Abstract
Positive selection is one of artificial immune approaches, which finds application in network security. It relies on building detectors for protecting self cells, i.e. positive class objects. Random selection used to find candidates for detectors gives good results if the data is represented in a non-multidimensional space. For a higher dimension many attempts may be needed to find a detector. In an extreme case, the approach may fail due to not building any detector. This paper proposes an improved version of the positive selection approach. Detectors are constructed based on self cells in a deterministic way and they are stored in a binary tree structure. Thanks to this, each cell is protected by at least one detector regardless of the data dimension and size. Results of experiments conducted on network intrusion data (KDD Cup 1999 Data) and other datasets show that the proposed approach produces detectors of similar or better quality in a considerably shorter time compared with the probabilistic version. Furthermore, the number of detectors needed to cover the whole self space can be clearly smaller.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Each class whose cardinality is underlined in Table 1 was used as self data.
- 2.
The values of detector radius were chosen empirically during preliminary experiments. Tho goal was to find the range of values for which both the approaches obtain the best classification results.
References
Aryania, A., Akbari, A., Mohammadi, M., Raahemi, B., Bigdeli, E.: An overlap-aware positive selection algorithm using variable-size detectors. J. Intell. Comp. 5(2), 60–74 (2014)
Chikhi, S., Ramdane, C.: A new negative selection algorithm for adaptive network intrusion detection system. Int. J. Inf. Sec. Priv. 8(4), 1–25 (2014)
Chmielewski, A., Wierzchoń, S.T.: Hybrid negative selection approach for anomaly detection. In: Cortesi, A., Chaki, N., Saeed, K., Wierzchoń, S. (eds.) CISIM 2012. LNCS, vol. 7564, pp. 242–253. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33260-9_21
Dasgupta, D.: An overview of artificial immune systems and their applications. In: Dasgupta, D. (ed.) Artificial Immune Systems and Their Applications, pp. 3–21. Springer, Heidelberg (1999). doi:10.1007/978-3-642-59901-9_1
Idris, I., Selamat, A.: Improved email spam detection model with negative selection algorithm and particle swarm optimization. Appl. Soft Comput. 22, 11–27 (2014)
Kim, J., Bentley, P.J.: An evaluation of negative selection in an artificial immune system for network intrusion detection. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), pp. 1330–1337. Morgan Kaufmann (2001)
Mostardinha, P., Faria, B.F., Zúquete, A., Vistulo de Abreu, F.: A negative selection approach to intrusion detection. In: Coello Coello, C.A., Greensmith, J., Krasnogor, N., Liò, P., Nicosia, G., Pavone, M. (eds.) ICARIS 2012. LNCS, vol. 7597, pp. 178–190. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33757-4_14
Peng, L., Chen, Y.: Positive selection-inspired anomaly detection model with artificial immune. In: 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC 2014), Shanghai, China, 13–15 October 2014, pp. 56–59. IEEE Computer Society (2014)
Read, M., Andrews, P.S., Timmis, J.: An introduction to artificial immune systems. In: Rozenberg, G., Bäck, T., Kok, J.N. (eds.) Handbook of Natural Computing, pp. 1575–1597. Springer, Heidelberg (2012). doi:10.1007/978-3-540-92910-9_47
Sim, K.B., Lee, D.W.: Modeling of positive selection for the development of a computer immune system and a self-recognition algorithm. Int. J. Control Autom. Syst. 1(4), 453–458 (2003)
Stibor, T., Mohr, P., Timmis, J., Eckert, C.: Is negative selection appropriate for anomaly detection? In: Proceedings of the ACM SIGEVO Genetic and Evolutionary Computation Conference (GECCO-2005). ACM Press, Washington, D.C. (2005)
Stibor, T., Timmis, J., Eckert, C.: On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system. In: Proceedings of the Congress on Evolutionary Computation (CEC-2005). IEEE Press, Edinburgh (2005)
Zhang, F., Qi, D.: Run-time malware detection based on positive selection. J. Comp. Vir. 7(4), 267–277 (2011)
Acknowledgments
This work was supported by the grant S/WI/3/13 of the Polish Ministry of Science and Higher Education. The author would like to thank Andrzej Chmielewski for fruitful discussions on artificial immune systems.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Hońko, P. (2017). Binary Tree Based Deterministic Positive Selection Approach to Network Security. In: Dang, T., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds) Future Data and Security Engineering. FDSE 2017. Lecture Notes in Computer Science(), vol 10646. Springer, Cham. https://doi.org/10.1007/978-3-319-70004-5_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-70004-5_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70003-8
Online ISBN: 978-3-319-70004-5
eBook Packages: Computer ScienceComputer Science (R0)