Article

An evaluation of negative selection algorithm with constraint-based detectors

Authors:

Gerry DozierAuthors Info & Claims

ACMSE '06: Proceedings of the 44th annual ACM Southeast Conference

Pages 134 - 139

https://doi.org/10.1145/1185448.1185479

Published: 10 March 2006 Publication History

Abstract

The Negative Selection Algorithm is an immunology-inspired algorithm for anomaly detection application. This algorithm has been implemented with different pattern representations and various matching rules and successfully applied to a broad range of problems. Recent research shows serious problems with this algorithm in terms of both efficiency and effectiveness. In this paper we evaluated the performance of the algorithm constraint-based representation. We argue that the algorithm and problem representations should be considered separately, and that best performance of the algorithm may be obtained by choosing a proper representation.

References

[1]

Ayara, M., Timmis, J, de Lemos, R., and Duncan, R. (2002) "Negative Selection: How to Generate Detectors", 2002 ICAIS, 89--98.

[2]

Balthrop, J., Forrest, S. and Glickman, M. (2002) "Revisiting LISYS: parameters and normal behavior", 2002 CEC, 1045--1050.

Digital Library

[3]

Balthrop, J., Esponda, F., Forrest, S., Glickman, M. (2002) "Coverage and generalization in an Artificial Immune System", 2002GECCO, 3--10.

Digital Library

[4]

Dasgupta, D. (1999) "An overview of artificial immune system and their applications", Artificial Immune Systems and Their Applications, D. Dasgupta, ed., Springer, 3--21.

[5]

Dasgupta, D. and Gonzalez, F. (2002) "An immunity-based technique to characterize intrusions in computer network", IEEE Trans. Evolutionary Computation. 6(3): 281--291.

Digital Library

[6]

De Castro, L. and Timmis, J. (2002) Artificial Immune Systems: A New Computational Intelligence Approach. Springer.

Digital Library

[7]

D'haeseleer, P., Forrest, S. and Helman, P., (1996) "An immunological approach to change detection: algorithms, analysis and implications", 1996 IEEE Symposium on Computer Security and Privacy, 110--119.

Digital Library

[8]

Esponda, F., Forrest, S., and Helman, P. (2004) "A formal framework for positive and negative detection schemes", IEEE Trans. Systems, Man, and Cybernetics--Part B: Cybernetics, 34(1): 357--373.

Digital Library

[9]

Forrest, S., Perelson, S., Allen, L. and Cherukuri, R. (1994) "Self-nonself discrimination in a computer", 1994 IEEE Symposium on Research in Security and Privacy, 202--212.

Digital Library

[10]

Forrest, S., Hofmeyr, S. and Somayaji. A. (1997) "Computer immunology", Communications of the ACM, 40(10):88--96.

Digital Library

[11]

Gonzalez, F, Dasgupta, D. and Kozma, R. (2002) "Combining negative selection and classification techniques for anomaly detection", 2002 CEC, 705--710.

[12]

Gonzalez, F, Dasgupta, D. and Nino, D. (2003) "A randomized real-valued negative selection algorithm", 2003 ICAIS, 261--272.

[13]

Hofmeyr, S. and Forrest, S. (2000) "Architecture for an artificial immune system", Evolutionary Computation, 8(4):443--473.

Digital Library

[14]

Hou, H., Zhu, J. and Dozier, G. (2002) "Artificial Immunity using Constraint-based Detectors", 2002 WAC, 13:239--244.

[15]

Ji, Z. and Dasgupta, D. (2004) "Real-valued negative selection algorithm with variable-sized detectors", 2004GECCO, 287--298.

[16]

Ji, Z. and Dasgupta, D. (2005) "Estimating the detector coverage in a negative selection algorithm", 2005GECCO.

Digital Library

[17]

Kim, J. and Bentley, P. (2001) "An evaluation of negative selection in an artificial immune system for network intrusion detection", 2001 GECCO 1330--1337.

[18]

Kim, J. and Bentley, P. (2001) "Towards an artificial immune system for network intrusion detection: an investigation of clonal selection with a negative selection operator", 2001 CEC, 1244--1252.

[19]

Mukherjee, B., Heberlein, T., and Levitt, K. (1994) "Network Intrusion Detection", IEEE Network, 8(3): 26--41.

Digital Library

[20]

Singh, S. (2002) "Anomaly detection using negative selection based on the r-contiguous matching rule", 2002 ICAIS, 99--106.

[21]

Stibor, T., Bayarou, K. and Eckert, C. (2004) "An investigation of r-chunk detector generation on higher alphabets", GECCO 2004, 299--307.

[22]

Stibor, T., Timmis, J. and Eckert, C. (2005) "A comparative study of real-valued negative selection to statistical anomaly detection techniques", ICARIS 2005, 262--275.

Digital Library

[23]

Stibor, T., Mohr, P. and Timmis, J. (2005) "Is negative selection appropriate for anomaly detection?", 2005 GECCO, 321--328.

