Skip to main content

Advertisement

SpringerLink
Log in

Immune system approaches to intrusion detection – a review

  • Published:
Natural Computing Aims and scope Submit manuscript

Abstract

The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. First, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Second, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we review the algorithms used, the development of the systems and the outcome of their implementation. We provide an introduction and analysis of the key developments within this field, in addition to making suggestions for future research.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. http://discovery.csc.ncsu.edu/software/correlator/

  2. http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/

  3. http://www.enterasys.com/products/ids/

  4. http://www.imperva.com/products/securesphere/

  5. http://www.iss.net

  6. http://www.prelude-ids.org

  7. Aickelin U, Greensmith J and Twycross J (2004) Immune system approaches to intrusion detection – a review. In: Proceedings ICARIS-2004, 3rd International Conference on Artificial Immune Systems, LNCS 3239, pp. 316–329, Springer-Verlag, Catania, Italy

  8. Aickelin U, Bentley P, Cayzer S, Kim J and McLeod J (2003) Danger theory: The link between ais and ids. In: Proceedings of the Second International Conference on Artificial Immune Systems (ICARIS-03), pp. 147–155

  9. Aickelin U and Cayzer S (2002) The danger theory and its application to ais. In: Timmis J and Bentley PJ (eds) Proceeding of the First International Conference on Artificial Immune System (ICARIS-2002), University of Kent at Canterbury, UK, September 2002, pp. 141–148. University of Kent at Canterbury Printing Unit.

  10. Axelsson S (1999) Intrusion detection systems: a survey and taxonomy. Technical Report No 99–15, Chalmers University of Technology, Sweden

  11. Ayara M, Timmis J, de Lemos R, de Castro LN and Duncan R (2002) Negative selection: how to generate detectors. In: Timmis J and Bentley P (eds) Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS'-02), Cantebury, UK, September 2002, pp. 89–98

  12. Balthrop J (2004) Personal communication, November

  13. Balthrop J, Esponda F, Forrest S and Glickman M (2002) Coverage and generalization in an artificial immune system. In: Proceedings of GECCO, pp. 3–10

  14. Balthrop J, Forrest S and Glickman M (2002) Revisiting lisys: parameters and normal behaviour. Proceedings of the Congress on Evolutionary Computation, pp. 1045–1050

  15. Begnum K and Burgess M (2003) A scaled, immunological approach to anomaly countermeasures (combining ph with cfengine). Integrated Network Management, pp. 31–42

  16. Bentley P, Greensmith J and Ujin S (2005) Two ways to grow tissue for artificial immune systems. In: Jacob C, Pilat MJ, Bentley PJ and Timmis J (eds) Proceeding of the 4th International Conference on Artificial Immune Systems (ICARIS-2005), Vol. 3627, Lecture Notes in Computer Science, Banff, Alta., Canada, August 2005, pp. 139–152. Springer

  17. Blake CL and Merz CJ (1998) Uci repository of machine learning databases. http://www.ics.uci.edu/mlearn/MLRepository.htm.. Irvine, CA: University of California, Department of Information and Computer Science

  18. Le Boudec J and Sarafijanovic S (2003) An artificial immune system approach to misbehavior detection in mobile ad-hoc networks. Technical Report IC/2003/59, Ecole Polytechnique Federale de Lausanne

  19. Le Boudec J and Sarafijanovic S (2004) An artificial immune system approach to misbehavior detection in mobile ad-hoc networks. In: Proceedings of Bio-ADIT 2004 (The First International Workshop on Biologically Inspired Approaches to Advanced Information Technology), Lausanne, Switzerland, January 2004, pp. 96–111

  20. Burgess M (1998) Computer immunology. In: Proceeding of the Systems Administration Conference (LISA-98), pp. 283–297

  21. Burgess M (2000) Evaluating cfegine's immunity model of site maintenance. In: Proceeding of the 2nd SANE System Administration Conference (USENIX/NLUUG)

  22. Burgess M (2001) Recent developments in cfengine. In: Proceedings of the 2nd Unix.nl Conference, Netherlands

  23. Burgess M (2002) Two dimensional time-series for anomaly detection and regulation in adaptive systems. In: Feridum M et al. (eds) Proceedings of 13th IFIP/IEEE International Workshop on Distributed System, Operations and Management (DSOM 2002), Vol. 2506, Lecture Notes in Computer Science, pp. 169–180. Springer-Verlag

  24. Burgess M (2004) Configurable immunity for evolving human-computer systems. Science of Computer Programming 51:197–213

    Article  MATH  MathSciNet  Google Scholar 

  25. Burgess M (2004) Principle components and importance ranking of distributed anomalies. Machine Learning 58: 217–230

    Google Scholar 

  26. Burgess M (2006) Probabilistic anomaly detection in distributed computer networks. Science of Computer Programming 60: 1–26

    Article  MATH  MathSciNet  Google Scholar 

  27. De Castro LN and Von Zuben FJ (2000) An evolutionary immune network for data clustering. In: França FMG and Ribeiro CHC (eds) Proceedings of 6th Brazilian Symposium on Neural Networks (SBRN 2000), pp. 84–89. IEEE Computer Society

  28. Dain O and Cunningham RK (2001) Fusing a hetrogenous alert stream into scenarios. In: ACM Workshop on Data Mining for Security Applications, pp. 1–13

  29. Dasgupta D (1999) Immunity-based intrusion detection systems: a general framework. In: Proceeding of the 22nd National Information Systems Security Conference (NISSC), October 1999

  30. Dasgupta D and Brian H (2001) Mobile security agent for network traffic analysis. In: Proceeding of DARPA Information Survivability Conference and Exposition II (DISCEX-II), June 2001, Anaheium, CA

  31. Dasgupta D, Gonzalez F (2002) An immunity-based technique to characterize intrusions in computer networks. IEEE Transactions on Evolutionary Computation 6(3):281–291

    Article  Google Scholar 

  32. de Castro L and Timmis J (2002) Artificial Immune Systems: A New Computational Intelligence Approach. Springer

  33. de Paula FS, de Castro LN and de Geus PL (2004) An intrusion detection system using ideas from the immune system. In: Proceeding of IEEE Congress on Evolutionary Computation (CEC-2004), Portland, OR, USA, June 2004, pp. 1059–1066

  34. Debar H, Becker M and Siboni D (1992) A neural network component for an intrusion detection system. In: SP '92: Proceedings of the 1992 IEEE Symposium on Security and Privacy, p. 240. IEEE Computer Society

  35. Debar H, Dacier M, Wespi A (2000) A revised taxonomy of intrusion-detection systems. Annales des Telecommunications 55:83–100

    Google Scholar 

  36. D'haeseleer P, Forrest S and Helman P (1996) An immunological approach to change detection: theoretical results. In: Proceedings of the 9th IEEE Computer Security Foundations Workshop, Washington, DC, USA, pp. 18–27. IEEE Computer Society

  37. D'haeseleer P, Forrest S and Helman P (1996) An immunology approach to change detection: algorithm, analysis and implications. In: Proceeding of 1996 IEEE Symposium on Computer Security and Privacy, Los Alamitos, CA, pp. 110–119. IEEE Computer Society

  38. Dozier G, Brown D, Hurley J and Cain K (2004) Vulnerability analysis of immunity-based intrusion detection systems using evolutionary hackers. In: Deb K et al. (eds) Genetic and Evolutionary Computation – GECCO-2004, Part I, Vol. 3102, Lecture Notes in Computer Science, Seattle, WA, USA, 26–30 June 2004, pp. 263–274. ISGEC, Springer-Verlag

  39. Ebner M, Breunig H and Albert J (2002) On the use of negative selection in an artificial immune system. In: Proceedings of GECCO-2002, New York, USA, July 2002, pp. 957–964. Morgan Kaufmann

  40. Eiben A, Hinterding R, Michalewicz Z (1999) Parameter control in evolutionary algorithms. IEEE Transactions on Evolutionary Computation 3:124–141

