetics Part B Cybernetics 34(1):357–373CrossRefGoogle Scholar
  43. 43.
    Fang L and Le-Ping L (2005) Unsupervised anomaly detection based on an evolutionary artificial immune network. In: Rothlauf F et al. (eds) Proceeding of Applications of Evolutionary Computing, EvoWorkshops-2005, Vol. 3449, Lecture Notes in Computer Science, pp. 166–174. SpringerGoogle Scholar
  44. 44.
    Farmer JD, Packard NH, Perelson AS (1986) The immune system, adaptation and machine learning. Physica D 22:187–204MathSciNetCrossRefGoogle Scholar
  45. 45.
    Forrest S, Perelson AS, Allen L and Cherukuri R (1994) Self–nonself discrimination in a computer. In: Proceedings of the 1994 IEEE Symposium on Security and Privacy, p. 202. IEEE Computer SocietyGoogle Scholar
  46. 46.
    Garrett SM (2005) How do we evaluate artificial immune systems?. Evolutionary Computation, 13(2):145–178CrossRefGoogle Scholar
  47. 47.
    Glickman M, Balthrop J, Forrest S (2005) A machine learning evaluation of an artificial immune system. Evolutionary Computation 13(2):179–212CrossRefGoogle Scholar
  48. 48.
    Goldsby RA, Kindt TJ, Osborne BA, and Freeman WH (2002) Kubi Immunology. W.H. Freeman and Co., 5th edGoogle Scholar
  49. 49.
    Gomez J, Gonzalez F and Dasgupta D (2003) An immuno-fuzzy approach to anomaly detection. In: Proceedings of the 12th IEEE International Conference on Fuzzy Systems (FUZZIEEE), Vol. 2, May 2003, pp. 1219–1224Google Scholar
  50. 50.
    Gonzalez F (2003) A study of artificial immune systems applied to anomaly detection. PhD thesis, The University of Memphis, May 2003Google Scholar
  51. 51.
    Gonzalez F, Dagupta D and Gomez J (2003) The effect of binary matching rules in negative selection. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO)-2003, Vol. 2723, Lecture Notes in Computer Science, July 2003, pp. 198–209. Springer-VerlagGoogle Scholar
  52. 52.
    Gonzalez F, Dagupta D and Nino LF (2003) A randomized real-valued negative selection algorithm. In: Timmis J, Bentley P and Hart E (eds) Proceedings of the 2nd International Conference on Artificial Immune Systems (ICARIS-2003), Vol. 2787, Lecture Notes in Comupter Science, Edinburgh, UK, September 2003, pp. 261–272. SpringerGoogle Scholar
  53. 53.
    Gonzalez F, Dasgupta D and Kozma R (2002) Combining negative selection and classification techniques for anomaly detection. In: IEEE (ed) Proceedings of the Congress on Evolutionary Computation (CEC-2002), Honolulu, HI, May 2002, pp. 705–710Google Scholar
  54. 54.
    Gonzalez F and Dasgupta D (2002) An imunogenetic technique to detect anomalies in network traffic. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), New York, July 2002, pp. 1081–1088. Morgan KaufmannGoogle Scholar
  55. 55.
    Gonzalez F, Dasgupta D (2003) Anomaly detection using real-valued negative selection. Journal of Genetic Programming and Evolvable Machines 4:383–403CrossRefGoogle Scholar
  56. 56.
    Gonzalez FA, Galeano JC, Rojas DA and Veloza-Suan A (2005) Discriminating and visualizing anomalies using negative selection and self-organizing maps. In: Beyer H-G et al. (eds) GECCO 2005: Proceedings of the 2005 Conference on Genetic and Evolutionary Computation, Vol. 1, Washington DC, USA, 25–29, June 2005, pp. 297–304. ACM SIGEVO (formerly ISGEC), ACM PressGoogle Scholar
  57. 57.
    Gonzalez LJ and Cannady J (2004) A self-adaptive negative selection approach for anomaly detection. In: Proceedings of the 2004 Congress of Evolutionary Computation (CEC-2004), pp. 1561–1568. IEEE Computer SocietyGoogle Scholar
  58. 58.
