A machine learning evaluation of an artificial immune system

Evolutionary Computation

Volumn 13, Issue 2, 2005, Pages 179-212

  Glickman, Matthew ^a   Balthrop, Justin ^a   Forrest, Stephanie ^a,b  

^a University of New Mexico   (United States)

^b SANTA FE INSTITUTE   (United States)

Author keywords

Anomaly detection; Artificial immune systems; Computer security; Immune system; Machine learning; Network intrusion detection

Indexed keywords

ANOMALY DETECTION; ARTIFICIAL IMMUNE SYSTEMS; IMMUNE SYSTEMS; NETWORK INTRUSION DETECTION;

DATA ACQUISITION; LEARNING ALGORITHMS; LEARNING SYSTEMS; LOCAL AREA NETWORKS; MATHEMATICAL MODELS; ONLINE SYSTEMS; PROBLEM SOLVING; SECURITY OF DATA;

IMMUNOLOGY;

ALGORITHM; ANIMAL; ARTICLE; ARTIFICIAL INTELLIGENCE; ARTIFICIAL NEURAL NETWORK; AUTOMATED PATTERN RECOGNITION; BIOLOGICAL MODEL; BIOLOGY; COMPUTER PROGRAM; COMPUTER SIMULATION; HUMAN; IMMUNE SYSTEM; METHODOLOGY; REPRODUCIBILITY; THEORETICAL MODEL;

ALGORITHMS; ANIMALS; ARTIFICIAL INTELLIGENCE; COMPUTATIONAL BIOLOGY; COMPUTER SIMULATION; HUMANS; IMMUNE SYSTEM; MODELS, IMMUNOLOGICAL; MODELS, THEORETICAL; NEURAL NETWORKS (COMPUTER); PATTERN RECOGNITION, AUTOMATED; REPRODUCIBILITY OF RESULTS; SOFTWARE;

EID: 21244441082     PISSN: 10636560     EISSN: None     Source Type: Journal    
DOI: 10.1162/1063656054088503     Document Type: Article

References (50)