    Article  Google Scholar 

  41. Esponda F, Forrest S and Helman P (2003) The crossover closure and partial match detection. In: Timmis J, Bentley P and Hart E (eds) Proceedings of the 2nd International Conference on Artificial Immune Systems (ICARIS'-03), Vol. 2787, Lecture Notes in Computer Science, Edinburgh, UK, September 2003, pp. 249–260. Springer-Verlag

  42. Esponda F, Forrest S, Helman P (2004) A formal framework for positive and negative detection schemes. IEEE Transactions on Systems, Man, and Cybernetics Part B Cybernetics 34(1):357–373

    Article  Google Scholar 

  43. Fang L and Le-Ping L (2005) Unsupervised anomaly detection based on an evolutionary artificial immune network. In: Rothlauf F et al. (eds) Proceeding of Applications of Evolutionary Computing, EvoWorkshops-2005, Vol. 3449, Lecture Notes in Computer Science, pp. 166–174. Springer

  44. Farmer JD, Packard NH, Perelson AS (1986) The immune system, adaptation and machine learning. Physica D 22:187–204

    Article  MathSciNet  Google Scholar 

  45. Forrest S, Perelson AS, Allen L and Cherukuri R (1994) Self–nonself discrimination in a computer. In: Proceedings of the 1994 IEEE Symposium on Security and Privacy, p. 202. IEEE Computer Society

  46. Garrett SM (2005) How do we evaluate artificial immune systems?. Evolutionary Computation, 13(2):145–178

    Article  Google Scholar 

  47. Glickman M, Balthrop J, Forrest S (2005) A machine learning evaluation of an artificial immune system. Evolutionary Computation 13(2):179–212

    Article  Google Scholar 

  48. Goldsby RA, Kindt TJ, Osborne BA, and Freeman WH (2002) Kubi Immunology. W.H. Freeman and Co., 5th ed

  49. Gomez J, Gonzalez F and Dasgupta D (2003) An immuno-fuzzy approach to anomaly detection. In: Proceedings of the 12th IEEE International Conference on Fuzzy Systems (FUZZIEEE), Vol. 2, May 2003, pp. 1219–1224

  50. Gonzalez F (2003) A study of artificial immune systems applied to anomaly detection. PhD thesis, The University of Memphis, May 2003

  51. Gonzalez F, Dagupta D and Gomez J (2003) The effect of binary matching rules in negative selection. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO)-2003, Vol. 2723, Lecture Notes in Computer Science, July 2003, pp. 198–209. Springer-Verlag

  52. Gonzalez F, Dagupta D and Nino LF (2003) A randomized real-valued negative selection algorithm. In: Timmis J, Bentley P and Hart E (eds) Proceedings of the 2nd International Conference on Artificial Immune Systems (ICARIS-2003), Vol. 2787, Lecture Notes in Comupter Science, Edinburgh, UK, September 2003, pp. 261–272. Springer

  53. Gonzalez F, Dasgupta D and Kozma R (2002) Combining negative selection and classification techniques for anomaly detection. In: IEEE (ed) Proceedings of the Congress on Evolutionary Computation (CEC-2002), Honolulu, HI, May 2002, pp. 705–710

  54. Gonzalez F and Dasgupta D (2002) An imunogenetic technique to detect anomalies in network traffic. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), New York, July 2002, pp. 1081–1088. Morgan Kaufmann

  55. Gonzalez F, Dasgupta D (2003) Anomaly detection using real-valued negative selection. Journal of Genetic Programming and Evolvable Machines 4:383–403

    Article  Google Scholar 

  56. Gonzalez FA, Galeano JC, Rojas DA and Veloza-Suan A (2005) Discriminating and visualizing anomalies using negative selection and self-organizing maps. In: Beyer H-G et al. (eds) GECCO 2005: Proceedings of the 2005 Conference on Genetic and Evolutionary Computation, Vol. 1, Washington DC, USA, 25–29, June 2005, pp. 297–304. ACM SIGEVO (formerly ISGEC), ACM Press

