Based on analyzing the techniques and architecture of existing network Intrusion Detection System (IDS), and probing into the fundament of Immune System (IS), a novel immune model is presented and applied to network I...Based on analyzing the techniques and architecture of existing network Intrusion Detection System (IDS), and probing into the fundament of Immune System (IS), a novel immune model is presented and applied to network IDS, which is helpful to design an effective IDS. Besides, this paper suggests a scheme to represent the self profile of network. And an automated self profile extraction algorithm is provided to extract self profile from packets. The experimental results prove validity of the scheme and algorithm, which is the foundation of the immune model.展开更多
With theincreasing worldwide network attacks, intrusion detection (ID) hasbecome a popularresearch topic inlast decade.Several artificial intelligence techniques such as neural networks and fuzzy logichave been applie...With theincreasing worldwide network attacks, intrusion detection (ID) hasbecome a popularresearch topic inlast decade.Several artificial intelligence techniques such as neural networks and fuzzy logichave been applied in ID. The results are varied. Theintrusion detection accuracy is themain focus for intrusion detection systems (IDS). Most research activities in the area aiming to improve the ID accuracy. In this paper, anartificial immune system (AIS) based network intrusion detection scheme is proposed. An optimized feature selection using Rough Set (RS) theory is defined. The complexity issue is addressed in the design of the algorithms. The scheme is tested on the widely used KDD CUP 99 dataset. The result shows that theproposed scheme outperforms other schemes in detection accuracy.展开更多
In this paper, we propose an analogy based immune recognition method that focuses on the implement of the clone selection process and the negative selection process by means of analogy similarity. This method is appli...In this paper, we propose an analogy based immune recognition method that focuses on the implement of the clone selection process and the negative selection process by means of analogy similarity. This method is applied in an IDS (Intrusion Detection System) following several steps. Firstly, the initial abnormal behaviours sample set is optimized through the combining of the AIS (Artificial Immune System) and the genetic algorithm. Then, the abnormity probability algorithm is raised considering the two sides of abnormality and normality. Finally, an intrusion detection system model is established based on the above algorithms and models.展开更多
Immune-based intrusion detection approaches are studied. The methods ofconstructing self set and generating mature detectors are researched and improved. A binary encodingbased self set construction method is applied....Immune-based intrusion detection approaches are studied. The methods ofconstructing self set and generating mature detectors are researched and improved. A binary encodingbased self set construction method is applied. First, the traditional mature detector generatingalgorithm is improved to generate mature detectors and detect intrusions faster. Then, a novelmature detector generating algorithm is proposed based on the negative selection mechanism.According to the algorithm, less mature detectors are needed to detect the abnormal activities inthe network. Therefore, the speed of generating mature detecotrs and intrusion detection isimproved. By comparing with those based on existing algorithms, the intrusion detection system basedon the algorithm has higher speed and accuracy.展开更多
In order to increase intrusion detection rate and decrease false positive detection rate,a novel intrusion detection algorithm based on rough set and artificial immune( RSAI-IDA) is proposed.Using artificial immune in...In order to increase intrusion detection rate and decrease false positive detection rate,a novel intrusion detection algorithm based on rough set and artificial immune( RSAI-IDA) is proposed.Using artificial immune in intrusion detection,anomaly actions are detected adaptively,and with rough set,effective antibodies can be obtained. A scheme,in which antibodies are partly generated randomly and others are from the artificial immune algorithm,is applied to ensure the antibodies diversity. Finally,simulations of RSAI-IDA and comparisons with other algorithms are given. The experimental results illustrate that the novel algorithm achieves more effective performances on anomaly intrusion detection,where the algorithm's time complexity decreases,the true positive detection rate increases,and the false positive detection rate is decreased.展开更多
This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in wireless mesh networks.In this approach,the immunity-based agents m...This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in wireless mesh networks.In this approach,the immunity-based agents monitor the situation in the network.These agents can take appropriate actions according to the underlying security policies.Specifically,their activities are coordinated in a hierarchical fashion while sensing,communicating,determining and generating responses.Such an agent can learn about and adapt to its environment dynamically and can detect both known and unknown intrusions.The proposed intrusion detection architecture is designed to be flexible,extendible,and adaptable so that it can perform real-time monitoring.This paper provides the conceptual view and a general framework of the proposed system.In the end,the architecture is illustrated by an example and by simulation to show it can prevent attacks efficiently.展开更多
