Abstract
This paper describes a real-valued representation for the negative selection algorithm and its applications to anomaly detection. In many anomaly detection applications, only positive (normal) samples are available for training purpose. However, conventional classification algorithms need samples for all classes (e.g. normal and abnormal) during the training phase. This approach uses only normal samples to generate abnormal samples, which are used as input to a classification algorithm. This hybrid approach is compared against an anomaly detection technique that uses self-organizing maps to cluster the normal data sets (samples). Experiments are performed with different data sets and some results are reported.
Similar content being viewed by others
References
M. Ayara, J. Timmis, L. de Lemos, R. de Castro, and R. Duncan, “Negative selection: How to generate detectors, ” in Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS), J. Timmis and P. J. Bentley (eds.), University of Kent at Canterbury Printing Unit: Canterbury, UK, Sept. 2002, pp. 89-98.
J. Balthrop, F. Esponda, S. Forrest, and M. Glickman, “Coverage and generalization in an artificial immune system, ” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), W. B. Langdon, E. CantúPaz, K. Mathias, R. Roy, D. Davis, R. Poli, K. Balakrishnan, V. Honavar, G. Rudolph, J. Wegener, L. Bull, M. A. Potter, A. C. Schultz, J. F. Miller, E. Burke, and N. Jonoska (eds.), Morgan Kaufmann Publishers: San Francisco, CA, 2002, pp. 3-10.
J. Balthrop, S. Forrest, and M. R. Glickman, “Revisting LISYS: Parameters and normal behavior, ” in Proceedings of the 2002 Congress on Evolutionary Computation CEC2002, D. B. Fogel, M. A. El-Sharkawi, X. Yao, G. Greenwood, H. Iba, P. Marrow, and M. Shackleton (eds.), IEEE Press: USA, 2002, pp. 1045-1050.
V. Barnett and T. Lewis, Outliers in Statistical Data, Wiley: New York, 1994.
D. Bradley and A. Tyrrell, “Immunotronics: Novel finite-state-machine architectures with built-in self-test using self-nonself differentiation, ” IEEE Transactions on Evolutionary Computation, vol. 6,no. 3, pp. 227-238, June 2002.
T. Caudell and D. Newman, “An adaptive resonance architecture to define normality and detect novelties in time series and databases, ” in IEEE World Congress on Neural Networks: Portland, OR, 1993, pp. 166-176.
C. A. Coello Coello and N. Cruz Cortés, “An approach to solve multiobjective optimization problems based on an artificial immune system, ” in First International Conference on Artificial Immune Systems (ICARIS), J. Timmis and P. J. Bentley (eds.), University of Kent at Canterbury Printing Unit: Canterbury, UK, 2002, pp. 212-221.
D. Dagupta and F. González, “An immunity-based technique to characterize intrusions in computer networks, ” IEEE Transactions on Evolutionary Computation, vol. 6,no. 3, pp. 281-291, June 2002.
D. Dasgupta, “An overview of artificial immune systems and their applications, ” in Artificial Immune Systems and their Applications, D. Dasgupta (ed.), Springer-Verlag, Inc., 1999, pp. 3-23.
D. Dasgupta and S. Forrest, “Novelty detection in time series data using ideas from immunology, ” in Proceedings of the 5th International Conference on Intelligent Systems, J. F. C. Harris (ed.), ISCA: Cary, NC, June 1996, pp. 82-87.
D. Dasgupta and S. Forrest, “An anomaly detection algorithm inspired by the immune system, ” in Artificial Immune Systems and their Applications, D. Dasgupta (ed.), Springer-Verlag: New York, 1999, pp. 262-277.
D. Dasgupta and N. S. Majumdar, “Anomaly detection in multidimensional data using negative selection algorithm, ” in Proceedings of the 2002 Congress on Evolutionary Computation (CEC2002), D. B. Fogel, M. A. El-Sharkawi, X. Yao, G. Greenwood, H. Iba, P. Marrow, and M. Shackleton (eds.), IEEE Press: USA, 2002, pp. 1039-1044.
L. N. de Castro and J. Timmis, Artificial Immune Systems: A New Computational Approach, Springer-Verlag: London, 2002.
D.E. Denning, “An intrusion-detection model, ” IEEE Transactions on Software Engineering, vol. 13,no. 2, pp. 222-232, 1987.
P. D'haeseleer, S. Forrest, and P. Helman, “An immunological approach to change detection: Algorithms, analysis and implications, ” in Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy, J. McHugh and G. Dinolt (eds.), IEEE Press: USA, 1996, pp. 110-119.
W. Fan, W. Lee, M. Miller, S. Stolfo, and P. Chan, “Using artificial anomalies to detect unknown and known network intrusions, ” in Proceedings of the 1st IEEE International conference on Data Mining, N. Cercone, T. Y. Lin, and X. Wu (eds.), IEEE Computer Society Press: USA, 2001, pp. 123-130.
S. Forrest, A. Perelson, L. Allen, and R. Cherukuri, “Self-nonself discrimination in a computer, ” in Proceedings IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press: Los Alamitos, CA, 1994, pp. 202-212.