  57. Gonzalez LJ and Cannady J (2004) A self-adaptive negative selection approach for anomaly detection. In: Proceedings of the 2004 Congress of Evolutionary Computation (CEC-2004), pp. 1561–1568. IEEE Computer Society

  58. Greensmith J, Aickelin U and Cayzer S (2005) Introducing dendritic cells as a novel immune inspired algorithm for anomaly detection. In: Jacob C, Pilat MJ, Bentley PJ and Timmis J (eds) Proceeding of the 4th International Conference on Artificial Immune Systems (ICARIS-2005), Vol. 3627, Lecture Notes in Computer Science, Banff, Alberta, Canada, August 2005, pp. 153–167. Springer

  59. Hang X and Dai H (2004) Constructing detectors in schema complementary spce for anomaly detection. In: Deb K et al. (eds) Proceedings of GECCO'2004, Vol. 3102, Lecture Notes in Computer Science, pp. 275–286. Springer-Verlag

  60. Hang X and Dai H (2005) Applying both positive and negative selection to supervised learning for anomaly detection. In: Beyer H-G et al. (eds) GECCO 2005: Proceedings of the 2005 Conference on Genetic and Evolutionary Computation, Vol. 1, Washington DC, USA, 25–29 June 2005, pp. 345–352. ACM SIGEVO (formerly ISGEC), ACM Press

  61. Harmer PK, Williams PD, Gunsch GH, Lamont GB (2002) An artificial immune system architecture for computer security applications. IEEE Transactions on Evolutionary Computation 6(3):252–280

    Article  Google Scholar 

  62. Hofmeyr S (1999) An immunological model of distributed detection and its application to computer security. PhD thesis, University Of New Mexico

  63. Hofmeyr S, Forrest S (1998) Intrusion detection using sequences of system calls. Journal of Computer Security 6:151–180

    Google Scholar 

  64. Hofmeyr S and Forrest S (1999) Immunity by design. Proceedings of GECCO, pp. 1289–1296

  65. Hofmeyr S, Forrest S (2000) Architecture for an artificial immune system. Evolutionary Computation 7(1):45–68

    Google Scholar 

  66. Holland JH (1995) Hidden Order. Addisson Wesley

  67. Hortos WS (2003) An artificial immune system for securing mobile ad hoc networks against intrusion attacks. In: Priddy KL and Angeline PJ (eds) Proceeding of SPIE, Vol. 5103, Intelligent Computing: Theory and Applications, pp. 74–91

  68. Hou H and Dozier G (2005) Immunity-based intrusion detection system design, vulnerability analysis, and the genertia genetic arms race. In: Haddad H et al. (eds) Proceedings of the 2005 ACM Symposium on Applied Computing, Santa Fe, New Mexico, 13–17 March 2005, pp. 961–965. ACM Press

  69. Jackson K, DuBois D and Stallings C (1994) The nides statistical component description and justification Technical Report Annual Report, A010, Computer Science Laboratory, SRI International, Menlo Park, CA, March 1994

  70. Jerne NK (1974) Towards a network theory of the immune system. Annals of Immunology

  71. Ji Z and Dasgupta D (2004) Augmented negative selection algorithm with variable-coverage detectors. In: Proceedings of Congress on Evolutionary Computation (CEC-04), Portland, Oregon (U.S.A.), June 2004, pp. 1081–1088

  72. Ji Z and Dasgupta D (2004) Real-valued negative selection using variable-sized detectors. In: Deb K et al. (eds) Proceeding of Genetic and Evolutionary Computation Conference (GECCO-2004), Lecture Notes in Computer Science, Seattle, WA, June 2004, pp. 287–298. Springer-Verlag

  73. Ji Z and Dasgupta D (2005) Estimating the detector coverage in a negative selection algorithm. In: Beyer H-G et al. (eds) GECCO 2005: Proceedings of the 2005 Conference on Genetic and Evolutionary Computation, Vol. 1, Washington, DC, USA, 25–29 June 2005, pp. 281–288. ACM SIGEVO (formerly ISGEC), ACM Press