A new network intrusion detection model based on immune multi-agent theory is established and the concept of multi-agents is advanced to realize the logical structure and running mechanism of immune multi-agent as wel...A new network intrusion detection model based on immune multi-agent theory is established and the concept of multi-agents is advanced to realize the logical structure and running mechanism of immune multi-agent as well as multi-level and distributed detection mechanism against network intrusion, using the adaptability, diversity and memory properties of artificial immune algorithm and combing the robustness and distributed character of multi-agents system structure. The experiment results conclude that this system is working pretty well in network security detection.展开更多
An artificial immunity based multimodal evolution algorithm is developed to generate detectors with variable coverage for multidimensional intrusion detection. In this algorithm, a proper fitness function is used to d...An artificial immunity based multimodal evolution algorithm is developed to generate detectors with variable coverage for multidimensional intrusion detection. In this algorithm, a proper fitness function is used to drive the detectors to fill in those detection holes close to self set or among self spheres, and genetic algorithm is adopted to reduce the negative effects that different distribution of self imposes on the detector generating process. The validity of the algorithm is tested with spherical and rectangular detectors, respectively, and experiments performed on two real data sets (machine learning database and DAPRA99) indicate that the proposed algorithm can obtain good results on spherical detectors, and that its performances in detection rate, false alarm rate, stabih'ty, time cost, and adaptability to incomplete training set on spherical detectors are all better than on rectangular ones.展开更多
The study of security in computer networks is a key issue, which is a rapidlygrowing area of interest because of its importance. Main network security problems are analyzed inthis paper above all, which currently are ...The study of security in computer networks is a key issue, which is a rapidlygrowing area of interest because of its importance. Main network security problems are analyzed inthis paper above all, which currently are confronted with network systems and existing works inintrusion detection. And then an intrusion detection system model based on Immune Principle (IPIDS)is presented. Meanwhile, it expatiates detailed implementation of the methods how to reduce the highfalse positive and negative alarms of the traditional Intrusion Detection System (IDS). At last asimple simulation is performed on this model just using string match algorithm as binding mechanism.The simulation results indicate that the model can detect malicious activity effectively, andconsequently the security and steadiness of the whole network system are improved also.展开更多
Negative selection algorithm(NSA)is one of the classic artificial immune algorithm widely used in anomaly detection.However,there are still unsolved shortcomings of NSA that limit its further applications.For example,...Negative selection algorithm(NSA)is one of the classic artificial immune algorithm widely used in anomaly detection.However,there are still unsolved shortcomings of NSA that limit its further applications.For example,the nonselfdetector generation efficiency is low;a large number of nonselfdetector is needed for precise detection;low detection rate with various application data sets.Aiming at those problems,a novel radius adaptive based on center-optimized hybrid detector generation algorithm(RACO-HDG)is put forward.To our best knowledge,radius adaptive based on center optimization is first time analyzed and proposed as an efficient mechanism to improve both detector generation and detection rate without significant computation complexity.RACO-HDG works efficiently in three phases.At first,a small number of self-detectors are generated,different from typical NSAs with a large number of self-sample are generated.Nonself-detectors will be generated from those initial small number of self-detectors to make hybrid detection of self-detectors and nonself-detectors possible.Secondly,without any prior knowledge of the data sets or manual setting,the nonself-detector radius threshold is self-adaptive by optimizing the nonself-detector center and the generation mechanism.In this way,the number of abnormal detectors is decreased sharply,while the coverage area of the nonself-detector is increased otherwise,leading to higher detection performances of RACOHDG.Finally,hybrid detection algorithm is proposed with both self-detectors and nonself-detectors work together to increase detection rate as expected.Abundant simulations and application results show that the proposed RACO-HDG has higher detection rate,lower false alarm rate and higher detection efficiency compared with other excellent algorithms.展开更多
Artificial immune detection can be used to detect network intrusions in an adaptive approach and proper matching methods can improve the accuracy of immune detection methods.This paper proposes an artificial immune de...Artificial immune detection can be used to detect network intrusions in an adaptive approach and proper matching methods can improve the accuracy of immune detection methods.This paper proposes an artificial immune detection model for network intrusion data based on a quantitative matching method.The proposed model defines the detection process by using network data and decimal values to express features and artificial immune mechanisms are simulated to define immune elements.Then,to improve the accuracy of similarity calculation,a quantitative matching method is proposed.The model uses mathematical methods to train and evolve immune elements,increasing the diversity of immune recognition and allowing for the successful detection of unknown intrusions.The proposed model’s objective is to accurately identify known intrusions and expand the identification of unknown intrusions through signature detection and immune detection,overcoming the disadvantages of traditional methods.The experiment results show that the proposed model can detect intrusions effectively.It has a detection rate of more than 99.6%on average and a false alarm rate of 0.0264%.It outperforms existing immune intrusion detection methods in terms of comprehensive detection performance.展开更多