K. Fox, R. Henning, J. Reed, and R. Simonian, “A neural network approach towards intrusion detection, ” in Proc. 13th NIST-NCSC National Computer Security Conference, National Institute of Standards and Technology: Washington, DC, 1990, pp. 125-134.
F. González and D. Dasgupta, “An imunogenetic technique to detect anomalies in network traffic, ” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), W. B. Langdon, E. Cantú-Paz, K. Mathias, R. Roy, D. Davis, R. Poli, K. Balakrishnan, V. Honavar, G. Rudolph, J. Wegener, L. Bull, M. A. Potter, A. C. Schultz, J. F. Miller, E. Burke, and N. Jonoska (eds.), Morgan Kaufmann Publishers: San Francisco, CA, 2002, pp. 1081-1088.
F. González, D. Dasgupta, and J. Gomez, “The Effect of binary matching rules in negative selection, ” in Proceedings of the Genetic and Evolutionary Computation Conference, to be published, 2003.
F. González, D. Dasgupta, and R. Kozma, “Combining negative selection and classification techniques for anomaly detection, ” in Proceedings of the 2002 Congress on Evolutionary Computation CEC2002, D. B. Fogel, M. A. El-Sharkawi, X. Yao, G. Greenwood, H. Iba, P. Marrow, and M. Shackleton (eds.), IEEE Press: USA, May 2002, pp. 705-710.
P. Harmer, G. Williams, P. D. Gnusch, and G. Lamont, “An artificial immune system architecture for computer security applications, ” IEEE Transactions on Evolutionary Computation, vol. 6,no. 3, pp. 252-280, 2002.
S. Haykin, Neural Networks: a Comprehensive Foundation, Macmillan: New York, 1994.
S. Hofmeyr and S. Forrest, “Architecture for an artificial immune system, ” Evolutionary Computation, vol. 8,no. 4, pp. 443-473, 2000.
W. Hsu, L. Auvil, W. Pottenger, D. Tcheng, and M. Welge, “Self-organizing systems for knowledge discovery in databases, ” in Proceedings of the International Joint Conference on Neural Networks IJCNN-99, IEEE Press: USA, 1999.
E. Keogh, S. Lonardi, and B. Chiu, “Finding surprising patterns in a time series database in linear time and space, ” in Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '02), O. R. Zaïane, R. Goebel, D. Hand, D. Keim, and R. Ng (eds.), ACM Press: USA, 2002, pp. 550-556.
J. O. Kephart, “A biologically inspired immune system for computers, ” in Proceedings of the 4th International Workshop on the Synthesis and Simulation of Living Systems Artificial Life IV, R. A. Brooks, P. Maes (eds.), MIT Press: Cambridge, MA, USA, July 1994, pp. 130-139.
J. Kim and P. Bentley, “An evaluation of negative selection in an artificial immune system for network intrusion detection, ” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), L. Spector, E. D. Goodman, A. Wu, W. B. Langdon, H.-M. Voigt, M. Gen, S. Sen, M. Dorigo, S. Pezeshk, M. H. Garzon, and E. Burke (eds.), Morgan Kaufmann: San Francisco, CA, 2001, pp. 1330-1337.
T. Kohonen, “Self-organizing maps, volume 30 of Springer Series in Information Sciences, ” Springer: Berlin, Heidelberg, Second Extended. 1995.
T. Lane, Machine learning techniques for the computer security, PhD Thesis, Purdue University, 2000.
W. Lee and S. Stolfo, “Data mining approaches for intrusion detection, ” in Proceedings of the 7th USENIX Security Symposium, USENIX Association: Berkeley, CA, 1998, pp. 79-94.
M. Mackey and L. Glass, “Oscillation and chaos in physiological control systems, ” Science, vol. 197, pp. 287-289, 1977.
1999. Darpa intrusion detection evaluation. MIT Lincoln Labs.
P. Murphy and D. Aha, UCI Repository of machine learning databases, 1992.
L. Portnoy, E. Eskin, and S. Stolfo, “Intrusion detection with unlabeled data using clustering, ” in Proceedings of ACM CCS Workshop on Data Mining Applied to Security, ACM Press: USA, 2001.
F. Provost, T. Fawcett, and R. Kohavi, “The case against accuracy estimation for comparing induction algorithms, ” in Proceedings of 15th International Conference on Machine Learning, J. Shavlik (ed.), Morgan Kaufmann: San Francisco, CA, 1998, pp. 445-453.
W. H. Wolberg and O. Mangasarian, “Multisurface method of pattern separation for medical diagnosis applied to breast cytology, ” in Proceedings of the National Academy of Sciences, USA, 1990, vol. 87, pp. 9193-9196.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
González, F.A., Dasgupta, D. Anomaly Detection Using Real-Valued Negative Selection. Genet Program Evolvable Mach 4, 383–403 (2003). https://doi.org/10.1023/A:1026195112518
Issue Date:
DOI: https://doi.org/10.1023/A:1026195112518