Application of Artificial Immune System Algorithms in Anomaly Detection
Anomaly detection is a concept which is widely applied to a number of domains. Anomaly-based intrusion detection system (ABIDS) has the ability to detect previously unknown attacks which are important since new vulnerabilities and attacks are constantly appearing. There are several techniques of anomaly detection techniques which are developed over the years, practically and in research area to observe new attacks on the network systems. This paper proposes the better artificial immune system (AIS) algorithm for anomaly detection. We have taken two datasets; one is the NSL-KDD dataset which purely focuses on intrusion detection (ID) and another Adult dataset which is not meant for ID. Here, we have performed our assessment by using the NSL-KDD dataset which is an altered version of the broadly utilized KDDcup99 dataset. The evaluation for selection of better AIS algorithm is done by several parameters such as accuracy, specificity, False Negative Rate, False discovery Rate, and Negative Predicted Value.
KeywordsAnomaly detection Artificial immune system Intrusion detection system Accuracy Specificity False Negative Rate (FNR) False Discovery Rate (FDR) and Negative Predicted Value (NPV)
- 1.Philippe Esling and Carlos Agon, Time-Series Data Mining, ACM Computing Surveys, Volume 45, No. 1, Article 12 (2012): 1–34.Google Scholar
- 2.Animesh Patcha, Jung-Min Park, “An overview of anomaly detection techniques: Existing solutions and latest technological trends”, Elsevier, Science Direct, Computer Networks, 51, pp. 3448–3470, 2007.Google Scholar
- 3.Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A. Ghorbani: A Detailed Analysis of the KDD CUP 99 Data Set-CISDA 2009.Google Scholar
- 4.KDD Cup 1999 data (https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html) last visited-05/12/2016.
- 5.UCI Machine Learning Repository – Adult Data Set (https://archive.ics.uci.edu/ml/datasets/Adult).
- 6.Denning DE, Neumann PG. Requirements and model for IDES – a real-time intrusion detection system. Computer Science Laboratory, SRI International; 1985. Technical Report #83F83-01-00.Google Scholar
- 7.Ye N, Emran SM, Chen Q, Vilbert S. Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Transactions on Computers 2002; 51(7).Google Scholar
- 8.Detecting hackers (analyzing network traffic) by Poisson model measure. Available from: (http://www.ensc.sfu.ca/people/grad/pwangf/IPSW_report.pdf).
- 9.Estévez-Tapiador JM, García-Teodoro P, Díaz-Verdejo JE. Stochastic protocol modeling for anomaly based network intrusion detection. In: Proceedings of IWIA 2003. IEEE Press, ISBN 0-7695-1886-9; 2003. pp. 3–12.Google Scholar
- 10.Sekar R., Gupta A., Frullo J., Shanbhag T., Tiwari A., Yang H., et al. Specification-based anomaly detection: a new approach for detecting network intrusions. In: Proceedings of the Ninth ACM Conference on Computer and Communications Security; 2002. pp. 265–74.Google Scholar
- 11.Weka: Data Mining Software in Java, (http://www.cs.waikato.ac.nz/~ml/weka/) last visited 02/02/2016.
- 12.Ian H. Witten, Eibe Frank, Mark A. Hall (2011). “Data Mining: Practical machine learning tools and techniques, 3rd Edition”. Morgan Kaufmann, San Francisco. Retrieved 2011-01-19.Google Scholar
- 13.“Antigen”. US National Library of Medicine. Retrieved 2015-07-30.Google Scholar
- 14.Kephart, J. O. (1994). “A biologically inspired immune system for computers”. Proceedings of Artificial Life IV: The Fourth International Workshop on the Synthesis and Simulation of Living Systems. MIT Press. pp. 130–139.Google Scholar