With the dynamic description method for self and antigen, and the concept of dynamic immune tolerance for lymphocytes in network-security domain presented in this paper, a new immune based dynamic intrusion detection ...With the dynamic description method for self and antigen, and the concept of dynamic immune tolerance for lymphocytes in network-security domain presented in this paper, a new immune based dynamic intrusion detection model (Idid) is proposed. In Idid, the dynamic models and the corresponding recursive equations of the lifecycle of ma- ture lymphocytes, and the immune memory are built. Therefore, the problem of the dynamic description of self and nonself in computer immune systems is solved, and the defect of the low efficiency of mature lymphocyte generating in traditional computer immune systems is overcome. Simu- lations of this model are performed, and the comparison experiment results show that the proposed dynamic intrusion detection model has a better adaptability than the traditional methods.展开更多
Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced, and its running mechanism is establish...Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced, and its running mechanism is established. The method, which uses antibody concentration to quantitatively describe the degree of intrusion danger, is presented. This model implements the multi-layer and distributed active defense mechanism for network intrusion. The experiment results show that this model is a good solution to the network security defense.展开更多
An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism...An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment.展开更多
This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune...This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune algorithm, multi-level negative selection algorithm, is developed. In essence, compared with Forrest’s negative selection algorithm, it enhances detector generation efficiency. This algorithm integrates clonal selection process into negative selection process for the first time. After careful analyses, this algorithm was applied to network intrusion detection and achieved good results.展开更多
基金the National Natural Science Foundation of China(69983005)and the Research Fund for the Doctoral Program of Higher Education(RFDP1999048602)
文摘Based on analyzing the techniques and architecture of existing network Intrusion Detection System (IDS), and probing into the fundament of Immune System (IS), a novel immune model is presented and applied to network IDS, which is helpful to design an effective IDS. Besides, this paper suggests a scheme to represent the self profile of network. And an automated self profile extraction algorithm is provided to extract self profile from packets. The experimental results prove validity of the scheme and algorithm, which is the foundation of the immune model.
文摘With theincreasing worldwide network attacks, intrusion detection (ID) hasbecome a popularresearch topic inlast decade.Several artificial intelligence techniques such as neural networks and fuzzy logichave been applied in ID. The results are varied. Theintrusion detection accuracy is themain focus for intrusion detection systems (IDS). Most research activities in the area aiming to improve the ID accuracy. In this paper, anartificial immune system (AIS) based network intrusion detection scheme is proposed. An optimized feature selection using Rough Set (RS) theory is defined. The complexity issue is addressed in the design of the algorithms. The scheme is tested on the widely used KDD CUP 99 dataset. The result shows that theproposed scheme outperforms other schemes in detection accuracy.
基金Supported by the National Natural Science Foundation ofChina (60563002) Scientific Research Programof the Higher EducationInstitution of Xinjiang (XJEDU2004I03)
文摘In this paper, we propose an analogy based immune recognition method that focuses on the implement of the clone selection process and the negative selection process by means of analogy similarity. This method is applied in an IDS (Intrusion Detection System) following several steps. Firstly, the initial abnormal behaviours sample set is optimized through the combining of the AIS (Artificial Immune System) and the genetic algorithm. Then, the abnormity probability algorithm is raised considering the two sides of abnormality and normality. Finally, an intrusion detection system model is established based on the above algorithms and models.
文摘Immune-based intrusion detection approaches are studied. The methods ofconstructing self set and generating mature detectors are researched and improved. A binary encodingbased self set construction method is applied. First, the traditional mature detector generatingalgorithm is improved to generate mature detectors and detect intrusions faster. Then, a novelmature detector generating algorithm is proposed based on the negative selection mechanism.According to the algorithm, less mature detectors are needed to detect the abnormal activities inthe network. Therefore, the speed of generating mature detecotrs and intrusion detection isimproved. By comparing with those based on existing algorithms, the intrusion detection system basedon the algorithm has higher speed and accuracy.
