Skip to main content
SpringerLink
Log in
Book cover

International Conference on Artificial Immune Systems

ICARIS 2005: Artificial Immune Systems pp 262–275Cite as

A Comparative Study of Real-Valued Negative Selection to Statistical Anomaly Detection Techniques

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3627))

Abstract

The (randomized) real-valued negative selection algorithm is an anomaly detection approach, inspired by the negative selection immune system principle. The algorithm was proposed to overcome scaling problems inherent in the hamming shape-space negative selection algorithm. In this paper, we investigate termination behavior of the real-valued negative selection algorithm with variable-sized detectors on an artificial data set. We then undertake an analysis and comparison of the classification performance on the high-dimensional KDD data set of the real-valued negative selection, a real-valued positive selection and statistical anomaly detection techniques. Results reveal that in terms of detection rate, real-valued negative selection with variable-sized detectors is not competitive to statistical anomaly detection techniques on the KDD data set. In addition, we suggest that the termination guarantee of the real-valued negative selection with variable-sized detectors is very sensitive to several parameters.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Forrest, S., Perelson, A.S., Allen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In: Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos (1994)

    Google Scholar 

  2. D’haeseleer, P.: An immunological approach to change detection: Theoretical results. In: Proc. 9th IEEE Computer Security Foundations Workshop, pp. 18–26 (1996)

    Google Scholar 

  3. Hofmeyr, S.A., Forrest, S., D’haeseleer, P.: An immunological approach to distributed network intrusion detection. In: First International Workshop on the Recent Advances in Intrusion Detection (1998)

    Google Scholar 

  4. González, F., Dasgupta, D., Kozma, R.: Combining negative selection and classification techniques for anomaly detection. In: Congress on Evolutionary Computation, May 2002, pp. 705–710. IEEE, Los Alamitos (2002)

    Google Scholar 

  5. González, F., Dasgupta, D., Niño, L.F.: A randomized real-valued negative selection algorithm. In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 261–272. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Ji, Z., Dasgupta, D.: Real-valued negative selection algorithm with variable-sized detectors. In: Deb, K., et al. (eds.) GECCO 2004. LNCS, vol. 3102, pp. 287–298. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  7. Marsland, S.: Novelty detection in learning systems. Neural Computing Surveys 3 (2003)

    Google Scholar 

  8. Schölkopf, B., Platt, J.C., Shawe-Taylor, S.T., Smola, A.J., Williamson, W.: Estimating the support of a high-dimensional distribution. Technical Report MSR-TR-99-87, Microsoft Research, MSR (1999)

    Google Scholar 

  9. Müller, K.R., Mika, S., Rätsch, G., Tsuda, K., Schölkopf, B.: An introduction to kernel-based learning algorithms. Transactions on Neural Networks 12, 181–201 (2001)

    Article  Google Scholar 

  10. Ebner, M., Breunig, H.-G., Albert, J.: On the use of negative selection in an artificial immune system. In: GECCO 2002: Proceedings of the Genetic and Evolutionary Computation Conference, New York, pp. 957–964. Morgan Kaufmann Publishers, San Francisco (2002)

    Google Scholar 

  11. Stibor, T., Mohr, P., Timmis, J., Eckert, C.: Is negative selection appropriate for anomaly detection? In: Genetic and Evolutionary Computation – GECCO, to appear (2005)

    Google Scholar 

  12. Duda, R., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. Wiley Interscience, Hoboken (2001)

    MATH  Google Scholar 

  13. Bishop, C.M.: Novelty detection and neural network validation. IEE Proceedings: Vision, Image and Signal Processing 141, 217–222 (1994)

    Article  Google Scholar 

  14. Silverman, B.W.: Density Estimation for Statistics and Data Analysis. Chapman and Hall, Boca Raton (1986)

    MATH  Google Scholar 

  15. Yeung, D.-Y., Chow, C.: Parzen-window network intrusion detectors. In: Proc. of the Sixteenth International Conference on Pattern Recognition, pp. 385–388 (2002)

    Google Scholar 

  16. Chang, C.C., Lin, C.J.: LIBSVM: a Library for Support Vector Machines ( ) (2004), http://www.csie.ntu.edu.tw/~cjlin/papers/libsvm.pdf

  17. Hettich, S., Bay, S.D.: KDD Cup 1999 Data (1999), http://kdd.ics.uci.edu

  18. Fawcett, T.: ROC graphs: Notes and practical considerations for data mining researchers. Technical Report HPL-2003-4, Hewlett Packard Laboratories (2003)

    Google Scholar 

  19. Stibor, T., Timmis, J., Eckert, C.: On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system. In: Proceedings of the 2005 IEEE Congress on Evolutionary Computation, Edinburgh, UK, 2-5 September. IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Darmstadt University of Technology,  

    Thomas Stibor & Claudia Eckert

  2. Departments of Electronics and Computer Science, University of York, Heslington, York

    Jonathan Timmis

Authors
  1. Thomas Stibor
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jonathan Timmis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Claudia Eckert
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Evolutionary and Swarm Design Group, Dept. of Computer Science, University of Calgary, Alberta, Canada

    Christian Jacob

  2. Department of Computer Science, University of Calgary, 2500 University Drive NW, T2N 1N4, Calgary, Alberta, Canada

    Marcin L. Pilat

  3. Computer Science Department, University College London, London, UK

    Peter J. Bentley

  4. Department of Electronics, University of York, YO10 5DD, Heslington, York, UK

    Jonathan I. Timmis

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Stibor, T., Timmis, J., Eckert, C. (2005). A Comparative Study of Real-Valued Negative Selection to Statistical Anomaly Detection Techniques. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds) Artificial Immune Systems. ICARIS 2005. Lecture Notes in Computer Science, vol 3627. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11536444_20

Download citation

  • DOI: https://doi.org/10.1007/11536444_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28175-7

  • Online ISBN: 978-3-540-31875-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation