Binary Tree Based Deterministic Positive Selection Approach to Network Security
Positive selection is one of artificial immune approaches, which finds application in network security. It relies on building detectors for protecting self cells, i.e. positive class objects. Random selection used to find candidates for detectors gives good results if the data is represented in a non-multidimensional space. For a higher dimension many attempts may be needed to find a detector. In an extreme case, the approach may fail due to not building any detector. This paper proposes an improved version of the positive selection approach. Detectors are constructed based on self cells in a deterministic way and they are stored in a binary tree structure. Thanks to this, each cell is protected by at least one detector regardless of the data dimension and size. Results of experiments conducted on network intrusion data (KDD Cup 1999 Data) and other datasets show that the proposed approach produces detectors of similar or better quality in a considerably shorter time compared with the probabilistic version. Furthermore, the number of detectors needed to cover the whole self space can be clearly smaller.
KeywordsArtificial immune system Positive selection Network security Classification Binary tree
This work was supported by the grant S/WI/3/13 of the Polish Ministry of Science and Higher Education. The author would like to thank Andrzej Chmielewski for fruitful discussions on artificial immune systems.
- 1.Aryania, A., Akbari, A., Mohammadi, M., Raahemi, B., Bigdeli, E.: An overlap-aware positive selection algorithm using variable-size detectors. J. Intell. Comp. 5(2), 60–74 (2014)Google Scholar
- 6.Kim, J., Bentley, P.J.: An evaluation of negative selection in an artificial immune system for network intrusion detection. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), pp. 1330–1337. Morgan Kaufmann (2001)Google Scholar
- 7.Mostardinha, P., Faria, B.F., Zúquete, A., Vistulo de Abreu, F.: A negative selection approach to intrusion detection. In: Coello Coello, C.A., Greensmith, J., Krasnogor, N., Liò, P., Nicosia, G., Pavone, M. (eds.) ICARIS 2012. LNCS, vol. 7597, pp. 178–190. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33757-4_14 CrossRefGoogle Scholar
- 8.Peng, L., Chen, Y.: Positive selection-inspired anomaly detection model with artificial immune. In: 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC 2014), Shanghai, China, 13–15 October 2014, pp. 56–59. IEEE Computer Society (2014)Google Scholar
- 10.Sim, K.B., Lee, D.W.: Modeling of positive selection for the development of a computer immune system and a self-recognition algorithm. Int. J. Control Autom. Syst. 1(4), 453–458 (2003)Google Scholar
- 11.Stibor, T., Mohr, P., Timmis, J., Eckert, C.: Is negative selection appropriate for anomaly detection? In: Proceedings of the ACM SIGEVO Genetic and Evolutionary Computation Conference (GECCO-2005). ACM Press, Washington, D.C. (2005)Google Scholar
- 12.Stibor, T., Timmis, J., Eckert, C.: On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system. In: Proceedings of the Congress on Evolutionary Computation (CEC-2005). IEEE Press, Edinburgh (2005)Google Scholar