With theincreasing worldwide network attacks, intrusion detection (ID) hasbecome a popularresearch topic inlast decade.Several artificial intelligence techniques such as neural networks and fuzzy logichave been applie...With theincreasing worldwide network attacks, intrusion detection (ID) hasbecome a popularresearch topic inlast decade.Several artificial intelligence techniques such as neural networks and fuzzy logichave been applied in ID. The results are varied. Theintrusion detection accuracy is themain focus for intrusion detection systems (IDS). Most research activities in the area aiming to improve the ID accuracy. In this paper, anartificial immune system (AIS) based network intrusion detection scheme is proposed. An optimized feature selection using Rough Set (RS) theory is defined. The complexity issue is addressed in the design of the algorithms. The scheme is tested on the widely used KDD CUP 99 dataset. The result shows that theproposed scheme outperforms other schemes in detection accuracy.展开更多
In order to increase intrusion detection rate and decrease false positive detection rate,a novel intrusion detection algorithm based on rough set and artificial immune( RSAI-IDA) is proposed.Using artificial immune in...In order to increase intrusion detection rate and decrease false positive detection rate,a novel intrusion detection algorithm based on rough set and artificial immune( RSAI-IDA) is proposed.Using artificial immune in intrusion detection,anomaly actions are detected adaptively,and with rough set,effective antibodies can be obtained. A scheme,in which antibodies are partly generated randomly and others are from the artificial immune algorithm,is applied to ensure the antibodies diversity. Finally,simulations of RSAI-IDA and comparisons with other algorithms are given. The experimental results illustrate that the novel algorithm achieves more effective performances on anomaly intrusion detection,where the algorithm's time complexity decreases,the true positive detection rate increases,and the false positive detection rate is decreased.展开更多
Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced, and its running mechanism is establish...Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced, and its running mechanism is established. The method, which uses antibody concentration to quantitatively describe the degree of intrusion danger, is presented. This model implements the multi-layer and distributed active defense mechanism for network intrusion. The experiment results show that this model is a good solution to the network security defense.展开更多
A new network intrusion detection model based on immune multi-agent theory is established and the concept of multi-agents is advanced to realize the logical structure and running mechanism of immune multi-agent as wel...A new network intrusion detection model based on immune multi-agent theory is established and the concept of multi-agents is advanced to realize the logical structure and running mechanism of immune multi-agent as well as multi-level and distributed detection mechanism against network intrusion, using the adaptability, diversity and memory properties of artificial immune algorithm and combing the robustness and distributed character of multi-agents system structure. The experiment results conclude that this system is working pretty well in network security detection.展开更多
An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism...An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment.展开更多
An artificial immunity based multimodal evolution algorithm is developed to generate detectors with variable coverage for multidimensional intrusion detection. In this algorithm, a proper fitness function is used to d...An artificial immunity based multimodal evolution algorithm is developed to generate detectors with variable coverage for multidimensional intrusion detection. In this algorithm, a proper fitness function is used to drive the detectors to fill in those detection holes close to self set or among self spheres, and genetic algorithm is adopted to reduce the negative effects that different distribution of self imposes on the detector generating process. The validity of the algorithm is tested with spherical and rectangular detectors, respectively, and experiments performed on two real data sets (machine learning database and DAPRA99) indicate that the proposed algorithm can obtain good results on spherical detectors, and that its performances in detection rate, false alarm rate, stabih'ty, time cost, and adaptability to incomplete training set on spherical detectors are all better than on rectangular ones.展开更多
This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune...This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune algorithm, multi-level negative selection algorithm, is developed. In essence, compared with Forrest’s negative selection algorithm, it enhances detector generation efficiency. This algorithm integrates clonal selection process into negative selection process for the first time. After careful analyses, this algorithm was applied to network intrusion detection and achieved good results.展开更多
With the dynamic description method for self and antigen, and the concept of dynamic immune tolerance for lymphocytes in network-security domain presented in this paper, a new immune based dynamic intrusion detection ...With the dynamic description method for self and antigen, and the concept of dynamic immune tolerance for lymphocytes in network-security domain presented in this paper, a new immune based dynamic intrusion detection model (Idid) is proposed. In Idid, the dynamic models and the corresponding recursive equations of the lifecycle of ma- ture lymphocytes, and the immune memory are built. Therefore, the problem of the dynamic description of self and nonself in computer immune systems is solved, and the defect of the low efficiency of mature lymphocyte generating in traditional computer immune systems is overcome. Simu- lations of this model are performed, and the comparison experiment results show that the proposed dynamic intrusion detection model has a better adaptability than the traditional methods.展开更多
文摘With theincreasing worldwide network attacks, intrusion detection (ID) hasbecome a popularresearch topic inlast decade.Several artificial intelligence techniques such as neural networks and fuzzy logichave been applied in ID. The results are varied. Theintrusion detection accuracy is themain focus for intrusion detection systems (IDS). Most research activities in the area aiming to improve the ID accuracy. In this paper, anartificial immune system (AIS) based network intrusion detection scheme is proposed. An optimized feature selection using Rough Set (RS) theory is defined. The complexity issue is addressed in the design of the algorithms. The scheme is tested on the widely used KDD CUP 99 dataset. The result shows that theproposed scheme outperforms other schemes in detection accuracy.
