Keywords

Introduction

Over the last decade, a new theory has become popular amongst immunologists. It is called the Danger Theory, and its chief advocate is Matzinger [13]. A variety of contextual clues may be essential for a meaningful danger signal, and immunological studies will provide a framework of ideas as to how ‘danger’ is assessed in the HIS. The danger signals should show up after limited attack to minimize damage and therefore have to be quickly and automatically measurable. Once the danger signal has been transmitted, the artificial immune systems (AIS) should react to those artificial antigens that are ‘near’ the emitter of the danger signal. A number of advantages are claimed for this theory; not least that it provides a method of ‘grounding’ the immune response. The theory is not complete, and there are some doubts about how much it actually changes behavior and or structure. Nevertheless, the theory contains enough potentially interesting ideas to make it worth assessing its relevance to AIS. Few other AIS practitioners are aware of the Danger Theory, notable exceptions being Burgess [4] and Willamson [5]. Hence, this deals directly with the Danger Theory. In the next section, we provide an overview of the Danger Theory, pointing out, where appropriate, some analogies in current AIS models. We then discuss about anomaly detection for AIS.

Danger Theory

The AIS are computational systems designed on the principles of natural Immune System (IS), which is highly distributed, adaptive and diverse system [6]. Danger Theory is presented with particular emphasis on analogies in the Artificial Immune Systems world [7, 8]. The idea is that the artificial cells release signals describing their status, e.g., safe signals and danger signals. The immune system is commonly thought to work at three levels: External barriers (skin, mucus), innate immunity, and the acquired or adaptive immune system. As part of the third and most complex level, B Lymphocytes secrete specific antibodies that recognize and react to stimuli. It is this pattern matching between antibodies and antigens that lie at the heart of most Artificial Immune System implementations. Another type of cell, the T (killer) lymphocyte, is also important in different types of immune reactions. Although not usually present in AIS models, the behavior of this cell is implicated in the Danger model and so it is included here. From the AIS practitioner’s point of view, the T killer cells match stimuli in much the same way as antibodies do. It is fundamental that only the ‘correct’ cells are matched as otherwise this could lead to a self-destructive autoimmune reaction. Classical immunology [9] stipulates that an immune response is triggered when the body encounters something non-self or foreign. It is not yet fully understood how this self-non-self discrimination is achieved, but many immunologists believe that the difference between them is learnt early in life. In particular it is thought that the maturation process plays an important role to achieve self-tolerance by eliminating those T and B cells that react to self. In addition, a ‘confirmation’ signal is required; that is, for either B cell or T (killer) cell activation, a T (helper) lymphocyte must also be activated. Matzinger’s Danger Theory debates this point of view (for a good introduction, see Matzinger [1]). Technical overviews can be found in Matzinger [2] and Matzinger [3]. Danger Theory clearly has many facets and intricacies, and we have touched on only a few. It might be instructive to list a number of considerations for an Artificial Immune System practitioner regarding the suitability of the danger model for their application. The basic consideration is whether negative selection is important. If so, then these points may be relevant:

  • Negative selection is bound to be imperfect, and therefore auto-reactions (false positives) are inevitable.

  • The self-/non-self boundary is blurred since self- and non-self antigens often share common regions.

  • Self changes over time. Therefore, one can expect problems with memory cells, which later turn out to be inaccurate or even auto-reactive.

If these points are sufficient to make a practitioner consider incorporating the Danger Theory into their model, then the following considerations may be instructive:

  1. 1.

    A danger model requires an antigen-presenting cell, which can present an appropriate danger signal.

  2. 2.

    ‘Danger’ is an emotive term. The signal may have nothing to do with danger

  3. 3.

    The appropriate danger signal can be positive (presence of signal) or negative (absence).

  4. 4.

    The danger zone in biology is spatial. In Artificial Immune System applications, some other measure of proximity (for instance temporal) may be used.

  5. 5.

    If there is an analogue of an immune response, it should not lead to further danger signals. In biology, killer cells cause a normal cell death, not danger.

  6. 6.

    Matzinger proposes priming killer cells via antigen presenting cells for greater effect. Depending on the immune system used (it only makes sense for spatially distributed models) this proposal may be relevant.

