An Ecological Approach to Anomaly Detection: The EIA Model

  • Pedro Pinacho
  • Iván Pau
  • Max Chacón
  • Sergio Sánchez
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7597)


The presented work proposes a new approach for anomaly detection. This approach is based on changes in a population of evolving agents under stress. If conditions are appropriate, changes in the population (modeled by the bioindicators) are representative of the alterations to the environment. This approach, based on an ecological view, improves functionally traditional approaches to the detection of anomalies. To verify this assertion, experiments based on Network Intrussion Detection Systems are presented. The results are compared with the behaviour of other bioinspired approaches and machine learning techniques.


Intrusion Detection Anomaly Detection Intrusion Detection System Ecological Approach Receiver Operating Characteristic Curf Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Atreas, N., Karanikas, C., Tarakanov, A.: Signal Processing by an Immune Type Tree Transform. In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 111–119. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Bersini, H.: Self-assertion versus self-recognition: A tribute to Francisco Varela. In: Timmis, J., Bentley, P.J. (eds.) Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS), pp. 107–112. University of Kent at Canterbury Printing Unit, University of Kent at Canterbury (2002), Google Scholar
  3. 3.
    de Castro, L., Von Zuben, F.: ainet an artificial immune network for data analysis. In: Publishing, I.G. (ed.) Data Mining: A Heuristic Approach, pp. 231–259. Idea Group Publishing (2001)Google Scholar
  4. 4.
    Coutinho, A.: A walk with francisco varela from first- to second- generation networks: In search of the structure, dynamics and metadynamics of an organism-centered immune system. Biological Research 36(1), 17–26 (2003)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Cutello, V., Narzisi, G., Nicosia, G., Pavone, M.: Clonal Selection Algorithms: A Comparative Case Study Using Effective Mutation Potentials. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 13–28. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Dasgupta, D.: Artificial immune systems and their applications. Springer (1998)Google Scholar
  7. 7.
    Estevez-Tapiador, J.M., Garcia-Teodoro, P., Diaz-Verdejo, J.E.: Anomaly detection methods in wired networks: a survey and taxonomy. Computer Communications 27(16), 1569–1584 (2004)CrossRefGoogle Scholar
  8. 8.
    Fawcett, T.: An introduction to ROC analysis. Pattern Recognition Letters 27(8), 861–874 (2006), rOC Analysis in Pattern RecognitionMathSciNetCrossRefGoogle Scholar
  9. 9.
    Forrest, S., Perelson, A., Allen, L., Cherukuri, R.: Self-Nonself Discrimination in a Computer. In: Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, pp. 202–212 (1994); IEEE, Comp. Soc.; IEEE, Comp. Soc., Tech. Comm. Secur. & Privacy; Int. Assoc. Cryptol. Res. (1994); 1994 IEEE-Computer-Society Symposium on Research in Security and Privacy, Oakland, CA, May 16-18 (1994) Google Scholar
  10. 10.
    Glickman, M., Balthrop, J., Forrest, S.: A machine learning evaluation of an artificial immune system. Evolutionary Computation 13(2), 179–212 (2005)CrossRefGoogle Scholar
  11. 11.
    Greitzer, F.L., Moore, A.P., Cappelli, D.M., Andrews, D.H., Carroll, L.A., Hull, T.D.: Combating the insider cyber threat. IEEE Security & Privacy 6(1), 61–64 (2008)CrossRefGoogle Scholar
  12. 12.
    Harmer, P., Williams, P., Gunsch, G., Lamont, G.: An artificial immune system architecture for computer security applications. IEEE Transactions on Evolutionary Computation 6(3), 252–280 (2002)CrossRefGoogle Scholar
  13. 13.
    Horn, R., Johnson, C.: Matrix Analysis. Cambridge University Press (1986)Google Scholar
  14. 14.
    Humberto Maturana, F.V.: El Arbol del Conocimiento. Editorial Universitaria, Santiago (1976)Google Scholar
  15. 15.
    Jeffrey, D.W., Madden, B.: Bioindicators and environmental management. Academic Press, London (1991)Google Scholar
  16. 16.
    Kukielka, P., Kotulski, Z.: Analysis of Different Architectures of Neural Networks for Application in Intrusion Detection Systems. In: Ganzha, M., Paprzycki, M., PelechPilichowski, T. (eds.) International Multiconference on Computer Science and Information Technology (IMCSIT), Wisla, Poland, October 20-22, vol. 1 and 2, pp. 752–756. IEEE (2008)Google Scholar
  17. 17.
    Linda, O., Vollmer, T., Manic, M.: Neural Network Based Intrusion Detection System for Critical Infrastructures. In: IEEE International Joint Conference on Neural Networks (IJCNN), Int. Neural Network Soc., Atlanta, GA, June 14-19, vol. 1- 6, pp. 102–109 (2009)Google Scholar
  18. 18.
    Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks-the International Journal of Computer and Telecommunications Networking 34(4), 579–595 (2000)Google Scholar
  19. 19.
    Halley, J.M.: Ecology, evolution and 1f-noise. Trends in Ecology & Evolution 11(1), 33–37 (1996)CrossRefGoogle Scholar
  20. 20.
    Nanas, N., de Roeck, A.: Autopoiesis, the immune system, and adaptive information filtering. Natural Computing 8, 387–427 (2009), doi:10.1007/s11047-008-9068-xMathSciNetCrossRefGoogle Scholar
  21. 21.
    Olusola, A.A., Oladele, A.S., Abosede, D.O.: Analysis of KDD ‘99 Intrusion Detection Dataset for Selection of Relevance Features. In: Ao, S.I., Douglas, C., Grundfest, W.S., Burgstone, J. (eds.) World Congress on Engineering and Computer Science, Int. Assoc. Engn., San Francisco, CA, October 20-22. Lecture Notes in Engineering and Computer Science, vol. 1 and 2, pp. 162–168 (2010)Google Scholar
  22. 22.
    Haykin, S.O.: Neural Networks and Learning Machines, 3rd edn., new york edn. Prentice Hall (2009)Google Scholar
  23. 23.
    Sklar, E.: Software review: NetLogo, a multi-agent simulation environment. Artificial Life 13(3), 303–311 (2007)CrossRefGoogle Scholar
  24. 24.
    Tarakanov, A.O.: Immunocomputing for intelligent intrusion detection. IEEE Computational Intelligence Magazine 3(2), 22–30 (2008)CrossRefGoogle Scholar
  25. 25.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, pp. 1–6 (July 2009)Google Scholar
  26. 26.
    Varela, F.: El Fenómeno de la Vida, 2nd edn. OCEANO, Santiago de Chile (2000)Google Scholar
  27. 27.
    Wilcoxon, F.: Indicidual Comparisons by Ranking Methods. Biometrics Bulletin 1(6), 80–83 (1945)CrossRefGoogle Scholar
  28. 28.
    Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: A review. Applied Soft Computing 10(1), 1–35 (2010)zbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Pedro Pinacho
    • 1
  • Iván Pau
    • 3
  • Max Chacón
    • 2
  • Sergio Sánchez
    • 3
  1. 1.Escuela InformäticaUniversidad Santo TomásConcepciónChile
  2. 2.Departamento de Ingeniería InformáticaUniversidad de SantiagoSantiagoChile
  3. 3.EUIT TelecomunicaciónTechnical University of MadridSpain

Personalised recommendations