Abstract
The negative selection algorithm is one of the oldest immune-inspired classification algorithms and was originally intended for anomaly detection tasks in computer security. After initial enthusiasm, performance problems with the algorithm lead many researchers to conclude that negative selection is not a competitive anomaly detection technique. However, in recent years, theoretical work has lead to substantially more efficient negative selection algorithms. Here, we report the results of the first evaluation of negative selection with r-chunk and r-contiguous detectors that employs these novel algorithms. On a collection of 14 datasets from real-world sources, we compare negative selection with r-chunk and r-contiguous detectors against techniques based on kernels, finite state automata, and n-gram frequencies, and find that negative selection performs competitively, yielding a slightly better average performance than all other techniques investigated. Because this study represents, to our knowledge, the most comprehensive one of string-based negative selection to date, the widely held view that negative selection is not a competitive anomaly detection technique may be inaccurate.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Forrest, S., Perelson, A.S., Allen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 202–212. IEEE Computer Society Press (1994)
Forrest, S., Hofmeyr, S.A., Somayaji, A.: Computer immunology. Communications of the ACM 40, 88–96 (1997)
Kim, J., Bentley, P.J.: An evaluation of negative selection in an artificial immune system for network intrusion detection. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), pp. 1330–1337. Morgan Kaufmann (2001)
D’haeseleer, P., Forrest, S., Helman, P.: An immunological approach to change detection: Algorithms, analysis, and implications. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 110–119. IEEE Computer Society (1996)
Timmis, J., Hone, A., Stibor, T., Clark, E.: Theoretical advances in artificial immune systems. Theoretical Computer Science 403, 11–32 (2008)
Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security 6, 151–180 (1998)
Balthrop, J., Esponda, F., Forrest, S., Glickman, M.R.: Coverage and generalization in an artificial immune system. In: Proceedings of the 2002 Genetic and Evolutionary Computation Conference (GECCO 2002), pp. 1045–1050 (2002)
Stibor, T.: On the Appropriateness of Negative Selection for Anomaly Detection and Network Intrusion Detection. PhD thesis, Technische Universität Darmstadt (2006)
Stibor, T.: An Empirical Study of Self/Non-self Discrimination in Binary Data with a Kernel Estimator. In: Bentley, P.J., Lee, D., Jung, S. (eds.) ICARIS 2008. LNCS, vol. 5132, pp. 352–363. Springer, Heidelberg (2008)
Elberfeld, M., Textor, J.: Efficient Algorithms for String-Based Negative Selection. In: Andrews, P.S., Timmis, J., Owens, N.D.L., Aickelin, U., Hart, E., Hone, A., Tyrrell, A.M. (eds.) ICARIS 2009. LNCS, vol. 5666, pp. 109–121. Springer, Heidelberg (2009)
Elberfeld, M., Textor, J.: Negative selection algorithms on strings with efficient training and linear-time classification. Theoretical Computer Science 412, 534–542 (2011)
Stibor, T., Timmis, J., Eckert, C.: The link between r-contiguous detectors and k-CNF satisfiability. In: Proceedings of the Congress on Evolutionary Computation (CEC), pp. 491–498. IEEE Press (2006)
Chandola, V., Mithal, V., Kumar, V.: A comparative evaluation of anomaly detection techniques for sequence data. In: Proceedings of the 2008 Eighth IEEE International Conference on Data Mining (ICDM 2008), pp. 743–748 (2008)
Moya, M.M., Hush, D.R.: Network constraints and multi-objective optimization for one-class classification. Neural Networks 9(3), 463–474 (1996)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Computing Surveys 41(3), 1–58 (2009)
Chapelle, O., Schölkopf, B., Zien, A. (eds.): Semi-Supervised Learning. Adaptive Computation and Machine Learning series. The MIT Press (2006)
Liśkiewicz, M., Textor, J.: Negative selection algorithms without generating detectors. In: Proceedings of Genetic and Evolutionary Computation Conference (GECCO 2010), pp. 1047–1054. ACM (2010)
Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: Alternative data models. In: IEEE Symposium on Security and Privacy, pp. 133–145. IEEE Computer Society (1999)
Michael, C.C., Ghosh, A.: Two state-based approaches to program-based anomaly detection. In: Proceedings of the 16th Annual Computer Security Applications Conference, p. 21 (2000)
Jain, A.K., Dubes, R.C.: Algorithms for Clustering Data. Prentice Hall (1988)
Melville, H.: Moby-Dick, or, The Whale. Hendricks House, New York (1952)
Bateman, A., Birney, E., Durbin, R., Eddy, S.R., Howe, K.L., Sonnhammer, E.L.: The PFAM protein families database. Nucleic Acids Research 28, 263–266 (2000)
Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 120–128. IEEE Computer Society, Washington, DC (1996)
Lippmann, R.P., et al.: Evaluating intrusion detection systems – the 1998 DARPA offline intrusion detection evaluation. In: DARPA Information Survivability Conference and Exposition (DISCEX) 2000, vol. 2, pp. 12–26. IEEE Computer Society Press (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Textor, J. (2012). A Comparative Study of Negative Selection Based Anomaly Detection in Sequence Data. In: Coello Coello, C.A., Greensmith, J., Krasnogor, N., Liò, P., Nicosia, G., Pavone, M. (eds) Artificial Immune Systems. ICARIS 2012. Lecture Notes in Computer Science, vol 7597. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33757-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-33757-4_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33756-7
Online ISBN: 978-3-642-33757-4
eBook Packages: Computer ScienceComputer Science (R0)