An immunity-based technique to characterize intrusions in computer networks

Author

Dasgupta, Dipankar ; González, Fabio

Author_Institution

Comput. Sci. Div., Univ. of Memphis, TN, USA

Volume

6

Issue

3

fYear

2002

fDate

6/1/2002 12:00:00 AM

Firstpage

281

Lastpage

291

Abstract

This paper presents a technique inspired by the negative selection mechanism of the immune system that can detect foreign patterns in the complement (nonself) space. In particular, the novel pattern detectors (in the complement space) are evolved using a genetic search, which could differentiate varying degrees of abnormality in network traffic. The paper demonstrates the usefulness of such a technique to detect a wide variety of intrusive activities on networked computers. We also used a positive characterization method based on a nearest-neighbor classification. Experiments are performed using intrusion detection data sets and tested for validation. Some results are reported along with analysis and concluding remarks

Keywords

computer networks; genetic algorithms; pattern classification; telecommunication computing; telecommunication security; telecommunication traffic; biological systems modeling; complement space; computer network intrusion characterization; detector generation; foreign pattern detection; genetic algorithms; genetic search; immune system; immunity-based technique; intrusion detection data sets; intrusive activities; nearest-neighbor classification; negative selection mechanism; network traffic abnormality degrees; networked computers; nonself space; pattern detector evolution; Biology computing; Computer networks; Computer science; Computer viruses; Detectors; Immune system; Intelligent networks; Intrusion detection; Probability; Protection;

fLanguage

English

Journal_Title

Evolutionary Computation, IEEE Transactions on

Publisher

ieee

ISSN

1089-778X

Type

jour

DOI

10.1109/TEVC.2002.1011541

Filename

1011541