Skip to main content
SpringerLink
Log in

A Comparative Study of Negative Selection Based Anomaly Detection in Sequence Data

  • Conference paper
Artificial Immune Systems (ICARIS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7597))

Included in the following conference series:

Abstract

The negative selection algorithm is one of the oldest immune-inspired classification algorithms and was originally intended for anomaly detection tasks in computer security. After initial enthusiasm, performance problems with the algorithm lead many researchers to conclude that negative selection is not a competitive anomaly detection technique. However, in recent years, theoretical work has lead to substantially more efficient negative selection algorithms. Here, we report the results of the first evaluation of negative selection with r-chunk and r-contiguous detectors that employs these novel algorithms. On a collection of 14 datasets from real-world sources, we compare negative selection with r-chunk and r-contiguous detectors against techniques based on kernels, finite state automata, and n-gram frequencies, and find that negative selection performs competitively, yielding a slightly better average performance than all other techniques investigated. Because this study represents, to our knowledge, the most comprehensive one of string-based negative selection to date, the widely held view that negative selection is not a competitive anomaly detection technique may be inaccurate.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Forrest, S., Perelson, A.S., Allen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 202–212. IEEE Computer Society Press (1994)

    Google Scholar 

  2. Forrest, S., Hofmeyr, S.A., Somayaji, A.: Computer immunology. Communications of the ACM 40, 88–96 (1997)

    Article  Google Scholar 

  3. Kim, J., Bentley, P.J.: An evaluation of negative selection in an artificial immune system for network intrusion detection. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), pp. 1330–1337. Morgan Kaufmann (2001)

    Google Scholar 

  4. D’haeseleer, P., Forrest, S., Helman, P.: An immunological approach to change detection: Algorithms, analysis, and implications. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 110–119. IEEE Computer Society (1996)

    Google Scholar 

  5. Timmis, J., Hone, A., Stibor, T., Clark, E.: Theoretical advances in artificial immune systems. Theoretical Computer Science 403, 11–32 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  6. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security 6, 151–180 (1998)

    Google Scholar 

  7. Balthrop, J., Esponda, F., Forrest, S., Glickman, M.R.: Coverage and generalization in an artificial immune system. In: Proceedings of the 2002 Genetic and Evolutionary Computation Conference (GECCO 2002), pp. 1045–1050 (2002)

    Google Scholar 

  8. Stibor, T.: On the Appropriateness of Negative Selection for Anomaly Detection and Network Intrusion Detection. PhD thesis, Technische Universität Darmstadt (2006)

    Google Scholar 

  9. Stibor, T.: An Empirical Study of Self/Non-self Discrimination in Binary Data with a Kernel Estimator. In: Bentley, P.J., Lee, D., Jung, S. (eds.) ICARIS 2008. LNCS, vol. 5132, pp. 352–363. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  10. Elberfeld, M., Textor, J.: Efficient Algorithms for String-Based Negative Selection. In: Andrews, P.S., Timmis, J., Owens, N.D.L., Aickelin, U., Hart, E., Hone, A., Tyrrell, A.M. (eds.) ICARIS 2009. LNCS, vol. 5666, pp. 109–121. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  11. Elberfeld, M., Textor, J.: Negative selection algorithms on strings with efficient training and linear-time classification. Theoretical Computer Science 412, 534–542 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  12. Stibor, T., Timmis, J., Eckert, C.: The link between r-contiguous detectors and k-CNF satisfiability. In: Proceedings of the Congress on Evolutionary Computation (CEC), pp. 491–498. IEEE Press (2006)

    Google Scholar 

  13. Chandola, V., Mithal, V., Kumar, V.: A comparative evaluation of anomaly detection techniques for sequence data. In: Proceedings of the 2008 Eighth IEEE International Conference on Data Mining (ICDM 2008), pp. 743–748 (2008)

    Google Scholar 

  14. Moya, M.M., Hush, D.R.: Network constraints and multi-objective optimization for one-class classification. Neural Networks 9(3), 463–474 (1996)

    Article  Google Scholar 

  15. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Computing Surveys 41(3), 1–58 (2009)

    Article  Google Scholar 

  16. Chapelle, O., Schölkopf, B., Zien, A. (eds.): Semi-Supervised Learning. Adaptive Computation and Machine Learning series. The MIT Press (2006)

    Google Scholar 

  17. Liśkiewicz, M., Textor, J.: Negative selection algorithms without generating detectors. In: Proceedings of Genetic and Evolutionary Computation Conference (GECCO 2010), pp. 1047–1054. ACM (2010)

    Google Scholar 

  18. Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: Alternative data models. In: IEEE Symposium on Security and Privacy, pp. 133–145. IEEE Computer Society (1999)

    Google Scholar 

  19. Michael, C.C., Ghosh, A.: Two state-based approaches to program-based anomaly detection. In: Proceedings of the 16th Annual Computer Security Applications Conference, p. 21 (2000)

    Google Scholar 

  20. Jain, A.K., Dubes, R.C.: Algorithms for Clustering Data. Prentice Hall (1988)

    Google Scholar 

  21. Melville, H.: Moby-Dick, or, The Whale. Hendricks House, New York (1952)

    Google Scholar 

  22. Bateman, A., Birney, E., Durbin, R., Eddy, S.R., Howe, K.L., Sonnhammer, E.L.: The PFAM protein families database. Nucleic Acids Research 28, 263–266 (2000)

    Article  Google Scholar 

  23. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 120–128. IEEE Computer Society, Washington, DC (1996)

    Google Scholar 

  24. Lippmann, R.P., et al.: Evaluating intrusion detection systems – the 1998 DARPA offline intrusion detection evaluation. In: DARPA Information Survivability Conference and Exposition (DISCEX) 2000, vol. 2, pp. 12–26. IEEE Computer Society Press (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Theoretical Biology & Bioinformatics, Universiteit Utrecht, Paudalaan 8, 3584 CH, Utrecht, The Netherlands

    Johannes Textor

Authors
  1. Johannes Textor
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Departmento de Computación, Centro de Investigacion y de Estudios, Avanzados del Instituto Politecnico Nacional (CINVESTAV-IPN), Av. Insituto Politécnico Nacional No. 2508, Col. San Pedro Zacatenco, 07300, Mexico, D.F., Mexico

    Carlos A. Coello Coello

  2. School of Computer Science, University of Nottingham, Jubilee Campus, Wollaton Road, NG8 1BB, Nottingham, UK

    Julie Greensmith

  3. School of Computer Science, University of Nottingham, Jubilee Campus, Wollaton Road, NG81BB, Nottingham, UK

    Natalio Krasnogor

  4. Computer Laboratory, University of Cambridge, William Gates Building, 15 JJ Thomson Avenue, CB3 0FD, Cambridge, UK

    Pietro Liò

  5. Department of Mathematics and Computer Science, University of Catania, Viale A. Doria 6, 95125, Catania, Italy

    Giuseppe Nicosia  & Mario Pavone  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Textor, J. (2012). A Comparative Study of Negative Selection Based Anomaly Detection in Sequence Data. In: Coello Coello, C.A., Greensmith, J., Krasnogor, N., Liò, P., Nicosia, G., Pavone, M. (eds) Artificial Immune Systems. ICARIS 2012. Lecture Notes in Computer Science, vol 7597. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33757-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33757-4_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33756-7

  • Online ISBN: 978-3-642-33757-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation