A Negative Selection Approach to Intrusion Detection

  • Patricia Mostardinha
  • Bruno Filipe Faria
  • André Zúquete
  • Fernão Vistulo de Abreu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7597)


An negative selection algorithm is presented for intrusion detection tasks for systems with arbitrary diversity. This algorithm uses two types of agents, detectors and presenters. Presenters present information to detectors; detectors are selected to engage in a maximally frustrated dynamics when presenters present data from a reference state. We show that if presenters present information that has never been available during the selection stage, then presenters engage in a less frustrated dynamics and their abnormal presentation can be detected. The performance of our algorithm is independent of the dimension of the space, i.e., the length of information presented by presenters, and hence does not suffer from the dimensionality curse accompanying current methods.


artificial immune systems self/nonself discrimination negative selection algorithm 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Hervé Debar, M.D., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Computational Networks (31), 805–822 (1999)Google Scholar
  2. 2.
    Forrest, S., Beauchemin, C.: Computer immunology. Immunological Reviews 216, 176–197 (2007)Google Scholar
  3. 3.
    Forrest, S., et al.: Self-Nonself Discrimination in a Computer. In: Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, pp. 202–212 (1994)Google Scholar
  4. 4.
    Bereta, M.Ç., Burczynski, T.: Immune K-means and negative selection algorithms for data analysis. Information Sciences 179(10), 1407–1425 (2009)CrossRefGoogle Scholar
  5. 5.
    Dasgupta, D., Niño, L.F.: Immunological computation: theory and applications, vol. xviii, p. 277. CRC, Boca Raton (2009)Google Scholar
  6. 6.
    Greensmith, J., Aickelin, U., Tedesco, G.: Information fusion for anomaly detection with the dendritic cell algorithm. Inf. Fusion 11(1), 21–34 (2010)CrossRefGoogle Scholar
  7. 7.
    Hone, A., et al.: Theoretical advances in artificial immune systems. Theoretical Computer Science 403(1), 11–32 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Kim, J., et al.: Immune system approaches to intrusion detection – a review. Natural Computing 6(4), 413–466 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Xie, Z.X., et al.: A distributed agent-based approach to intrusion detection using the lightweight PCC anomaly detection classifier. In: Proceedings of IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, vol. 1, pp. 446–453 (2006)Google Scholar
  10. 10.
    Wang, D.W., Xue, Y.B., Dong, Y.F.: Anomaly Detection Using Neighborhood Negative Selection. Intelligent Automation and Soft Computing 17(5), 595–605 (2011)CrossRefGoogle Scholar
  11. 11.
    Yang, X., Aldrich, C., Maree, C.: Detecting change in dynamic process systems with immunocomputing. Minerals Engineering 20(2), 103–112 (2007)CrossRefGoogle Scholar
  12. 12.
    Ji, Z., Dasgupta, D.: Revisiting negative selection algorithms. Evolutionary Computation 15(2), 223–251 (2007)CrossRefGoogle Scholar
  13. 13.
    Stibor, T., Timmis, J.I., Eckert, C.: On the Use of Hyperspheres in Artificial Immune Systems as Antibody Recognition Regions. In: Bersini, H., Carneiro, J. (eds.) ICARIS 2006. LNCS, vol. 4163, pp. 215–228. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Kim, J., Bentley, P.J.: Negative Selection within an Artificial Immune for Network Intrusion Detection. In: 14th Annual Fall Symposium of the Korean Information Processing Society, Seoul, Korea (2000)Google Scholar
  15. 15.
    Mckeithan, T.W.: Kinetic Proofreading in T-Cell Receptor Signal-Transduction. Proceedings of the National Academy of Sciences of the United States of America 92(11), 5042–5046 (1995)CrossRefGoogle Scholar
  16. 16.
    de Abreu, F.V., et al.: Cellular Frustration: A New Conceptual Framework for Understanding Cell-Mediated Immune Responses. In: Bersini, H., Carneiro, J., et al. (eds.) ICARIS 2006. LNCS, vol. 4163, pp. 37–51. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Lindo, A., Faria, B., de Abreu, F.: Tunable kinetic proofreading in a model with molecular frustration. Theory in Biosciences, 1–8Google Scholar
  18. 18.
    de Abreu, F.V., Mostardinha, P.: Maximal frustration as an immunological principle. Journal of the Royal Society Interface 6(32), 321–334 (2009)CrossRefGoogle Scholar
  19. 19.
    Abbas, A.K., Lichtman, A.H.: Basic Immunology: Functions and Disorders of the Immune System. W B SAUNDERS (2010)Google Scholar
  20. 20.
    Janeway, C.: Immunobiology five. Garland Pub. (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Patricia Mostardinha
    • 1
    • 2
  • Bruno Filipe Faria
    • 1
    • 2
  • André Zúquete
    • 1
    • 2
  • Fernão Vistulo de Abreu
    • 1
    • 2
  1. 1.Departamento de FísicaUniversidade de AveiroAveiroPortugal
  2. 2.Departamento de Electrónica, Telecomunicações e InformáticaI3N Institute for Nanostructures, Nanomodelling and Nanofabrication, Universidade de AveiroAveiroPortugal

Personalised recommendations