Skip to main content

Advertisement

SpringerLink
Log in

Coevolutionary-based Mechanisms for Network Anomaly Detection

  • Published:
Journal of Mathematical Modelling and Algorithms

Abstract

The paper presents an approach based on the principles of immune systems applied to the anomaly detection problem. Flexibility and efficiency of the anomaly detection system are achieved by building a model of the network behavior based on the self–nonself space paradigm. Covering both self and nonself spaces by hyperrectangular structures is proposed. The structures corresponding to self-space are built using a training set from this space. The hyperrectangular detectors covering nonself space are created using a niching genetic algorithm. A coevolutionary algorithm is proposed to enhance this process. The results of experiments show a high quality of intrusion detection, which outperform the quality of the recently proposed approach based on a hypersphere representation of the self-space.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Axelsson, S.: Visualising intrusions: watching the webserver. In: Proceedings of the 19th International Information Security Conference (2004)

  2. Beasley, D., Bull, D.R., Martin, R.R.: A sequential niche technique for multimodal function optimization. Evol. Comput. 2(1), 101–125 (1993)

    Google Scholar 

  3. Cayzer, S., Smith, J., Marshall, J., Kovacs, T.: What have gene libraries done for AIS? In: Proceedings of the 4th International Conference on Artificial Immune Systems (2005)

  4. Dasgupta, D., González, F.: An immunity-based technique to characterize intrusions in computer networks. IEEE Trans. Evol. Comput. 6(3), 1081–1088 (2002)

    Google Scholar 

  5. Dozier, G.V., Brown, D., Hurley, J., Cain, K.: Vulnerability analysis of AIS-based intrusion detection systems via genetic and particle swarm red teams. In: Proceedings of the 2004 IEEE Congress on Evolutionary Computation (2004)

  6. Eskin, M.: Anomaly detection over noiosy data using probability distributions. In: Proceedings of the 17th International Conference on Machine Learning. (2000)

  7. Fawcett, T.: ROC graphs: Notes and practical considerations for data mining researchers. Technical Report HPL-2003-4 (2003)

  8. Forrest, S., Perelson, A., Allen, L., Cherukuri, R.: Self–nonself discrimination in a computer. In: Proceedings of IEEE Symposium on Research in Security and Privacy (1994)

  9. Garret, S.M.: How do we evaluate artificial immune systems? Evol. Comput. 13(2) (2005)

  10. Glickman, M., Balthrop, J., Forrest, S.: A machine learning evaluation of an artificial immune system. Evol. Comput. 13(2), (2005)

  11. Lee, W., Stolfo, S., Mok, K.: Mining in a data-flow environment: experience in network intrusion detection. In: Proceedings of the 5th International Conference on Knowledge Discovery and Data Mining (1999)

  12. Leon, E., Nasraoui, O., Gomez, J.: Anomaly detection based on unsupervised niche clustering with application to network intrusion detection. In: Proceedings of the 2004 IEEE Congress on Evolutionary Computation (2004)

  13. Michalewicz, Z.: Genetic Algorithms + Data Structures = Evolution Programs. Springer, Berlin Heidelberg New York (1992)

    MATH  Google Scholar 

  14. MIT: http://www.ll.mit.edu/IST/ideval/index.html (1999)

  15. Paredis, J.: Constraint satisfaction with coevolution. In: New Ideas in Optimization, McGraw-Hill, New York (1999)

    Google Scholar 

  16. Roesch, M.: Snort – lightweight intrusion detection for networks. In: Proceedings of the 13th Systems Administration Conference (1999)

  17. Stibor, T., Timmis, J., Eckert, C.: A comparative study of real-valued negative selection to statistical anomaly detection techniques. In: Proceedings of the 4th International Conference on Artificial Immune Systems (2005)

  18. Stibor, T., Timmis, J., Eckert, C.: On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system. In: Proceedings of the 4th International Conference on Artificial Immune Systems (2005)

  19. Wierzchon, S.T.: Artificial immune systems. Theory and application (in Polish). Warsaw, Poland: Exit (2001)

Download references

Author information

Authors and Affiliations

  1. Faculty of Sciences, Technology and Communication, University of Luxembourg, 6 rue Coudenhove Kalergi, 1359, Luxembourg-Kirchberg, Luxembourg

    Marek Ostaszewski & Pascal Bouvry

  2. Polish–Japanese Institute of Information Technology, Koszykowa 86, 02-008, Warsaw, Poland

    Franciszek Seredynski

  3. Institute of Computer Science, Polish Academy of Sciences, Ordona 21, 01-237, Warsaw, Poland

    Franciszek Seredynski

Authors
  1. Marek Ostaszewski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Franciszek Seredynski
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pascal Bouvry
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Franciszek Seredynski.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ostaszewski, M., Seredynski, F. & Bouvry, P. Coevolutionary-based Mechanisms for Network Anomaly Detection. J Math Model Algor 6, 411–431 (2007). https://doi.org/10.1007/s10852-007-9061-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10852-007-9061-x

Key words

Mathematics Subject Classifications (2000)

Search

Navigation