1. Anchor, K. P., Zydallis, J. B., Hunch, G. H., and Lamont, G. B. (2002). Extending the computer defense immune system: Network intrusion detection with a multiobjective evolutionary programming approach. In Timmis, J. and Bentley, P. J., editors, Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS), pages 12-21, University of Kent at Canterbury. University of Kent at Canterbury Printing Unit.
2. Anderson, D., Frivold, T., and Valdes, A. (1995). Next-generation intrusion detection expert system (nides): A summary. Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, Menlo Park, CA.
3. Angluin, D. (1980). Inductive inference of formal languages from positive data. Information and Control, 45(2):117-135.
4. Axelsson, S. (2000). The base-rate fallacy and the difficulty of intrusion detection. ACM. Transactions on Information and System Security, 3(3):186-205.
5. Balasubramaniyan, J., Garcia-Fernandez, J. O., Spafford, E. H., and Zamboni, D. (1998). An architecture for intrusion detection using autonomous agents. Technical Report Coast TR 98-05, Purdue University.
6. Balthrop, J., Esponda, F., Forrest, S., and Glickman, M. (2002a). Coverage and generalization in an artificial immune system. In GECCO-2002: Proceedings of the Genetic and Evolutionary Computation Conference.
7. Balthrop, J., Forrest, S., and Glickman, M. (2002b). Revisiting lisys: Parameters and normal behavior. In CEC-2002: Proceedings of the Congress on Evolutionary Computing.
8. Bradley, D. W. and Tyrell, A. M. (2001). The architecture for a hardware immmune system. In Proceedings of the 3rd NASA/DoD Workshop on Evolvable Hardware, pages 193-200.
9. Caruana, R. A. and Schaffer, J. D. (1988). Representation and hidden bias: Gray vs. binary coding for genetic algorithms. In MACHLERN5. Morgan Kaufmann.
10. Caswell, B. and Roesch, M. (2003). Snort: The open source network intrusion detection system, http ://www.snort.org/, Downloaded.
11. Chao, D. (2001). Personal Communication.
12. Dasgupta, D. (1999). Immunity-based intrusion detection system: A general framework. In Proceedings of the 22nd National Information Systems Security Conference.
13. Dasgupta, D. and Gonzalez, F. (2002). An immunity-based technique to characterize intrusions in computer networks. IEEE Transactions on Evolutionary Computation, 6(3):1081-1088.
14. Debar, H., Dacier, M., and Wespi, A. (1999). Towards a taxonomy of intrusion-detection systems. Computer Networks, 31(8):361-378.
15. Dowell, C. and Ramstedt, P. (1990). The computerwatch data reduction tool. In Proceedings of the 13th National Computer Security Conference.
16. Egan, J. P. (1975). Signal Detection Theory and ROC Analysis. Academic Press, New York.
17. Esponda, F., Forrest, S., and Helman, P. (2004). A formal framework for positive and negative detection schemes. IEEE Transactions on System, Man, and Cybernetics, 34(1):357-373.
18. Forrest, S., Perelson, A. S., Allen, L., and kuri, R. C. (1994). Self-nonself discrimination in a computer. In Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA. IEEE Computer Society Press.
19. Gaffney, J.E., J. and Ulvila, J. (2001). Evaluation of intrusion detectors: a decision theory approach. In 2002 IEEE Symposium on Security and Privacy. S&P 2001, 14-16 May 2001, Oakland, CA, USA, pages 50-61, Los Alamitos, CA, USA. IEEE Computer Society.
20. Gold, E. (1967). Language identification in the limit. Information and Control, 10:447-474.
21. Gomez, J., Fonzalez, F., and Dasgupta, D. (2003). An immuno-fuzzy approach to anomaly detection. In Proceedings of the 2003 IEEE International Conference on Fuzzy Systems. IEEE Press.
22. Heberlein, L. T., Dias, G. V., Levitte, K. N., Mukherjee, B., Wood, J., and Wolber, D. (1990). A network security monitor. In Proceedings of the IEEE Symposium on Security and Privacy. IEE Press.
23. Helman, P. and Liepins, G. (1993). Statistical foundations of audit trail analysis for the detection of computer misuse. IEEE Transactions on Software Engineering, 19(9):886-901.
24. Helmbold, D. P. and Long, P. M. (1991). TRACKING DRIFTING CONCEPTS BY MINIMIZING DISAGREEMENTS. Machine Learning, 14:27-45.
25. Hofmeyr, S. (1999). An immunological model of distributed detection and its application to computer security. PhD thesis, University of New Mexico, Albuquerque, NM.
26. Hofmeyr, S. and Forrest, S. (2000). Architecture for an artificial immune system. Evolutionary Computation Journal, 8(4):443-473.
27. Holland, J., Holyoak, K., Nisbett, R., and Thagard, P. (1986). Induction: Processes of Inference, Learning, and Discovery. MIT Press.
28. ISS (2000). RealSecure Product Datasheet. Internet Security Systems, Atlanta, GA. Available at http://www.iss.net/customer.care/resource-center/ product_lit/.
29. Kim, J. and Bentley, P. (1999a). The artificial immune model for network intrusion detection. In 7th European Conference on Intelligent Techniques and Soft Computing (EUFIT'99), Aachen, Germany.
30. Kim, J. and Bentley, P. (1999b). Negative selection and niching by an artificial immune system for network intrusion detection. In GECCO-99: Proceedings of the Genetic and Evolutionary Computation Conference, pages 149-158.
31. Kim, J. and Bentley, P. J. (2001). An evaluation of negative seelection in an artificial immune system for network intrusion detection. In Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), pages 1330-1337. Morgan-Kauffman.
32. Kim, J. and Bentley, P. J. (2002a). Immune memory in the dynamic clonal selection algorithm. In Timmis, J. and Bentley, P. J., editors, Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS), pages 59-67, University of Kent at Canterbury. University of Kent at Canterbury Printing Unit.
33. Kim, J. and Bentley, P. J. (2002b). A model of gene library evolution in the dynamic clonal selection algorithm. In Timmis, J. and Bentley, P. J., editors, Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS), pages 182-189, University of Kent at Canterbury. University of Kent at Canterbury Printing Unit.
34. Klinkenberg, R. and Joachims, T. (2000). Detecting concept drift with support vector machines. In Langley, P., editor, Proceedings the 17th International Conference on Machine Learning, pages 487-494. Morgan Kaufmann.
35. Lane, T. D. (2000). Machine Learning Techniques for the Computer Security Domain of Anomaly Detection. PhD thesis, Purdue University, West Lafayette, IN.
36. McHugh, J. (2000). The 1998 Lincoln Laboratory IDS evaluation - a critique. In Debar, H., Me, L., and Wu, S., editors, Recent Advances in Intrusion Detection. Third International Workshop, RAID 2000, 2-4 Oct. 2000, Toulouse, France, pages 145-61. Springer-Verlag.
37. Mitchell, T. (1997). Machine Learning. McGraw-Hill.
38. Mitchell, T. M. (1980). The need for biases in learning generalizations. Technical Report CBM-TR-117, Rutgers University, New Brunswick, New Jersey.
39. Mitchell, T. M., Caruana, R., Freitag, D., McDermott, J., and Zabowski, D. (1994). Experience with a learning personal assistant. Communications of the ACM, 37(7):80-91.
40. Muggleton, S. (1996). Learning from positive data. In Proceedings of the 6th International Workshop on Inductive Logic Programming, volume 1314 of Lecture Notes in Artificial Intelligence, pages 358-376. Springer-Verlag.
41. Mukherjee, B., Heberlein, L. T., and Levitt, K. N. (1994). Network intrusion detection. IEEE Network, pages 26-41.
42. NIST (2003). An overview of issues in testing intrusion detectin systems. NIST IR 7007.
43. Percus, J. K., Percus, O., and Perelson, A. S. (1993). Predicting the size of the antibody combining region from consideration of efficient self/non-self discrimination. Proceedings of the National Academy of Science, 90:1691-1695.
44. Pinker, S. (1984). Language learnability and language development. Harvard University Press.
45. Porras, P. and Neumann, P. G. (1997). Emerald: Event monitoring enabling responses to anomalous live disturbances. In Proceedings of the National Information Systems Security Conference.
46. Pratt, L. and Jennings, B. (1997). A survey of connectionist network reuse through transfer. In Thrun, S. and Pratt, L., editors, Learning to Learn, chapter 2. Kluwer Academic Publishers.
47. Rumelhart, D. E., Hinton, G. E., and Williams, R. J. (1987). Learning internal representations by error propagation. In Rumelhart, D. E., McClelland, J. L., et al., editors, Parallel Distributed Processing: Volume 1: Foundations, pages 318-362. MIT Press.
48. Smaha, S. E. (1988). Haystack: An intrusion detection system. In Proceedings, IEEE Fourth Aerospace Computer Security Applications Conference.
49. Squid (2003). Squid web proxy cache. http://www.squid-cache.org/, Downloaded in 2003.
50. Williams, P., Anchor, K., Bebo, J., Gunsch, G., and Lamont, G. (2001). Cdis: Towards a computer immune system for detecting network intrusions. In Lee, W., Me, L., and Wespi, A., editors, RAID 2001, volume 2212 of Lecture Notes in Computer Science, pages 117-133. Springer-Verlag.