Binary Tree Based Deterministic Positive Selection Approach to Network Security

  • Piotr HońkoEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10646)


Positive selection is one of artificial immune approaches, which finds application in network security. It relies on building detectors for protecting self cells, i.e. positive class objects. Random selection used to find candidates for detectors gives good results if the data is represented in a non-multidimensional space. For a higher dimension many attempts may be needed to find a detector. In an extreme case, the approach may fail due to not building any detector. This paper proposes an improved version of the positive selection approach. Detectors are constructed based on self cells in a deterministic way and they are stored in a binary tree structure. Thanks to this, each cell is protected by at least one detector regardless of the data dimension and size. Results of experiments conducted on network intrusion data (KDD Cup 1999 Data) and other datasets show that the proposed approach produces detectors of similar or better quality in a considerably shorter time compared with the probabilistic version. Furthermore, the number of detectors needed to cover the whole self space can be clearly smaller.


Artificial immune system Positive selection Network security Classification Binary tree 



This work was supported by the grant S/WI/3/13 of the Polish Ministry of Science and Higher Education. The author would like to thank Andrzej Chmielewski for fruitful discussions on artificial immune systems.


  1. 1.
    Aryania, A., Akbari, A., Mohammadi, M., Raahemi, B., Bigdeli, E.: An overlap-aware positive selection algorithm using variable-size detectors. J. Intell. Comp. 5(2), 60–74 (2014)Google Scholar
  2. 2.
    Chikhi, S., Ramdane, C.: A new negative selection algorithm for adaptive network intrusion detection system. Int. J. Inf. Sec. Priv. 8(4), 1–25 (2014)CrossRefGoogle Scholar
  3. 3.
    Chmielewski, A., Wierzchoń, S.T.: Hybrid negative selection approach for anomaly detection. In: Cortesi, A., Chaki, N., Saeed, K., Wierzchoń, S. (eds.) CISIM 2012. LNCS, vol. 7564, pp. 242–253. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33260-9_21 CrossRefGoogle Scholar
  4. 4.
    Dasgupta, D.: An overview of artificial immune systems and their applications. In: Dasgupta, D. (ed.) Artificial Immune Systems and Their Applications, pp. 3–21. Springer, Heidelberg (1999). doi: 10.1007/978-3-642-59901-9_1 CrossRefGoogle Scholar
  5. 5.
    Idris, I., Selamat, A.: Improved email spam detection model with negative selection algorithm and particle swarm optimization. Appl. Soft Comput. 22, 11–27 (2014)CrossRefGoogle Scholar
  6. 6.
    Kim, J., Bentley, P.J.: An evaluation of negative selection in an artificial immune system for network intrusion detection. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), pp. 1330–1337. Morgan Kaufmann (2001)Google Scholar
  7. 7.
    Mostardinha, P., Faria, B.F., Zúquete, A., Vistulo de Abreu, F.: A negative selection approach to intrusion detection. In: Coello Coello, C.A., Greensmith, J., Krasnogor, N., Liò, P., Nicosia, G., Pavone, M. (eds.) ICARIS 2012. LNCS, vol. 7597, pp. 178–190. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33757-4_14 CrossRefGoogle Scholar
  8. 8.
    Peng, L., Chen, Y.: Positive selection-inspired anomaly detection model with artificial immune. In: 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC 2014), Shanghai, China, 13–15 October 2014, pp. 56–59. IEEE Computer Society (2014)Google Scholar
  9. 9.
    Read, M., Andrews, P.S., Timmis, J.: An introduction to artificial immune systems. In: Rozenberg, G., Bäck, T., Kok, J.N. (eds.) Handbook of Natural Computing, pp. 1575–1597. Springer, Heidelberg (2012). doi: 10.1007/978-3-540-92910-9_47 CrossRefGoogle Scholar
  10. 10.
    Sim, K.B., Lee, D.W.: Modeling of positive selection for the development of a computer immune system and a self-recognition algorithm. Int. J. Control Autom. Syst. 1(4), 453–458 (2003)Google Scholar
  11. 11.
    Stibor, T., Mohr, P., Timmis, J., Eckert, C.: Is negative selection appropriate for anomaly detection? In: Proceedings of the ACM SIGEVO Genetic and Evolutionary Computation Conference (GECCO-2005). ACM Press, Washington, D.C. (2005)Google Scholar
  12. 12.
    Stibor, T., Timmis, J., Eckert, C.: On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system. In: Proceedings of the Congress on Evolutionary Computation (CEC-2005). IEEE Press, Edinburgh (2005)Google Scholar
  13. 13.
    Zhang, F., Qi, D.: Run-time malware detection based on positive selection. J. Comp. Vir. 7(4), 267–277 (2011)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Faculty of Computer ScienceBialystok University of TechnologyBiałystokPoland

Personalised recommendations