Negative Selection with Antigen Feedback in Intrusion Detection

    Research output: A Conference proceeding or a Chapter in BookConference contribution

    4 Citations (Scopus)
    1 Downloads (Pure)

    Abstract

    One of the major challenges for negative selection is to efficiently generate effective detectors. The experiment in the past shows that random generation fails to generate useful detectors within acceptable time duration. In this paper, we propose an antigen feedback mechanism for generating the detectors. For an unmatched antigen, we make a copy of the antigen and treat it the same as a newly randomly generated antibody: it goes through the same maturing process and is subject to elimination due to self matching. If it survives and is then activated by more antigens, it becomes a legitimate detector. Our experiment demonstrates that the antigen feedback mechanism provides an efficient way to generate enough effective detectors within a very short period of time. With the antigen feedback mechanism, we achieved 95.21% detection rate on attack strings, with 4.79% false negative rate, and 99.21% detection rate on normal strings, 0.79% false positive. In this paper, we also introduce Arisytis: Artificial Immune System Tool Kits --- a project we are undertaking for not only our own experiment, but also the research communities in the same area to avoid the waste on repeatedly developing similar software. Arisytis is available on the public domain. Finally, we also discuss the effectiveness of the r-continuous bits match and its impact on data presentation.
    Original languageEnglish
    Title of host publication7th International Conference on Artificial Immune Systems (ICARIS 2008)
    EditorsPeter J Bentley, Doheon Lee, Sungwon Jung
    Place of PublicationGermany
    PublisherSpringer
    Pages200-209
    Number of pages10
    ISBN (Print)9783540850717
    DOIs
    Publication statusPublished - 2008
    Event7th International Conference on Artificial Immune Systems (ICARIS 2008) - , Thailand
    Duration: 10 Aug 200813 Aug 2008

    Conference

    Conference7th International Conference on Artificial Immune Systems (ICARIS 2008)
    CountryThailand
    Period10/08/0813/08/08

    Fingerprint

    Intrusion detection
    Antigens
    Feedback
    Detectors
    Immune system
    Experiments
    Antibodies

    Cite this

    Ma, W., Tran, D., & Sharma, D. (2008). Negative Selection with Antigen Feedback in Intrusion Detection. In P. J. Bentley, D. Lee, & S. Jung (Eds.), 7th International Conference on Artificial Immune Systems (ICARIS 2008) (pp. 200-209). Germany: Springer. https://doi.org/10.1007/978-3-540-85072-4_18
    Ma, Wanli ; Tran, Dat ; Sharma, Dharmendra. / Negative Selection with Antigen Feedback in Intrusion Detection. 7th International Conference on Artificial Immune Systems (ICARIS 2008). editor / Peter J Bentley ; Doheon Lee ; Sungwon Jung. Germany : Springer, 2008. pp. 200-209
    @inproceedings{0442a3f2a3ef47b9862bb3a285831f2e,
    title = "Negative Selection with Antigen Feedback in Intrusion Detection",
    abstract = "One of the major challenges for negative selection is to efficiently generate effective detectors. The experiment in the past shows that random generation fails to generate useful detectors within acceptable time duration. In this paper, we propose an antigen feedback mechanism for generating the detectors. For an unmatched antigen, we make a copy of the antigen and treat it the same as a newly randomly generated antibody: it goes through the same maturing process and is subject to elimination due to self matching. If it survives and is then activated by more antigens, it becomes a legitimate detector. Our experiment demonstrates that the antigen feedback mechanism provides an efficient way to generate enough effective detectors within a very short period of time. With the antigen feedback mechanism, we achieved 95.21{\%} detection rate on attack strings, with 4.79{\%} false negative rate, and 99.21{\%} detection rate on normal strings, 0.79{\%} false positive. In this paper, we also introduce Arisytis: Artificial Immune System Tool Kits --- a project we are undertaking for not only our own experiment, but also the research communities in the same area to avoid the waste on repeatedly developing similar software. Arisytis is available on the public domain. Finally, we also discuss the effectiveness of the r-continuous bits match and its impact on data presentation.",
    author = "Wanli Ma and Dat Tran and Dharmendra Sharma",
    year = "2008",
    doi = "10.1007/978-3-540-85072-4_18",
    language = "English",
    isbn = "9783540850717",
    pages = "200--209",
    editor = "Bentley, {Peter J} and Doheon Lee and Sungwon Jung",
    booktitle = "7th International Conference on Artificial Immune Systems (ICARIS 2008)",
    publisher = "Springer",
    address = "Netherlands",