  74. Trapnell BC Jr (2005) A peer-to-peer blacklisting strategy inspired by leukocyte-endothelium interaction. In: Jacob C, Pilat ML, Bentley PJ and Timmis J (eds) Proceedings of the 4th International Conference on Artificial Immune Systems-2005, Vol. 3627, Lecture Notes in Computer Science, Banff, Alta., Canada, August 2005, pp. 362–373. Springer

  75. Kaers J, Wheeler R and Verrelst H (2003) The effect of antibody morphology on non-self detection. In: Timmis J, Bentley P and Verrelst H (eds) Proceedings of the 2nd International Conference on Artificial Immune Systems (ICARIS-03), Vol. 2787, Lecture Notes on Computer Science, Edinburgh, UK, September 2003, pp. 285–295. Springer-Verlag

  76. Kephart J (1994) A biologically inspired immune system for computers. In: Proceedings of the Fourth International Workshop on Synthesis and Simulatoin of Living Systems, Artificial Life IV, pp. 130–139

  77. Kephart JO, Sorkin GB, Arnold WC, Chess DM, Teasuro GJ and White SR (1997) Biologically Inspired Defences against Computer Viruses, pp. 313–334. Machie Learning and Data Mining: Method and Applications. John-Wiley & Son

  78. Kephart JO, Sorkin GB, Swimmer M and White SR (1998) Blueprint for a Computer Immune System, pp. 241–261. Artificial Immune Systems and Their Applications. Springer-Verlag

  79. Kim G and Spafford EH (1993) The design of a system integrity monitor: Tripwire. Technical Report, Department of Computer Sciences, Purdue University (CSD-TR- 93–071)

  80. Kim J and Bentley P (1999) The artificial immune model for network intrusion detection. In: Proceeding of European Congress on Intelligent Techniques and Soft Computing (EUFIT '99), Aachen, Germany, September 1999

  81. Kim J and Bentley P (1999) The human immune system and network intrusion detection. In: Proceeding of European Congress on Intelligent Techniques and Soft Computing (EUFIT '99), Aachen, Germany, September 1999

  82. Kim J and Bentley P (2001) Evaluating negative selection in an artificial immune system for network intrusion detection. In: Proceedings of GECCO, July 2001, pp. 1330–1337

  83. Kim J and Bentley P (2002) Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection. In: Proceeding of the Congress on Evolutionary Computation (CEC-2002), Honolulu, Hawaii, May 2002, pp. 1015–1020

  84. Kim J, Bentley P (2004) Immune memory and gene library evolution in the dynamical clonal selection algorithm. Journal of Genetic Programming and Evolvable Machines 5(4):361–391

    Article  Google Scholar 

  85. Kim J and Bentley PJ (2001) Towards an artificial immune system for network intrusion detection: an investigation of clonal selection with a negative selection operator. In: Proceeding of the Congress on Evolutionary Computation (CEC- 2001), Seoul, Korea, pp. 1244–1252

  86. Kim J, Greensmith J, Twycross J and Aickelin U (2005) Malicious code execution detection and response immune system inspired by the danger theory. Adaptive and Resilient Computing Security Workshop (ARCS-05), November 2005

  87. Kim J, Wilson W, Aickelin U and McLeod J (2005) Cooperative automated worm response and detection immune algorithm (cardinal) inspidred by t-cell immunity and tolerance. In: Jacob C, Pilat MJ, Bentley PJ and Timmis J (eds) Proceeding of the 4th National Conference on Artificial Immune Systems (ICARIS-2005), Vol. 3627, Lecture Notes in Computer Science, Banff, Alta., Canada, August 2005, pp. 168–181. Springer

  88. Kim JW (2002) Integrating Artificial Immune Algorithms for Intrusion Detection. PhD thesis, University College London