基金Supported by the National Natural Science Foundation of China(No.61502436)the Science and Technology Project of Henan Province(No.152102210146)the Doctoral Fund for the Central Universities(No.2014BSJJ084)
文摘In order to increase intrusion detection rate and decrease false positive detection rate,a novel intrusion detection algorithm based on rough set and artificial immune( RSAI-IDA) is proposed.Using artificial immune in intrusion detection,anomaly actions are detected adaptively,and with rough set,effective antibodies can be obtained. A scheme,in which antibodies are partly generated randomly and others are from the artificial immune algorithm,is applied to ensure the antibodies diversity. Finally,simulations of RSAI-IDA and comparisons with other algorithms are given. The experimental results illustrate that the novel algorithm achieves more effective performances on anomaly intrusion detection,where the algorithm's time complexity decreases,the true positive detection rate increases,and the false positive detection rate is decreased.
基金supported by National Natural Science Foundation of China under Grant No.60932003National High Technical Research and Development Program of China(863 program) Grant No.2007AA01Z452,No.2009AA01Z118+1 种基金Shanghai Municipal Natural Science Foundation under Grant No.09ZR1414900National Undergraduate Innovative Test Program under Grant No.091024812
文摘This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in wireless mesh networks.In this approach,the immunity-based agents monitor the situation in the network.These agents can take appropriate actions according to the underlying security policies.Specifically,their activities are coordinated in a hierarchical fashion while sensing,communicating,determining and generating responses.Such an agent can learn about and adapt to its environment dynamically and can detect both known and unknown intrusions.The proposed intrusion detection architecture is designed to be flexible,extendible,and adaptable so that it can perform real-time monitoring.This paper provides the conceptual view and a general framework of the proposed system.In the end,the architecture is illustrated by an example and by simulation to show it can prevent attacks efficiently.
文摘A new network intrusion detection model based on immune multi-agent theory is established and the concept of multi-agents is advanced to realize the logical structure and running mechanism of immune multi-agent as well as multi-level and distributed detection mechanism against network intrusion, using the adaptability, diversity and memory properties of artificial immune algorithm and combing the robustness and distributed character of multi-agents system structure. The experiment results conclude that this system is working pretty well in network security detection.
文摘An artificial immunity based multimodal evolution algorithm is developed to generate detectors with variable coverage for multidimensional intrusion detection. In this algorithm, a proper fitness function is used to drive the detectors to fill in those detection holes close to self set or among self spheres, and genetic algorithm is adopted to reduce the negative effects that different distribution of self imposes on the detector generating process. The validity of the algorithm is tested with spherical and rectangular detectors, respectively, and experiments performed on two real data sets (machine learning database and DAPRA99) indicate that the proposed algorithm can obtain good results on spherical detectors, and that its performances in detection rate, false alarm rate, stabih'ty, time cost, and adaptability to incomplete training set on spherical detectors are all better than on rectangular ones.
基金This work is sponsored by the National Natural Science Foundation of P. R. China (No.60173037 &70271050) National 863 High Technology Research Program ofP. R. China (No.2004AA775053) the Natural Science Foundation of Jiangsu Province (No.BK20031
文摘The study of security in computer networks is a key issue, which is a rapidlygrowing area of interest because of its importance. Main network security problems are analyzed inthis paper above all, which currently are confronted with network systems and existing works inintrusion detection. And then an intrusion detection system model based on Immune Principle (IPIDS)is presented. Meanwhile, it expatiates detailed implementation of the methods how to reduce the highfalse positive and negative alarms of the traditional Intrusion Detection System (IDS). At last asimple simulation is performed on this model just using string match algorithm as binding mechanism.The simulation results indicate that the model can detect malicious activity effectively, andconsequently the security and steadiness of the whole network system are improved also.