  7. 7.

    There are a variety of considerations that are less directly related to the danger model. For example, migration—how many antibodies receive signal one/two from a given antigen-presenting cell? In addition, the Danger Theory relies on concentrations, i.e., continuous not binary matching.

This theory is borne out of the observation that there is no need to attack everything that is foreign, something that seems to be supported by the counter examples above. In this theory, danger is measured by damage to cells indicated by distress signals that are sent out when cells die an unnatural death (cell stress or lytic cell death, as opposed to programmed cell death, or apoptosis). Figure 1 depicts how we might picture an immune response according to the Danger Theory. A cell that is in distress sends out an alarm signal, whereupon antigens in the neighborhood are captured by antigen-presenting cells such as macrophages, which then travel to the local lymph node and present the antigens to lymphocytes. Essentially, the danger signal establishes a danger zone around itself. Thus, B cells producing antibodies that match antigens within the danger zone get stimulated and undergo the clonal expansion process. Those that do not match or are too far away do not get stimulated.

Fig. 1
figure 1

Danger theory model

Full size image

Another way of looking at the danger model is to see it as an extension of the Two-signal model by Bretscher and Cohn [10]. In this model, the two signals are antigen recognition (signal one) and co-stimulation (signal two).

Co-stimulation is a signal that means “this antigen really is foreign” or, in the Danger Theory, “this antigen really is dangerous”. How the signal arises will be explained later. The Danger Theory then operates by applying three laws to lymphocyte behavior (the laws of lymphotics [11]):

Law 1. Become activated if you receive signals one and two together. Die if you receive signal one in the absence of signal two. Ignore signal two without signal one.

Law 2. Accept signal two from antigen-presenting cells only (or, for B cells, from T helper cells). B cells can act as antigen-presenting cells only for experienced (memory) T cells. Note that signal one can come from any cells, not just antigen-presenting cells.

Law 3. After activation (activated cells do not need signal two) revert to resting state after a short time.

For the mature lymphocyte, (whether virgin or experienced) these rules are adhered to. However, there are two exceptions in the lymphocyte lifecycle. First, immature cells are unable to accept signal two from any source. This enables an initial negative selection screening to occur. Second, activated (effector) cells respond only to signal one (ignoring signal two), but revert to the resting state shortly afterwards.

The Danger Theory and Some Affinity to AIS

Danger Theory clearly has many features and dilemmas, and we have touched on only a few. It might be instructive to list a number of considerations for an Artificial Immune System practitioner regarding the suitability of the danger model for their application. The basic consideration is whether negative selection is important. If so, then these points may be relevant:

  • The self-/non-self boundary is blurred since self- and non-self antigens often share common regions.

  • Self changes over time. Therefore, one can expect problems with memory cells, which later turn out to be inaccurate or even auto reactive.

  • Negative selection is bound to be imperfect, and therefore auto reactions (false positives) are inevitable.

If these points are sufficient to make a practitioner consider incorporating the Danger Theory into their model, then the following considerations may be instructive:

  1. 1.

    A danger model requires an antigen-presenting cell, which can present an appropriate danger signal.

  2. 2.

    ‘Danger’ is an emotive term. The signal may have nothing to do with danger.

  3. 3.

    The appropriate danger signal can be positive (presence of signal) or negative (absence).

  4. 4.

    The danger zone in biology is spatial. In AIS applications, some other measure of proximity (for instance temporal) may be used.

  5. 5.

    If there is an analogue of an immune response, it should not lead to further danger signals. In biology, killer cells cause a normal cell death, not danger.

  6. 6.

    Matzinger proposes priming killer cells via antigen presenting cells for greater effect.

Depending on the immune system used (it only makes sense for spatially distributed models) this proposal may be relevant.

The Danger Theory and Anomaly Detection

In anomaly detection we watch not for a known intrusion—a signal—but rather for abnormalities in the traffic; we assume that something abnormal is probably suspicious. The construction of such a detector starts by forming an opinion on what constitutes normal for the observed subject (which can be a computer system, a particular user etc.), and then deciding on what percentage of the activity to flag as abnormal and how to make this particular decision (Fig. 2). This detection principle flags behavior that is unlikely to originate from the normal process, without needing actual intrusion scenarios [12].

