Abstract
The paper presents an approach based on the principles of immune systems applied to the anomaly detection problem. Flexibility and efficiency of the anomaly detection system are achieved by building a model of the network behavior based on the self–nonself space paradigm. Covering both self and nonself spaces by hyperrectangular structures is proposed. The structures corresponding to self-space are built using a training set from this space. The hyperrectangular detectors covering nonself space are created using a niching genetic algorithm. A coevolutionary algorithm is proposed to enhance this process. The results of experiments show a high quality of intrusion detection, which outperform the quality of the recently proposed approach based on a hypersphere representation of the self-space.
Article PDF
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
References
Axelsson, S.: Visualising intrusions: watching the webserver. In: Proceedings of the 19th International Information Security Conference (2004)
Beasley, D., Bull, D.R., Martin, R.R.: A sequential niche technique for multimodal function optimization. Evol. Comput. 2(1), 101–125 (1993)
Cayzer, S., Smith, J., Marshall, J., Kovacs, T.: What have gene libraries done for AIS? In: Proceedings of the 4th International Conference on Artificial Immune Systems (2005)
Dasgupta, D., González, F.: An immunity-based technique to characterize intrusions in computer networks. IEEE Trans. Evol. Comput. 6(3), 1081–1088 (2002)
Dozier, G.V., Brown, D., Hurley, J., Cain, K.: Vulnerability analysis of AIS-based intrusion detection systems via genetic and particle swarm red teams. In: Proceedings of the 2004 IEEE Congress on Evolutionary Computation (2004)
Eskin, M.: Anomaly detection over noiosy data using probability distributions. In: Proceedings of the 17th International Conference on Machine Learning. (2000)
Fawcett, T.: ROC graphs: Notes and practical considerations for data mining researchers. Technical Report HPL-2003-4 (2003)
Forrest, S., Perelson, A., Allen, L., Cherukuri, R.: Self–nonself discrimination in a computer. In: Proceedings of IEEE Symposium on Research in Security and Privacy (1994)
Garret, S.M.: How do we evaluate artificial immune systems? Evol. Comput. 13(2) (2005)
Glickman, M., Balthrop, J., Forrest, S.: A machine learning evaluation of an artificial immune system. Evol. Comput. 13(2), (2005)
Lee, W., Stolfo, S., Mok, K.: Mining in a data-flow environment: experience in network intrusion detection. In: Proceedings of the 5th International Conference on Knowledge Discovery and Data Mining (1999)
Leon, E., Nasraoui, O., Gomez, J.: Anomaly detection based on unsupervised niche clustering with application to network intrusion detection. In: Proceedings of the 2004 IEEE Congress on Evolutionary Computation (2004)
Michalewicz, Z.: Genetic Algorithms + Data Structures = Evolution Programs. Springer, Berlin Heidelberg New York (1992)
MIT: http://www.ll.mit.edu/IST/ideval/index.html (1999)
Paredis, J.: Constraint satisfaction with coevolution. In: New Ideas in Optimization, McGraw-Hill, New York (1999)
Roesch, M.: Snort – lightweight intrusion detection for networks. In: Proceedings of the 13th Systems Administration Conference (1999)
Stibor, T., Timmis, J., Eckert, C.: A comparative study of real-valued negative selection to statistical anomaly detection techniques. In: Proceedings of the 4th International Conference on Artificial Immune Systems (2005)
Stibor, T., Timmis, J., Eckert, C.: On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system. In: Proceedings of the 4th International Conference on Artificial Immune Systems (2005)
Wierzchon, S.T.: Artificial immune systems. Theory and application (in Polish). Warsaw, Poland: Exit (2001)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ostaszewski, M., Seredynski, F. & Bouvry, P. Coevolutionary-based Mechanisms for Network Anomaly Detection. J Math Model Algor 6, 411–431 (2007). https://doi.org/10.1007/s10852-007-9061-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10852-007-9061-x
Key words
- artificial immune systems
- anomaly detection problem
- self–nonself space paradigm
- hyperrectangular detectors
- coevolutionary algorithms
- computer networks