基金Supported by the National Natural Science Foundation of China(No.61502436)the Science and Technology Project of Henan Province(No.152102210146)the Doctoral Fund for the Central Universities(No.2014BSJJ084)
文摘In order to increase intrusion detection rate and decrease false positive detection rate,a novel intrusion detection algorithm based on rough set and artificial immune( RSAI-IDA) is proposed.Using artificial immune in intrusion detection,anomaly actions are detected adaptively,and with rough set,effective antibodies can be obtained. A scheme,in which antibodies are partly generated randomly and others are from the artificial immune algorithm,is applied to ensure the antibodies diversity. Finally,simulations of RSAI-IDA and comparisons with other algorithms are given. The experimental results illustrate that the novel algorithm achieves more effective performances on anomaly intrusion detection,where the algorithm's time complexity decreases,the true positive detection rate increases,and the false positive detection rate is decreased.
基金Supported by the National Natural Science Foundation of China (60373110, 60573130, 60502011)
文摘Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced, and its running mechanism is established. The method, which uses antibody concentration to quantitatively describe the degree of intrusion danger, is presented. This model implements the multi-layer and distributed active defense mechanism for network intrusion. The experiment results show that this model is a good solution to the network security defense.
文摘A new network intrusion detection model based on immune multi-agent theory is established and the concept of multi-agents is advanced to realize the logical structure and running mechanism of immune multi-agent as well as multi-level and distributed detection mechanism against network intrusion, using the adaptability, diversity and memory properties of artificial immune algorithm and combing the robustness and distributed character of multi-agents system structure. The experiment results conclude that this system is working pretty well in network security detection.
基金Project(50275150) supported by the National Natural Science Foundation of ChinaProjects(20040533035, 20070533131) supported by the National Research Foundation for the Doctoral Program of Higher Education of China
文摘An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment.
文摘An artificial immunity based multimodal evolution algorithm is developed to generate detectors with variable coverage for multidimensional intrusion detection. In this algorithm, a proper fitness function is used to drive the detectors to fill in those detection holes close to self set or among self spheres, and genetic algorithm is adopted to reduce the negative effects that different distribution of self imposes on the detector generating process. The validity of the algorithm is tested with spherical and rectangular detectors, respectively, and experiments performed on two real data sets (machine learning database and DAPRA99) indicate that the proposed algorithm can obtain good results on spherical detectors, and that its performances in detection rate, false alarm rate, stabih'ty, time cost, and adaptability to incomplete training set on spherical detectors are all better than on rectangular ones.
基金Project (No. 60073034) supported by the National Natural Sci-ence Foundation of China
文摘This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune algorithm, multi-level negative selection algorithm, is developed. In essence, compared with Forrest’s negative selection algorithm, it enhances detector generation efficiency. This algorithm integrates clonal selection process into negative selection process for the first time. After careful analyses, this algorithm was applied to network intrusion detection and achieved good results.
基金This work was supported by the National Natural Science Foundation of China under Grant No.60373 110the Specialized Research Fund for the Doctoral Progrant of Higher Education of China uinder Grant No. 200306 10003. the New Century Excellent Expert Pro-gram of Ministry of Education of China under Grant No. NCET-04-0870the Inmovation Foundation of Sichuan University under Grant No.2004CF10.
文摘With the dynamic description method for self and antigen, and the concept of dynamic immune tolerance for lymphocytes in network-security domain presented in this paper, a new immune based dynamic intrusion detection model (Idid) is proposed. In Idid, the dynamic models and the corresponding recursive equations of the lifecycle of ma- ture lymphocytes, and the immune memory are built. Therefore, the problem of the dynamic description of self and nonself in computer immune systems is solved, and the defect of the low efficiency of mature lymphocyte generating in traditional computer immune systems is overcome. Simu- lations of this model are performed, and the comparison experiment results show that the proposed dynamic intrusion detection model has a better adaptability than the traditional methods.