  89. Lincoln Labs (1999) dataset. MIT Lincoln Labs

  90. Lamont GB, Marmelstein RE and Van Veldhuizen DA (1999) A Distributed Architecture for a Self-Adaptive Computer Virus Immune System, pp. 167–183. New Ideas in Optimization, Advanced Topics in Computer Science Series. McGrow-Hill, London

  91. Leach J and Tedesco G (2003) Firestorm network intrusion detection system. Firestorm Documentation

  92. Lundin E and Jonsson E (2002) Survey of research in the intrusion detection area. Technical Report 02–04, Department of Computer Engineering, Chalmers University of Technology, Goteborg, Sweden, January 2002

  93. Matzinger P (1994) Tolerance, danger, and the extended family. Annual Review of Immunology 12:991–1045

    Google Scholar 

  94. Melnikov Y and Tarakanov AO (2003) Immunocomputing model of intrusion detection. In: Computer Network Security, Second International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2003, St. Petersburg, Russia, 21–23 September 2003, Proceedings, pp. 453–456

  95. Ning P, Xu D, Healey CG and Amant RS (2004) Building attack scenarios through integration of complementary alert correlation method. In: NDSS

  96. NIST (2001) Intrusion detection systems. NIST Computer Science Special Reports SP 800–31, November 2001

  97. Northcutt S and Novak J (2003) Network Intrusion Detection. New Riders, 3rd ed

  98. Nessus Project. http://www.nessus.org

  99. Roesch M and Green C (2003) Snort users manual snort release: 2.0.1. Snort Documentation

  100. Sarafijanovic S and Le Boudec J (2003) An artificial immune system approach with secondary response for misbehavior detection in mobile ad-hoc networks. Technical Report IC/2003/65, Ecole Polytechnique Federale de Lausanne

  101. Sarafijanovic S and Le Boudec J (2004) An artificial immune system for misbehavior detection in mobile ad-hoc networks with virtual thymus, clustering, danger signal and memory detectors. In: Proceedings of the 3rd International Conference on Artificial Immune Systems (ICARIS'-04), Catania, Italy, September 2004, pp. 342–356

  102. Shapiro JM, Lamont GB and Peterson GL (2005) An evolutionary algorithm to generate hyper-ellipsoid detectors for negative selection. In: Beyer H-G et al. (eds) GECCO 2005: Proceedings of the 2005 Conference on Genetic and Evolutionary Computation, Vol. 1, Washington, DC, USA, 25–29 June 2005, pp. 337–344. ACM SIGEVO (formerly ISGEC), ACM Press

  103. Singh S (2002) Anomaly detection using negative selection based on the r-contiguous matching rule. In: Timmis J and Bentley PJ (eds) Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS'-02), Canterbury, UK, September 2002, pp. 99–106

  104. Smith RE, Forrest S, Perelson AS (1993) Searching for diverse, cooperative population with genetic algorithms. Evolutionary Computation 1(2):127–149

    Google Scholar 

  105. Somayaji A, Forrest S, Hofmeyr S, and Longstaff T (1996) A sense of self for unix processes. IEEE Symposium on Security and Privacy, pp. 120–128

  106. Somayaji A, Hofmeyr S and Forrest S (1997) Principles of a computer immune system. In: Proceeding of New Security Workshop, Langdale, Cumbria, pp. 75–82

  107. Somayaji AB (2002) Operating system stability and security through process homeostasis. PhD thesis, University Of New Mexico

  108. Staniford S, Hoagland J, McAlerney J (2002) Practical automated detection of stealthy portscans. Journal of Computer Security 10(1–2):105–126

    Google Scholar 

  109. Stibor T, Bayarou KM and Eckert C (2004) An investigation of r-chunk detector generation on higher alphabets. In: Deb K et al. (eds) Proceedings of GECCO' 2004, Vol. 3102, Lecture Notes in Computer Science, pp. 299–307

  110. Stibor T, Mohr P, Timmis J and Eckert C (2005) Is negative selection appropriate for anomaly detection? In: Beyer H-G et al. (eds) GECCO 2005: Proceedings of the 2005 Conference on Genetic and Evolutionary Computation, Vol. 1, Washington, DC, USA, 25–29 June 2005, pp. 321–328. ACM SIGEVO (formerly ISGEC), ACM Press

  111. Stibor T, Timmis J and Eckert C (2005) A comparative study of real-valued negative selection to statistical anomaly detection techniques. In: Jacob C, Pilat MJ, Bentley PJ and Timmis J (eds) Proceedings of the 4th International Conference on Artificial Immune Systems (ICARIS-2005), Vol. 3627, Lecture Notes in Computer Science, Banff, Alta., Canada, August 2005, pp. 262–275. Springer

  112. Stibor T, Timmis J and Eckert C (2005) On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system. In: Proceedings of the Congress on Evolutionary Computation (CEC-2005), Edinburgh, UK, September 2005, pp. 995–1002. IEEE Press

  113. Stillerman M, Marceau C, Stillman M (1999) Intrusion detection for distributed application. Communications of the ACM 42(7):62–69

    Article  Google Scholar 

  114. Twycross J and Aickelin U (2005) Towards a conceptual framework for innate immunity. In: Jacob C, Pilat MJ, Bentley PJ and Timmis J (eds) Proceeding of the 4th International Conference on Artificial Immune Systems (ICARIS-2005), Vol. 3627, Lecture Notes in Computer Science, Banff, Alta., Canada, August 2005, pp. 112–125. Springer

  115. Valdes A and SkinnerK (2001) Probabilistic alert correlation. In: RAID '00: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp. 54–68. Springer-Verlag

  116. White SR, Swimmer M, Pring EJ, Arnold WC, Chess DM and Morar JF (2000) Anatomy of a commercial-grade immune system. http://www.research.ibm.com/ antivirus/SciPapers.htm

  117. Wierzchon ST (2000) Discriminative power of the receptors activated by k-contigous bits rule. Journal of Computer Science and Technology, Special Issue on Research in Computer Science 1(3):1–13

    Google Scholar 

  118. Wierzchon ST (2000) Generating Optimal Repertoire of Antibody Strings in an Artificial Immune System, pp. 119–133. Intelligent Information Systems, Advances in Soft Computing Series of Physica-Verlag. Physica-Verlag, Heidelberg, New York

  119. Wierzchon ST (2001) Deriving a Concise Description of Non-Self Pattern in an Artificial Immune System, pp. 438–458. New Learning Paradigm in Soft Computing. Physica-Verlag, Heidelberg, New York

  120. Xie Y, Kim H, O'Hallaron DR, Reiter MlK, Zhang H (2004) Seurat: a pointillist approach to anomaly detection. In: RAID, pp. 238–257

  121. Zeng X, Bagrodia R and Gerla M (1998) Glomosim: a library for parallel simulation of large scale wireless networks. In: Proceedings of the 12th Workshop on Parallel and Distributed Simulations (PDAS' 98), Banff, Alberta, Canada, May 1998

Download references

Acknowledgements

This project is supported by the EPSRC (GR/S47809/01), Hewlett- Packard Labs, Bristol, and the Firestorm intrusion detection system team.

Author information

Authors and Affiliations

  1. Department of Computer Science, University College London, London, UK

    Jungwon Kim & Peter J. Bentley

  2. School of Computer Science, University of Nottingham, Nottingham, UK

    Uwe Aickelin, Julie Greensmith & Jamie Twycross

  3. Firestorm Development Team, Bradford, UK

    Gianni Tedesco

Authors
  1. Jungwon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peter J. Bentley
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Uwe Aickelin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Julie Greensmith
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Gianni Tedesco
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jamie Twycross
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peter J. Bentley.

Appendix

Appendix

 

Appendix 1 Glossary and abbreviations of commonly used terms
Full size table

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kim, J., Bentley, P.J., Aickelin, U. et al. Immune system approaches to intrusion detection – a review. Nat Comput 6, 413–466 (2007). https://doi.org/10.1007/s11047-006-9026-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11047-006-9026-4

Keywords

Search

Navigation