Skip to main content
SpringerLink
Log in

Anomaly Detection Using Real-Valued Negative Selection

  • Published:
Genetic Programming and Evolvable Machines Aims and scope Submit manuscript

Abstract

This paper describes a real-valued representation for the negative selection algorithm and its applications to anomaly detection. In many anomaly detection applications, only positive (normal) samples are available for training purpose. However, conventional classification algorithms need samples for all classes (e.g. normal and abnormal) during the training phase. This approach uses only normal samples to generate abnormal samples, which are used as input to a classification algorithm. This hybrid approach is compared against an anomaly detection technique that uses self-organizing maps to cluster the normal data sets (samples). Experiments are performed with different data sets and some results are reported.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. M. Ayara, J. Timmis, L. de Lemos, R. de Castro, and R. Duncan, “Negative selection: How to generate detectors, ” in Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS), J. Timmis and P. J. Bentley (eds.), University of Kent at Canterbury Printing Unit: Canterbury, UK, Sept. 2002, pp. 89-98.

    Google Scholar 

  2. J. Balthrop, F. Esponda, S. Forrest, and M. Glickman, “Coverage and generalization in an artificial immune system, ” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), W. B. Langdon, E. CantúPaz, K. Mathias, R. Roy, D. Davis, R. Poli, K. Balakrishnan, V. Honavar, G. Rudolph, J. Wegener, L. Bull, M. A. Potter, A. C. Schultz, J. F. Miller, E. Burke, and N. Jonoska (eds.), Morgan Kaufmann Publishers: San Francisco, CA, 2002, pp. 3-10.

    Google Scholar 

  3. J. Balthrop, S. Forrest, and M. R. Glickman, “Revisting LISYS: Parameters and normal behavior, ” in Proceedings of the 2002 Congress on Evolutionary Computation CEC2002, D. B. Fogel, M. A. El-Sharkawi, X. Yao, G. Greenwood, H. Iba, P. Marrow, and M. Shackleton (eds.), IEEE Press: USA, 2002, pp. 1045-1050.

    Google Scholar 

  4. V. Barnett and T. Lewis, Outliers in Statistical Data, Wiley: New York, 1994.

    Google Scholar 

  5. D. Bradley and A. Tyrrell, “Immunotronics: Novel finite-state-machine architectures with built-in self-test using self-nonself differentiation, ” IEEE Transactions on Evolutionary Computation, vol. 6,no. 3, pp. 227-238, June 2002.

    Article  Google Scholar 

  6. T. Caudell and D. Newman, “An adaptive resonance architecture to define normality and detect novelties in time series and databases, ” in IEEE World Congress on Neural Networks: Portland, OR, 1993, pp. 166-176.

  7. C. A. Coello Coello and N. Cruz Cortés, “An approach to solve multiobjective optimization problems based on an artificial immune system, ” in First International Conference on Artificial Immune Systems (ICARIS), J. Timmis and P. J. Bentley (eds.), University of Kent at Canterbury Printing Unit: Canterbury, UK, 2002, pp. 212-221.

    Google Scholar 

  8. D. Dagupta and F. González, “An immunity-based technique to characterize intrusions in computer networks, ” IEEE Transactions on Evolutionary Computation, vol. 6,no. 3, pp. 281-291, June 2002.

    Article  Google Scholar 

  9. D. Dasgupta, “An overview of artificial immune systems and their applications, ” in Artificial Immune Systems and their Applications, D. Dasgupta (ed.), Springer-Verlag, Inc., 1999, pp. 3-23.

  10. D. Dasgupta and S. Forrest, “Novelty detection in time series data using ideas from immunology, ” in Proceedings of the 5th International Conference on Intelligent Systems, J. F. C. Harris (ed.), ISCA: Cary, NC, June 1996, pp. 82-87.

    Google Scholar 

  11. D. Dasgupta and S. Forrest, “An anomaly detection algorithm inspired by the immune system, ” in Artificial Immune Systems and their Applications, D. Dasgupta (ed.), Springer-Verlag: New York, 1999, pp. 262-277.

    Google Scholar 

  12. D. Dasgupta and N. S. Majumdar, “Anomaly detection in multidimensional data using negative selection algorithm, ” in Proceedings of the 2002 Congress on Evolutionary Computation (CEC2002), D. B. Fogel, M. A. El-Sharkawi, X. Yao, G. Greenwood, H. Iba, P. Marrow, and M. Shackleton (eds.), IEEE Press: USA, 2002, pp. 1039-1044.

    Google Scholar 

  13. L. N. de Castro and J. Timmis, Artificial Immune Systems: A New Computational Approach, Springer-Verlag: London, 2002.

    Google Scholar 

  14. D.E. Denning, “An intrusion-detection model, ” IEEE Transactions on Software Engineering, vol. 13,no. 2, pp. 222-232, 1987.

    Google Scholar 

  15. P. D'haeseleer, S. Forrest, and P. Helman, “An immunological approach to change detection: Algorithms, analysis and implications, ” in Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy, J. McHugh and G. Dinolt (eds.), IEEE Press: USA, 1996, pp. 110-119.

    Google Scholar 

  16. W. Fan, W. Lee, M. Miller, S. Stolfo, and P. Chan, “Using artificial anomalies to detect unknown and known network intrusions, ” in Proceedings of the 1st IEEE International conference on Data Mining, N. Cercone, T. Y. Lin, and X. Wu (eds.), IEEE Computer Society Press: USA, 2001, pp. 123-130.

    Google Scholar 

  17. S. Forrest, A. Perelson, L. Allen, and R. Cherukuri, “Self-nonself discrimination in a computer, ” in Proceedings IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press: Los Alamitos, CA, 1994, pp. 202-212.

    Google Scholar 

  18. K. Fox, R. Henning, J. Reed, and R. Simonian, “A neural network approach towards intrusion detection, ” in Proc. 13th NIST-NCSC National Computer Security Conference, National Institute of Standards and Technology: Washington, DC, 1990, pp. 125-134.

  19. F. González and D. Dasgupta, “An imunogenetic technique to detect anomalies in network traffic, ” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), W. B. Langdon, E. Cantú-Paz, K. Mathias, R. Roy, D. Davis, R. Poli, K. Balakrishnan, V. Honavar, G. Rudolph, J. Wegener, L. Bull, M. A. Potter, A. C. Schultz, J. F. Miller, E. Burke, and N. Jonoska (eds.), Morgan Kaufmann Publishers: San Francisco, CA, 2002, pp. 1081-1088.

    Google Scholar 

  20. F. González, D. Dasgupta, and J. Gomez, “The Effect of binary matching rules in negative selection, ” in Proceedings of the Genetic and Evolutionary Computation Conference, to be published, 2003.

  21. F. González, D. Dasgupta, and R. Kozma, “Combining negative selection and classification techniques for anomaly detection, ” in Proceedings of the 2002 Congress on Evolutionary Computation CEC2002, D. B. Fogel, M. A. El-Sharkawi, X. Yao, G. Greenwood, H. Iba, P. Marrow, and M. Shackleton (eds.), IEEE Press: USA, May 2002, pp. 705-710.

    Google Scholar 

  22. P. Harmer, G. Williams, P. D. Gnusch, and G. Lamont, “An artificial immune system architecture for computer security applications, ” IEEE Transactions on Evolutionary Computation, vol. 6,no. 3, pp. 252-280, 2002.

    Article  Google Scholar 

  23. S. Haykin, Neural Networks: a Comprehensive Foundation, Macmillan: New York, 1994.

    Google Scholar 

  24. S. Hofmeyr and S. Forrest, “Architecture for an artificial immune system, ” Evolutionary Computation, vol. 8,no. 4, pp. 443-473, 2000.

    Article  Google Scholar 

  25. W. Hsu, L. Auvil, W. Pottenger, D. Tcheng, and M. Welge, “Self-organizing systems for knowledge discovery in databases, ” in Proceedings of the International Joint Conference on Neural Networks IJCNN-99, IEEE Press: USA, 1999.

    Google Scholar 

  26. E. Keogh, S. Lonardi, and B. Chiu, “Finding surprising patterns in a time series database in linear time and space, ” in Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '02), O. R. Zaïane, R. Goebel, D. Hand, D. Keim, and R. Ng (eds.), ACM Press: USA, 2002, pp. 550-556.

    Google Scholar 

  27. J. O. Kephart, “A biologically inspired immune system for computers, ” in Proceedings of the 4th International Workshop on the Synthesis and Simulation of Living Systems Artificial Life IV, R. A. Brooks, P. Maes (eds.), MIT Press: Cambridge, MA, USA, July 1994, pp. 130-139.

    Google Scholar 

  28. J. Kim and P. Bentley, “An evaluation of negative selection in an artificial immune system for network intrusion detection, ” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), L. Spector, E. D. Goodman, A. Wu, W. B. Langdon, H.-M. Voigt, M. Gen, S. Sen, M. Dorigo, S. Pezeshk, M. H. Garzon, and E. Burke (eds.), Morgan Kaufmann: San Francisco, CA, 2001, pp. 1330-1337.

    Google Scholar 

  29. T. Kohonen, “Self-organizing maps, volume 30 of Springer Series in Information Sciences, ” Springer: Berlin, Heidelberg, Second Extended. 1995.

    Google Scholar 

  30. T. Lane, Machine learning techniques for the computer security, PhD Thesis, Purdue University, 2000.

  31. W. Lee and S. Stolfo, “Data mining approaches for intrusion detection, ” in Proceedings of the 7th USENIX Security Symposium, USENIX Association: Berkeley, CA, 1998, pp. 79-94.

    Google Scholar 

  32. M. Mackey and L. Glass, “Oscillation and chaos in physiological control systems, ” Science, vol. 197, pp. 287-289, 1977.

    Google Scholar 

  33. 1999. Darpa intrusion detection evaluation. MIT Lincoln Labs.

  34. P. Murphy and D. Aha, UCI Repository of machine learning databases, 1992.

  35. L. Portnoy, E. Eskin, and S. Stolfo, “Intrusion detection with unlabeled data using clustering, ” in Proceedings of ACM CCS Workshop on Data Mining Applied to Security, ACM Press: USA, 2001.

    Google Scholar 

  36. F. Provost, T. Fawcett, and R. Kohavi, “The case against accuracy estimation for comparing induction algorithms, ” in Proceedings of 15th International Conference on Machine Learning, J. Shavlik (ed.), Morgan Kaufmann: San Francisco, CA, 1998, pp. 445-453.

    Google Scholar 

  37. W. H. Wolberg and O. Mangasarian, “Multisurface method of pattern separation for medical diagnosis applied to breast cytology, ” in Proceedings of the National Academy of Sciences, USA, 1990, vol. 87, pp. 9193-9196.

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Division of Computer Science, The University of Memphis, Memphis, TN, 38152

    Fabio A. González & Dipankar Dasgupta

  2. Departamento de Ingeniería de Sistemas, Universidad Nacional de Colombia, Colombia

    Fabio A. González

Authors
  1. Fabio A. González
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dipankar Dasgupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

González, F.A., Dasgupta, D. Anomaly Detection Using Real-Valued Negative Selection. Genet Program Evolvable Mach 4, 383–403 (2003). https://doi.org/10.1023/A:1026195112518

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1026195112518

Search

Navigation