基金supported by the National Natural Science Foundation of China(61502423,62072406)the Natural Science Foundation of Zhejiang Provincial(LY19F020025)the Major Special Funding for“Science and Technology Innovation 2025”in Ningbo(2018B10063)。
文摘Negative selection algorithm(NSA)is one of the classic artificial immune algorithm widely used in anomaly detection.However,there are still unsolved shortcomings of NSA that limit its further applications.For example,the nonselfdetector generation efficiency is low;a large number of nonselfdetector is needed for precise detection;low detection rate with various application data sets.Aiming at those problems,a novel radius adaptive based on center-optimized hybrid detector generation algorithm(RACO-HDG)is put forward.To our best knowledge,radius adaptive based on center optimization is first time analyzed and proposed as an efficient mechanism to improve both detector generation and detection rate without significant computation complexity.RACO-HDG works efficiently in three phases.At first,a small number of self-detectors are generated,different from typical NSAs with a large number of self-sample are generated.Nonself-detectors will be generated from those initial small number of self-detectors to make hybrid detection of self-detectors and nonself-detectors possible.Secondly,without any prior knowledge of the data sets or manual setting,the nonself-detector radius threshold is self-adaptive by optimizing the nonself-detector center and the generation mechanism.In this way,the number of abnormal detectors is decreased sharply,while the coverage area of the nonself-detector is increased otherwise,leading to higher detection performances of RACOHDG.Finally,hybrid detection algorithm is proposed with both self-detectors and nonself-detectors work together to increase detection rate as expected.Abundant simulations and application results show that the proposed RACO-HDG has higher detection rate,lower false alarm rate and higher detection efficiency compared with other excellent algorithms.
基金This research was funded by the Scientific Research Project of Leshan Normal University(No.2022SSDX002)the Scientific Plan Project of Leshan(No.22NZD012).
文摘Artificial immune detection can be used to detect network intrusions in an adaptive approach and proper matching methods can improve the accuracy of immune detection methods.This paper proposes an artificial immune detection model for network intrusion data based on a quantitative matching method.The proposed model defines the detection process by using network data and decimal values to express features and artificial immune mechanisms are simulated to define immune elements.Then,to improve the accuracy of similarity calculation,a quantitative matching method is proposed.The model uses mathematical methods to train and evolve immune elements,increasing the diversity of immune recognition and allowing for the successful detection of unknown intrusions.The proposed model’s objective is to accurately identify known intrusions and expand the identification of unknown intrusions through signature detection and immune detection,overcoming the disadvantages of traditional methods.The experiment results show that the proposed model can detect intrusions effectively.It has a detection rate of more than 99.6%on average and a false alarm rate of 0.0264%.It outperforms existing immune intrusion detection methods in terms of comprehensive detection performance.
基金This work was supported by the National Natural Science Foundation of China under Grant No.60373 110the Specialized Research Fund for the Doctoral Progrant of Higher Education of China uinder Grant No. 200306 10003. the New Century Excellent Expert Pro-gram of Ministry of Education of China under Grant No. NCET-04-0870the Inmovation Foundation of Sichuan University under Grant No.2004CF10.
文摘With the dynamic description method for self and antigen, and the concept of dynamic immune tolerance for lymphocytes in network-security domain presented in this paper, a new immune based dynamic intrusion detection model (Idid) is proposed. In Idid, the dynamic models and the corresponding recursive equations of the lifecycle of ma- ture lymphocytes, and the immune memory are built. Therefore, the problem of the dynamic description of self and nonself in computer immune systems is solved, and the defect of the low efficiency of mature lymphocyte generating in traditional computer immune systems is overcome. Simu- lations of this model are performed, and the comparison experiment results show that the proposed dynamic intrusion detection model has a better adaptability than the traditional methods.
基金Supported by the National Natural Science Foundation of China (60373110, 60573130, 60502011)
文摘Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced, and its running mechanism is established. The method, which uses antibody concentration to quantitatively describe the degree of intrusion danger, is presented. This model implements the multi-layer and distributed active defense mechanism for network intrusion. The experiment results show that this model is a good solution to the network security defense.
基金Project(50275150) supported by the National Natural Science Foundation of ChinaProjects(20040533035, 20070533131) supported by the National Research Foundation for the Doctoral Program of Higher Education of China
文摘An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment.
基金Project (No. 60073034) supported by the National Natural Sci-ence Foundation of China
文摘This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune algorithm, multi-level negative selection algorithm, is developed. In essence, compared with Forrest’s negative selection algorithm, it enhances detector generation efficiency. This algorithm integrates clonal selection process into negative selection process for the first time. After careful analyses, this algorithm was applied to network intrusion detection and achieved good results.