    }

    Ma, W, Tran, D & Sharma, D 2008, Negative Selection with Antigen Feedback in Intrusion Detection. in PJ Bentley, D Lee & S Jung (eds), 7th International Conference on Artificial Immune Systems (ICARIS 2008). Springer, Germany, pp. 200-209, 7th International Conference on Artificial Immune Systems (ICARIS 2008), Thailand, 10/08/08. https://doi.org/10.1007/978-3-540-85072-4_18

    Negative Selection with Antigen Feedback in Intrusion Detection. / Ma, Wanli; Tran, Dat; Sharma, Dharmendra.

    7th International Conference on Artificial Immune Systems (ICARIS 2008). ed. / Peter J Bentley; Doheon Lee; Sungwon Jung. Germany : Springer, 2008. p. 200-209.

    Research output: A Conference proceeding or a Chapter in BookConference contribution

    TY - GEN

    T1 - Negative Selection with Antigen Feedback in Intrusion Detection

    AU - Ma, Wanli

    AU - Tran, Dat

    AU - Sharma, Dharmendra

    PY - 2008

    Y1 - 2008

    N2 - One of the major challenges for negative selection is to efficiently generate effective detectors. The experiment in the past shows that random generation fails to generate useful detectors within acceptable time duration. In this paper, we propose an antigen feedback mechanism for generating the detectors. For an unmatched antigen, we make a copy of the antigen and treat it the same as a newly randomly generated antibody: it goes through the same maturing process and is subject to elimination due to self matching. If it survives and is then activated by more antigens, it becomes a legitimate detector. Our experiment demonstrates that the antigen feedback mechanism provides an efficient way to generate enough effective detectors within a very short period of time. With the antigen feedback mechanism, we achieved 95.21% detection rate on attack strings, with 4.79% false negative rate, and 99.21% detection rate on normal strings, 0.79% false positive. In this paper, we also introduce Arisytis: Artificial Immune System Tool Kits --- a project we are undertaking for not only our own experiment, but also the research communities in the same area to avoid the waste on repeatedly developing similar software. Arisytis is available on the public domain. Finally, we also discuss the effectiveness of the r-continuous bits match and its impact on data presentation.

    AB - One of the major challenges for negative selection is to efficiently generate effective detectors. The experiment in the past shows that random generation fails to generate useful detectors within acceptable time duration. In this paper, we propose an antigen feedback mechanism for generating the detectors. For an unmatched antigen, we make a copy of the antigen and treat it the same as a newly randomly generated antibody: it goes through the same maturing process and is subject to elimination due to self matching. If it survives and is then activated by more antigens, it becomes a legitimate detector. Our experiment demonstrates that the antigen feedback mechanism provides an efficient way to generate enough effective detectors within a very short period of time. With the antigen feedback mechanism, we achieved 95.21% detection rate on attack strings, with 4.79% false negative rate, and 99.21% detection rate on normal strings, 0.79% false positive. In this paper, we also introduce Arisytis: Artificial Immune System Tool Kits --- a project we are undertaking for not only our own experiment, but also the research communities in the same area to avoid the waste on repeatedly developing similar software. Arisytis is available on the public domain. Finally, we also discuss the effectiveness of the r-continuous bits match and its impact on data presentation.

    U2 - 10.1007/978-3-540-85072-4_18

    DO - 10.1007/978-3-540-85072-4_18

    M3 - Conference contribution

    SN - 9783540850717

    SP - 200

    EP - 209

    BT - 7th International Conference on Artificial Immune Systems (ICARIS 2008)

    A2 - Bentley, Peter J

    A2 - Lee, Doheon

    A2 - Jung, Sungwon

    PB - Springer

    CY - Germany

    ER -

    Ma W, Tran D, Sharma D. Negative Selection with Antigen Feedback in Intrusion Detection. In Bentley PJ, Lee D, Jung S, editors, 7th International Conference on Artificial Immune Systems (ICARIS 2008). Germany: Springer. 2008. p. 200-209 https://doi.org/10.1007/978-3-540-85072-4_18