    Greensmith J, Aickelin U and Cayzer S (2005) Introducing dendritic cells as a novel immune inspired algorithm for anomaly detection. In: Jacob C, Pilat MJ, Bentley PJ and Timmis J (eds) Proceeding of the 4th International Conference on Artificial Immune Systems (ICARIS-2005), Vol. 3627, Lecture Notes in Computer Science, Banff, Alberta, Canada, August 2005, pp. 153–167. SpringerGoogle Scholar
  59. 59.
    Hang X and Dai H (2004) Constructing detectors in schema complementary spce for anomaly detection. In: Deb K et al. (eds) Proceedings of GECCO'2004, Vol. 3102, Lecture Notes in Computer Science, pp. 275–286. Springer-VerlagGoogle Scholar
  60. 60.
    Hang X and Dai H (2005) Applying both positive and negative selection to supervised learning for anomaly detection. In: Beyer H-G et al. (eds) GECCO 2005: Proceedings of the 2005 Conference on Genetic and Evolutionary Computation, Vol. 1, Washington DC, USA, 25–29 June 2005, pp. 345–352. ACM SIGEVO (formerly ISGEC), ACM PressGoogle Scholar
  61. 61.
    Harmer PK, Williams PD, Gunsch GH, Lamont GB (2002) An artificial immune system architecture for computer security applications. IEEE Transactions on Evolutionary Computation 6(3):252–280CrossRefGoogle Scholar
  62. 62.
    Hofmeyr S (1999) An immunological model of distributed detection and its application to computer security. PhD thesis, University Of New MexicoGoogle Scholar
  63. 63.
    Hofmeyr S, Forrest S (1998) Intrusion detection using sequences of system calls. Journal of Computer Security 6:151–180Google Scholar
  64. 64.
    Hofmeyr S and Forrest S (1999) Immunity by design. Proceedings of GECCO, pp. 1289–1296Google Scholar
  65. 65.
    Hofmeyr S, Forrest S (2000) Architecture for an artificial immune system. Evolutionary Computation 7(1):45–68Google Scholar
  66. 66.
    Holland JH (1995) Hidden Order. Addisson WesleyGoogle Scholar
  67. 67.
    Hortos WS (2003) An artificial immune system for securing mobile ad hoc networks against intrusion attacks. In: Priddy KL and Angeline PJ (eds) Proceeding of SPIE, Vol. 5103, Intelligent Computing: Theory and Applications, pp. 74–91Google Scholar
  68. 68.
    Hou H and Dozier G (2005) Immunity-based intrusion detection system design, vulnerability analysis, and the genertia genetic arms race. In: Haddad H et al. (eds) Proceedings of the 2005 ACM Symposium on Applied Computing, Santa Fe, New Mexico, 13–17 March 2005, pp. 961–965. ACM PressGoogle Scholar
  69. 69.
    Jackson K, DuBois D and Stallings C (1994) The nides statistical component description and justification Technical Report Annual Report, A010, Computer Science Laboratory, SRI International, Menlo Park, CA, March 1994Google Scholar
  70. 70.
    Jerne NK (1974) Towards a network theory of the immune system. Annals of ImmunologyGoogle Scholar
  71. 71.
    Ji Z and Dasgupta D (2004) Augmented negative selection algorithm with variable-coverage detectors. In: Proceedings of Congress on Evolutionary Computation (CEC-04), Portland, Oregon (U.S.A.), June 2004, pp. 1081–1088Google Scholar
  72. 72.
    Ji Z and Dasgupta D (2004) Real-valued negative selection using variable-sized detectors. In: Deb K et al. (eds) Proceeding of Genetic and Evolutionary Computation Conference (GECCO-2004), Lecture Notes in Computer Science, Seattle, WA, June 2004, pp. 287–298. Springer-VerlagGoogle Scholar
  73. 73.
    Ji Z and Dasgupta D (2005) Estimating the detector coverage in a negative selection algorithm. In: Beyer H-G et al. (eds) GECCO 2005: Proceedings of the 2005 Conference on Genetic and Evolutionary Computation, Vol. 1, Washington, DC, USA, 25–29 June 2005, pp. 281–288. ACM SIGEVO (formerly ISGEC), ACM PressGoogle Scholar
  74. 74.
    Trapnell BC Jr (2005) A peer-to-peer blacklisting strategy inspired by leukocyte-endothelium interaction. In: Jacob C, Pilat ML, Bentley PJ and Timmis J (eds) Proceedings of the 4th International Conference on Artificial Immune Systems-2005, Vol. 3627, Lecture Notes in Computer Science, Banff, Alta., Canada, August 2005, pp. 362–373. SpringerGoogle Scholar
  75. 75.
    Kaers J, Wheeler R and Verrelst H (2003) The effect of antibody morphology on non-self detection. In: Timmis J, Bentley P and Verrelst H (eds) Proceedings of the 2nd International Conference on Artificial Immune Systems (ICARIS-03), Vol. 2787, Lecture Notes on Computer Science, Edinburgh, UK, September 2003, pp. 285–295. Springer-VerlagGoogle Scholar
  76. 76.
    Kephart J (1994) A biologically inspired immune system for computers. In: Proceedings of the Fourth International Workshop on Synthesis and Simulatoin of Living Systems, Artificial Life IV, pp. 130–139Google Scholar
  77. 77.
    Kephart JO, Sorkin GB, Arnold WC, Chess DM, Teasuro GJ and White SR (1997) Biologically Inspired Defences against Computer Viruses, pp. 313–334. Machie Learning and Data Mining: Method and Applications. John-Wiley & SonGoogle Scholar
  78. 78.
    Kephart JO, Sorkin GB, Swimmer M and White SR (1998) Blueprint for a Computer Immune System, pp. 241–261. Artificial Immune Systems and Their Applications. Springer-VerlagGoogle Scholar
  79. 79.
    Kim G and Spafford EH (1993) The design of a system integrity monitor: Tripwire. Technical Report, Department of Computer Sciences, Purdue University (CSD-TR- 93–071)Google Scholar
  80. 80.
    Kim J and Bentley P (1999) The artificial immune model for network intrusion detection. In: Proceeding of European Congress on Intelligent Techniques and Soft Computing (EUFIT '99), Aachen, Germany, September 1999Google Scholar
  81. 81.
    Kim J and Bentley P (1999) The human immune system and network intrusion detection. In: Proceeding of European Congress on Intelligent Techniques and Soft Computing (EUFIT '99), Aachen, Germany, September 1999Google Scholar
  82. 82.
    Kim J and Bentley P (2001) Evaluating negative selection in an artificial immune system for network intrusion detection. In: Proceedings of GECCO, July 2001, pp. 1330–1337Google Scholar
  83. 83.
    Kim J and Bentley P (2002) Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection. In: Proceeding of the Congress on Evolutionary Computation (CEC-2002), Honolulu, Hawaii, May 2002, pp. 1015–1020Google Scholar
  84. 84.
    Kim J, Bentley P (2004) Immune memory and gene library evolution in the dynamical clonal selection algorithm. Journal of Genetic Programming and Evolvable Machines 5(4):361–391CrossRefGoogle Scholar
  85. 85.
    Kim J and Bentley PJ (2001) Towards an artificial immune system for network intrusion detection: an investigation of clonal selection with a negative selection operator. In: Proceeding of the Congress on Evolutionary Computation (CEC- 2001), Seoul, Korea, pp. 1244–1252Google Scholar
  86. 86.
    Kim J, Greensmith J, Twycross J and Aickelin U (2005) Malicious code execution detection and response immune system inspired by the danger theory. Adaptive and Resilient Computing Security Workshop (ARCS-05), November 2005Google Scholar
  87. 87.
    Kim J, Wilson W, Aickelin U and McLeod J (2005) Cooperative automated worm response and detection immune algorithm (cardinal) inspidred by t-cell immunity and tolerance. In: Jacob C, Pilat MJ, Bentley PJ and Timmis J (eds) Proceeding of the 4th National Conference on Artificial Immune Systems (ICARIS-2005), Vol. 3627, Lecture Notes in Computer Science, Banff, Alta., Canada, August 2005, pp. 168–181. SpringerGoogle Scholar
  88. 88.
    Kim JW (2002) Integrating Artificial Immune Algorithms for Intrusion Detection. PhD thesis, University College LondonGoogle Scholar
  89. 89.
    Lincoln Labs (1999) dataset. MIT Lincoln LabsGoogle Scholar
  90. 90.
    Lamont GB, Marmelstein RE and Van Veldhuizen DA (1999) A Distributed Architecture for a Self-Adaptive Computer Virus Immune System, pp. 167–183. New Ideas in Optimization, Advanced Topics in Computer Science Series. McGrow-Hill, LondonGoogle Scholar
  91. 91.
    Leach J and Tedesco G (2003) Firestorm network intrusion detection system. Firestorm DocumentationGoogle Scholar
  92. 92.
    Lundin E and Jonsson E (2002) Survey of research in the intrusion detection area. Technical Report 02–04, Department of Computer Engineering, Chalmers University of Technology, Goteborg, Sweden, January 2002Google Scholar
  93. 93.
    Matzinger P (1994) Tolerance, danger, and the extended family. Annual Review of Immunology 12:991–1045Google Scholar
  94. 94.
    Melnikov Y and Tarakanov AO (2003) Immunocomputing model of intrusion detection. In: Computer Network Security, Second International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2003, St. Petersburg, Russia, 21–23 September 2003, Proceedings, pp. 453–456Google Scholar
  95. 95.
    Ning P, Xu D, Healey CG and Amant RS (2004) Building attack scenarios through integration of complementary alert correlation method. In: NDSSGoogle Scholar
  96. 96.
    NIST (2001) Intrusion detection systems. NIST Computer Science Special Reports SP 800–31, November 2001Google Scholar
  97. 97.
    Northcutt S and Novak J (2003) Network Intrusion Detection. New Riders, 3rd edGoogle Scholar
  98. 98.
    Nessus Project. http://www.nessus.org
  99. 99.
    Roesch M and Green C (2003) Snort users manual snort release: 2.0.1. Snort DocumentationGoogle Scholar
  100. 100.
    Sarafijanovic S and Le Boudec J (2003) An artificial immune system approach with secondary response for misbehavior detection in mobile ad-hoc networks. Technical Report IC/2003/65, Ecole Polytechnique Federale de LausanneGoogle Scholar
  101. 101.
    Sarafijanovic S and Le Boudec J (2004) An artificial immune system for misbehavior detection in mobile ad-hoc networks with virtual thymus, clustering, danger signal and memory detectors. In: Proceedings of the 3rd International Conference on Artificial Immune Systems (ICARIS'-04), Catania, Italy, September 2004, pp. 342–356Google Scholar
  102. 102.
    Shapiro JM, Lamont GB and Peterson GL (2005) An evolutionary algorithm to generate hyper-ellipsoid detectors for negative selection. In: Beyer H-G et al. (eds) GECCO 2005: Proceedings of the 2005 Conference on Genetic and Evolutionary Computation, Vol. 1, Washington, DC, USA, 25–29 June 2005, pp. 337–344. ACM SIGEVO (formerly ISGEC), ACM PressGoogle Scholar
  103. 103.
    Singh S (2002) Anomaly detection using negative selection based on the r-contiguous matching rule. In: Timmis J and Bentley PJ (eds) Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS'-02), Canterbury, UK, September 2002, pp. 99–106Google Scholar
  104. 104.
    Smith RE, Forrest S, Perelson AS (1993) Searching for diverse, cooperative population with genetic algorithms. Evolutionary Computation 1(2):127–149Google Scholar
  105. 105.
    Somayaji A, Forrest S, Hofmeyr S, and Longstaff T (1996) A sense of self for unix processes. IEEE Symposium on Security and Privacy, pp. 120–128Google Scholar
  106. 106.
    Somayaji A, Hofmeyr S and Forrest S (1997) Principles of a computer immune system. In: Proceeding of New Security Workshop, Langdale, Cumbria, pp. 75–82Google Scholar
  107. 107.
    Somayaji AB (2002) Operating system stability and security through process homeostasis. PhD thesis, University Of New MexicoGoogle Scholar
  108. 108.
    Staniford S, Hoagland J, McAlerney J (2002) Practical automated detection of stealthy portscans. Journal of Computer Security 10(1–2):105–126Google Scholar
  109. 109.
    Stibor T, Bayarou KM and Eckert C (2004) An investigation of r-chunk detector generation on higher alphabets. In: Deb K et al. (eds) Proceedings of GECCO' 2004, Vol. 3102, Lecture Notes in Computer Science, pp. 299–307Google Scholar
  110. 110.
    Stibor T, Mohr P, Timmis J and Eckert C (2005) Is negative selection appropriate for anomaly detection? In: Beyer H-G et al. (eds) GECCO 2005: Proceedings of the 2005 Conference on Genetic and Evolutionary Computation, Vol. 1, Washington, DC, USA, 25–29 June 2005, pp. 321–328. ACM SIGEVO (formerly ISGEC), ACM PressGoogle Scholar
  111. 111.
    Stibor T, Timmis J and Eckert C (2005) A comparative study of real-valued negative selection to statistical anomaly detection techniques. In: Jacob C, Pilat MJ, Bentley PJ and Timmis J (eds) Proceedings of the 4th International Conference on Artificial Immune Systems (ICARIS-2005), Vol. 3627, Lecture Notes in Computer Science, Banff, Alta., Canada, August 2005, pp. 262–275. SpringerGoogle Scholar
  112. 112.
    Stibor T, Timmis J and Eckert C (2005) On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system. In: Proceedings of the Congress on Evolutionary Computation (CEC-2005), Edinburgh, UK, September 2005, pp. 995–1002. IEEE PressGoogle Scholar
  113. 113.
    Stillerman M, Marceau C, Stillman M (1999) Intrusion detection for distributed application. Communications of the ACM 42(7):62–69CrossRefGoogle Scholar
  114. 114.
    Twycross J and Aickelin U (2005) Towards a conceptual framework for innate immunity. In: Jacob C, Pilat MJ, Bentley PJ and Timmis J (eds) Proceeding of the 4th International Conference on Artificial Immune Systems (ICARIS-2005), Vol. 3627, Lecture Notes in Computer Science, Banff, Alta., Canada, August 2005, pp. 112–125. SpringerGoogle Scholar
  115. 115.
    Valdes A and SkinnerK (2001) Probabilistic alert correlation. In: RAID '00: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp. 54–68. Springer-VerlagGoogle Scholar
  116. 116.
    White SR, Swimmer M, Pring EJ, Arnold WC, Chess DM and Morar JF (2000) Anatomy of a commercial-grade immune system. http://www.research.ibm.com/ antivirus/SciPapers.htm
  117. 117.
    Wierzchon ST (2000) Discriminative power of the receptors activated by k-contigous bits rule. Journal of Computer Science and Technology, Special Issue on Research in Computer Science 1(3):1–13Google Scholar
  118. 118.
    Wierzchon ST (2000) Generating Optimal Repertoire of Antibody Strings in an Artificial Immune System, pp. 119–133. Intelligent Information Systems, Advances in Soft Computing Series of Physica-Verlag. Physica-Verlag, Heidelberg, New YorkGoogle Scholar
  119. 119.
    Wierzchon ST (2001) Deriving a Concise Description of Non-Self Pattern in an Artificial Immune System, pp. 438–458. New Learning Paradigm in Soft Computing. Physica-Verlag, Heidelberg, New YorkGoogle Scholar
  120. 120.
    Xie Y, Kim H, O'Hallaron DR, Reiter MlK, Zhang H (2004) Seurat: a pointillist approach to anomaly detection. In: RAID, pp. 238–257Google Scholar
  121. 121.
    Zeng X, Bagrodia R and Gerla M (1998) Glomosim: a library for parallel simulation of large scale wireless networks. In: Proceedings of the 12th Workshop on Parallel and Distributed Simulations (PDAS' 98), Banff, Alberta, Canada, May 1998Google Scholar

Copyright information

© Springer Science+Business Media, Inc. 2007

Authors and Affiliations

  • Jungwon Kim
    • 1
  • Peter J. Bentley
    • 1
    Email author
  • Uwe Aickelin
    • 2
  • Julie Greensmith
    • 2
  • Gianni Tedesco
    • 3
  • Jamie Twycross
    • 2
  1. 1.Department of Computer ScienceUniversity College LondonLondonUK
  2. 2.School of Computer ScienceUniversity of NottinghamNottinghamUK
  3. 3.Firestorm Development TeamBradfordUK

Personalised recommendations