Abstract
The “Dendritic Cell Algorithm” (DCA) is inspired by the function of the dendritic cells of the human immune system. In nature, dendritic cells are the intrusion detection agents of the human body, policing the tissue and organs for potential invaders in the form of pathogens. In this research, an abstract model of dendritic cell (DC) behavior is developed and subsequently used to form an algorithm—the DCA. The abstraction process was facilitated through close collaboration with laboratory-based immunologists, who performed bespoke experiments, the results of which are used as an integral part of this algorithm. The DCA is a population-based algorithm, with each agent in the system represented as an “artificial DC”. Each DC has the ability to combine multiple data streams and can add context to data suspected as anomalous. In this chapter, the abstraction process and details of the resultant algorithm are given. The algorithm is applied to numerous intrusion detection problems in computer security including the detection of port scans and botnets, where it has produced impressive results with relatively low rates of false positives.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aickelin, U., Bentley, P., Cayzer, S., Kim, J., and McLeod, J. (2003). Danger theory: The link between AIS and IDS. In Proceedings of the 2nd International Conference on Artificial Immune Systems (ICARIS’03), LNCS 2787, pages 147–155. Springer, Berlin, Heidelberg.
Aickelin, U., Greensmith, J., and Twycross, J. (2004). Immune system approaches to intrusion detection–a review. In Proceedings of the 3rd International Conference on Artificial Immune Systems (ICARIS), LNCS 3239, pages 316–329. Springer, Berlin, Heidelberg.
Bakos, G. and Berk, V. (2002). Early detection of internet worm activity by metering ICMP destination unreachable messages. In Proceedings of the SPIE Conference on Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Defense and Law Enforcement (SPIE Vol. 4708), pages 33–42, Orlando, Florida, April.
Balthrop, J., Esponda, F., Forrest, S., and Glickman, M. (2002). Coverage and generaliszation in an artificial immune system. In Proceedings of the Genetic and Evolutionary Computation Conference (GECCO’02), pages 3–10, New York, 9–13 July. Morgan Kaufmann Publishers.
Coico, R., Sunshine, G., and Benjamini, E. (2003). Immunology: A Short Course. Wiley-Liss, New York.
de Castro, L. and Timmis, J. (2002). Artificial Immune Systems: A New Computational Approach. Springer-Verlag, London.
Edinger, A. and Thompson, C. (2004). Death by design: apoptosis, necrosis and autophagy. Current Opinion in Cell Biology, 16(6):663–669.
Forrest, S., Perelson, A., Allen, L., and Cherukuri, R. (1994). Self-nonself discrimination in a computer. In Proceedings of the IEEE Symposium on Security and Privacy, pages 202–209, Oakland, California, 16–18 May. IEEE Computer Society, Washington, DC.
Gallucci, S., Lolkema, M., and Matzinger, P. (1999). Natural adjuvants: endogenous activators of dendritic cells. Nature Medicine, 5(11):1249–1255.
Greensmith, J. (2007). The Dendritic Cell Algorithm. PhD thesis, School of Computer Science, University of Nottingham.
Greensmith, J. and Aickelin, U. (2007). Dendritic cells for SYN scan detection. In Proceedings of the 9th Annual Conference on Genetic and Evolutionary Computation (GECCO’07), pages 49–56, London, England, UK, 7–11 July. ACM, New York.
Greensmith, J., Aickelin, U., and Cayzer, S. (2005). Introducing dendritic cells as a novel immune-inspired algorithm for anomaly detection. In Proceedings of the 4th International Conference on Artificial Immune Systems (ICARIS’05), LNCS 3627, pages 153–167. Springer, Berlin, Heidelberg.
Greensmith, J., Aickelin, U., and Tedesco, G. (2008). Information Fusion for Anomaly Detection with the DCA. Journal of Information Fusion. In print.
Greensmith, J., Aickelin, U., and Twycross, J. (2006). Articulation and clarification of the dendritic cell algorithm. In Proceedings of the 5th International Conference on Artificial Immune Systems (ICARIS’06), LNCS 4163, pages 404–417. Springer Berlin, Heidelberg.
Janeway, C. (1989). Approaching the asymptote? Evolution and revolution in immunology. Cold Spring Harbor Symposia on Quantitative Biology, 54:1–13.
Janeway, C. (2004). Immunobiology. Garland Science Publishing, New York, 4th edition.
Kim, J., Bentley, P., Wallenta, C., Ahmed, M., and Hailes, S. (2006). Danger is ubiquitous: detecting malicious activities in sensor networks using the dendritic cell algorithm. In Proceedings of the 5th International Conference on Artificial Immune Systems (ICARIS’06), LNCS 4163, pages 390–403. Springer, Berlin, Heidelberg.
Lutz, M. and Schuler, G. (2002). Immature, semi-mature and fully mature dendritic cells: which signals induce tolerance or immunity? Trends in Immunology, 23(9):991–1045.
Mahnke, K., Johnson, T., Ring, S., and Enk, A. (2007). Tolerogenic dendritic cells and regulatory T-cells: a two-way relationship. Journal of Dermatologic Science, 46(3):159–167.
Matzinger, P. (1994). Tolerance, danger and the extended family. Annual Reviews in Immunology, 12:991–1045.
Matzinger, P. (2007). Friendly and dangerous signals: is the tissue in control? Nature Immunology, 8(1):11–13.
Medzhitov, R. and Janeway, C. (2002). Decoding the patterns of self and nonself by the innate immune system. Science, 296:298–300.
Mosmann, T. and Livingstone, A. (2004). Dendritic cells: the immune information management experts. Nature Immunology, 5(6):564–566.
Oates, R., Greensmith, J., Aickelin, U., Garibaldi, J., and Kendall, G. (2007). The application of a dendritic cell algorithm to a robotic classifier. In Proceedings of the 6th International Conference on Artificial Immune Systems (ICARIS’07), LNCS 4628, pages 204–215. Springer, Berlin, Heidelberg.
Silverstein, A. (2005). Paul Ehrlich, archives and the history of immunology. Nature Immunology, 6(7):639–639.
Sporri, R. and Caetano, C. (2005). Inflammatory mediators are insufficient for full dendritic cell activation and promote expansion of CD4+ T cell populations lacking helper function. Nature Immunology, 6(2):163–170.
Twycross, J. (2007). Integrated Innate and Adaptive Artificial Immune Systems Applied to Process Anomaly Detection. PhD thesis, University of Nottingham.
Twycross, J. and Aickelin, U. (2008). Information fusion in the immune system. Journal of Information Fusion, In print.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag London Limited
About this chapter
Cite this chapter
Greensmith, J., Aickelin, U., Cayzer, S. (2008). Detecting Danger: The Dendritic Cell Algorithm. In: Schuster, A. (eds) Robust Intelligent Systems. Springer, London. https://doi.org/10.1007/978-1-84800-261-6_5
Download citation
DOI: https://doi.org/10.1007/978-1-84800-261-6_5
Publisher Name: Springer, London
Print ISBN: 978-1-84800-260-9
Online ISBN: 978-1-84800-261-6
eBook Packages: Computer ScienceComputer Science (R0)