Fig. 2
figure 2

A typical anomaly detection system

Full size image

In this section we will present indicative examples of such artificial systems, explain their current shortcomings, and show how the Danger Theory might help overcome some of these.

One of the first such approaches is presented by Forrest et al. [13] and extended by Hofmeyr and Forrest [15]. This work is concerned with building an AIS that is able to detect non-self in the area of network security where non-self is defined as an undesired connection. All connections are modeled as binary strings and there is a set of known good and bad connections, which is used to train and evaluate the algorithm. To build the AIS, random binary strings are created called detectors. These detectors then undergo a maturation phase where they are presented with good, i.e., self, connections. If they match any of these they are eliminated otherwise they become mature, but not activated. If during their further lifetime these mature detectors match anything else, exceeding a certain threshold value, they become activated. This is then reported to a human operator who decides whether there is a true anomaly. If so the detectors are promoted to memory detectors with an indefinite life span and minimum activation threshold. Thus, this is similar to the secondary response in the natural immune system, for instance after immunization.

An approach such as the above is known in AIS as negative selection as only those detectors (antibodies) that do not match live on. It is thought that T cells mature in similar fashion in the thymus such that only those survive and mature that does not match any self cells after a certain amount of time.

An alternative approach to negative selection is that of positive selection as used for instance by Forrest et al. [14] and by Somayaji and Forrest [16]. These systems are a reversal of the negative selection algorithm described above with the difference that detectors for self are evolved. From a performance point of view there are advantages and disadvantages for both methods. A suspect non-self string would have to be compared with all self-detectors to establish that it is non-self, whilst with negative selection the first matching detector would stop the comparison. On the other hand, for a self-string this is reversed giving positive selection the upper hand. Thus, performance depends on the self to non-self ratio, which should generally favor positive selection.

However, there is another difference between the two approaches: the nature of false alarms. With negative selection inadequate detectors will result in false negatives (missed intrusions) whilst with positive selection there will be false positives (false alarms). The preference between the two in this case is likely to be problem specific.

What could such danger signals be? They should show up after limited infection to minimize damage and hence have to be quickly and automatically measurable. Suitable signals could include:

  • Too low or too high memory usage.

  • Inappropriate disk activity.

  • Unexpected frequency of file changes as measured for example by checksums or file size.

  • SIGABRT signal from abnormally terminated UNIX processes.

  • Presence of non-self.

Of course, it would also be possible to use ‘positive’ signals, as discussed in the previous section, such as the absence of some normal ‘health’ signals.

Consequently, those antibodies or detectors that match (first signal) those antigens within a radius, defined by a measure such as the above (second signal), will proliferate. Having thereby identified the dangerous components, further confirmation could then be sought by sending it to a special part of the system simulating another attack. This would have the further advantage of not having to send all detectors to confirm danger. In conclusion, using these ideas from the Danger Theory has provided a better grounding of danger labels in comparison to self/non-self, whilst at the same time relying less on human competence.

Conclusion

To conclude, the Danger Theory is not about the way AIS represent data. Instead, it provides ideas about which data the AIS should represent and deal with. They should focus on dangerous, i.e., interesting data.

It could be argued that the shift from non-self to danger is merely a symbolic label change that achieves nothing. We do not believe this to be the case, since danger is a grounded signal, and non-self is (typically) a set of feature vectors with no further information about their meaning.

The danger signal helps us to identify which subset of feature vectors is of interest. A suitably defined danger signal thus overcomes many of the limitations of self–non-self selection. It restricts the domain of non-self to a manageable size, removes the need to screen against all self, and deals adaptively with scenarios where self (or non-self) changes over time.

The challenge is clearly to define a suitable danger signal, a choice that might prove as critical as the choice of fitness function for an evolutionary algorithm. In addition, the physical distance in the biological system should be translated into a suitable proxy measure for similarity or causality in an AIS. We have made some suggestions in this paper about how to tackle these challenges in a variety of domains, but the process is not likely to be trivial. Nevertheless, if these challenges are met, then future AIS applications might derive considerable benefit, and new insights, from the Danger Theory.