Digital Library

[24]

Stibor, T., Timmis, J. and Eckert, C. (2005) "On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system", 2005 CEC.

[25]

Wierzchon, S. (2000) "Generating optimal repertoire of antibody strings in an artificial immune system", Intelligent Information Systems, Advances in Soft Computing Series of Physica-Verlag, Springer Verlag, 119--133.

Digital Library

[26]

Wolberg, W. and Mangasarian, O. (1990) "Multisurface method of pattern separation for medical diagnosis applied to breast cytology", PNAS, 87:9193--9196.

Cited By

Feng XSun ZLi B(2019)An Anomaly Detection Model Based on Immune Network with Variable Any-R-Intervals Matching RuleCommunications, Signal Processing, and Systems10.1007/978-981-13-6264-4_45(367-375)Online publication date: 4-May-2019
https://doi.org/10.1007/978-981-13-6264-4_45
Sun ZXu YLiang GZhou Z(2018)An Intrusion Detection Model for Wireless Sensor Networks With an Improved V-Detector AlgorithmIEEE Sensors Journal10.1109/JSEN.2017.278799718:5(1971-1984)Online publication date: 1-Mar-2018
https://doi.org/10.1109/JSEN.2017.2787997
Kessentini WKessentini MSahraoui HBechikh SOuni A(2014)A Cooperative Parallel Search-Based Software Engineering Approach for Code-Smells DetectionIEEE Transactions on Software Engineering10.1109/TSE.2014.233105740:9(841-861)Online publication date: 1-Sep-2014
https://doi.org/10.1109/TSE.2014.2331057
Show More Cited By

Index Terms

An evaluation of negative selection algorithm with constraint-based detectors
1. Computing methodologies
  1. Artificial intelligence
    1. Search methodologies
      1. Heuristic function construction

Recommendations

Multiclass anomaly detection for unsupervised and semi-supervised data based on a combination of negative selection and clonal selection algorithms
Abstract
A key challenge in anomaly detection is the imbalance between the amounts of normal and abnormal signal data. Specifically, the amount of abnormal signal data is considerably less than that of normal signal data. To solve this problem, ...
Graphical abstract

Display Omitted
Highlights
- Multiclass classification model is based on artificial immune system algorithms.
Is negative selection appropriate for anomaly detection?
GECCO '05: Proceedings of the 7th annual conference on Genetic and evolutionary computation

Negative selection algorithms for hamming and real-valued shape-spaces are reviewed. Problems are identified with the use of these shape-spaces, and the negative selection algorithm in general, when applied to anomaly detection. A straightforward self ...
A New Algorithm Based on Negative Selection and Idiotypic Networks for Generating Parsimonious Detector Sets for Industrial Fault Detection Applications
ICARIS '09: Proceedings of the 8th International Conference on Artificial Immune Systems

Artificial Immune System (AIS) algorithms have been used for well over a decade to detect anomalies in computer security and data collection applications. They have also been used for real-time industrial fault detection applications, where they ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACMSE '06: Proceedings of the 44th annual ACM Southeast Conference

March 2006

823 pages

ISBN:1595933158

DOI:10.1145/1185448

General Chair:
Ronaldo Menezes
Florida Institute of Technology

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 March 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ACM SE06

ACM SE06: ACM Southeast Regional Conference

March 10 - 12, 2006

Florida, Melbourne

Acceptance Rates

ACMSE '06 Paper Acceptance Rate 100 of 244 submissions, 41%;

Overall Acceptance Rate 502 of 1,023 submissions, 49%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
324
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 18 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Feng XSun ZLi B(2019)An Anomaly Detection Model Based on Immune Network with Variable Any-R-Intervals Matching RuleCommunications, Signal Processing, and Systems10.1007/978-981-13-6264-4_45(367-375)Online publication date: 4-May-2019
https://doi.org/10.1007/978-981-13-6264-4_45
Sun ZXu YLiang GZhou Z(2018)An Intrusion Detection Model for Wireless Sensor Networks With an Improved V-Detector AlgorithmIEEE Sensors Journal10.1109/JSEN.2017.278799718:5(1971-1984)Online publication date: 1-Mar-2018
https://doi.org/10.1109/JSEN.2017.2787997
Kessentini WKessentini MSahraoui HBechikh SOuni A(2014)A Cooperative Parallel Search-Based Software Engineering Approach for Code-Smells DetectionIEEE Transactions on Software Engineering10.1109/TSE.2014.233105740:9(841-861)Online publication date: 1-Sep-2014
https://doi.org/10.1109/TSE.2014.2331057
Kessentini MVaucher SSahraoui HPecheur CAndrews JDi Nitto E(2010)Deviance from perfection is a better criterion than closeness to evil when identifying risky codeProceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering10.1145/1858996.1859015(113-122)Online publication date: 20-Sep-2010
https://dl.acm.org/doi/10.1145/1858996.1859015

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten