The Effect of Binary Matching Rules in Negative Selection

  • Fabio González
  • Dipankar Dasgupta
  • Jonatan Gómez
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2723)


Negative selection algorithm is one of the most widely used techniques in the field of artificial immune systems. It is primarily used to detect changes in data/behavior patterns by generating detectors in the complementary space (from given normal samples). The negative selection algorithm generally uses binary matching rules to generate detectors. The purpose of the paper is to show that the low-level representation of binary matching rules is unable to capture the structure of some problem spaces. The paper compares some of the binary matching rules reported in the literature and study how they behave in a simple two-dimensional real-valued space. In particular, we study the detection accuracy and the areas covered by sets of detectors generated using the negative selection algorithm.


False Alarm Rate Negative Selection Anomaly Detection Problem Space Binary String 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    J. Balthrop, F. Esponda, S. Forrest, and M. Glickman. Coverage and generalization in an artificial immune system. In GECCO 2002: Proceedings of the Genetic and Evolutionary Computation Conference, pages 3–10, New York, 9–13 July 2002. Morgan Kaufmann Publishers.Google Scholar
  2. 2.
    J. Balthrop, S. Forrest, and M. R. Glickman. Revisting lisys: Parameters and normal behavior. In Proceedings of the 2002 Congress on Evolutionary Computation CEC2002, pages 1045–1050. IEEE Press, 2002.Google Scholar
  3. 3.
    C. A. C. Coello and N. C. Cortes. A parallel implementation of the artificial immune system to handle constraints in genetic algorithms: preliminary results. In Proceedings of the 2002 Congress on Evolutionary Computation CEC2002, pages 819–824, Honolulu, Hawaii, 2002.Google Scholar
  4. 4.
    D. Dagupta and F. González. An immunity-based technique to characterize intrusions in computer networks. IEEE Transactions on Evolutionary Computation, 6(3):281–291, June 2002.CrossRefGoogle Scholar
  5. 5.
    D. Dasgupta. An overview of artificial immune systems and their applications. In D. Dasgupta, editor, Artificial immune systems and their applications, pages pp 3–23. Springer-Verlag, Inc., 1999.Google Scholar
  6. 6.
    D. Dasgupta and S. Forrest. Tool breakage detection in milling operations using a negative-selection algorithm. Technical Report CS95-5, Department of Computer Science, University of New Mexico, 1995.Google Scholar
  7. 7.
    D. Dasgupta and S. Forrest. Novelty detection in time series data using ideas from immunology. In Proceedings of the International Conference on Intelligent Systems, pages 82–87, June 1996.Google Scholar
  8. 8.
    L. N. de Castro and J. Timmis. Artificial Immune Systems: A New Computational Approach. Springer-Verlag, London, UK, 2002.zbMATHGoogle Scholar
  9. 9.
    L. N. de Castro and F. J. Von Zuben. An evolutionary immune network for data clustering. Brazilian Symposium on Artificial Neural Networks (IEEE SBRN’00), pages 84–89, 2000.Google Scholar
  10. 10.
    P. D’haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: algorithms, analysis and implications. In Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy, pages 110–119, Oakland, CA, 1996.Google Scholar
  11. 11.
    J. D. Farmer, N.H. Packard, and A. S. Perelson. The immune system, adaptation, and machine learning. Physica D, 22:187–204, 1986.CrossRefMathSciNetGoogle Scholar
  12. 12.
    S. Forrest, A. Perelson, L. Allen, and R. Cherukuri. Self-nonself discrimination in a computer. In Proc. IEEE Symp. on Research in Security and Privacy, pages 202–212, 1994.Google Scholar
  13. 13.
    F. González and D. Dagupta. Neuro-immune and self-organizing map approaches to anomaly detection: A comparison. In Proceedings of the 1st International Conference on Artificial Immune Systems, pages 203–211, Canterbury, UK, Sept. 2002.Google Scholar
  14. 14.
    F. González, D. Dasgupta, and R. Kozma. Combining negative selection and classification techniques for anomaly detection. In Proceedings of the 2002 Congress on Evolutionary Computation CEC2002, pages 705–710, Honolulu, HI, May 2002. IEEE.Google Scholar
  15. 15.
    P. Harmer, G. Williams, P.D. Gnusch, and G. Lamont. An Artificial Immune System Architecture for Computer Security Applications. IEEE Transactions on Evolutionary Computation, 6(3):252–280, June 2002.CrossRefGoogle Scholar
  16. 16.
    S. Hofmeyr and S. Forrest. Architecture for an artificial immune system. Evolutionary Computation, 8(4):443–473, 2000.CrossRefGoogle Scholar
  17. 17.
    S. A. Hofmeyr. An interpretative introduction to the immune system. In I. Cohen and L. Segel, editors, Design principles for the immune system and other distributed autonomous systems. Oxford University Press, 2000.Google Scholar
  18. 18.
    J. H. Holland, K. J. Holyoak, R. E. Nisbett, and P. R. Thagard. Induction: Processes of Inference, Learning, and Discovery. MIT Press, Cambridge, 1986.Google Scholar
  19. 19.
    N. K. Jerne. Towards a network theory of the immune system. Ann. Immunol. (Inst. Pasteur), 125C:373–389, 1974.Google Scholar
  20. 20.
    J. Kim and P. Bentley. An evaluation of negative selection in an artificial immune system for network intrusion detection. In GECCO 2001: Proceedings of the Genetic and Evolutionary Computation Conference, pages 1330–1337, San Francisco, California, USA, 2001. Morgan Kaufmann.Google Scholar
  21. 21.
    S. Singh. Anomaly detection using negative selection based on the r-contiguous matching rule. In Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS), pages 99–106, Canterbury, UK, sep 2002.Google Scholar
  22. 22.
    J. Timmis and M. J. Neal. A resource limited artificial immune system for data analysis. In Research and development in intelligent systems XVII, proceedings of ES2000, pages 19–32, Cambridge, UK, 2000.Google Scholar
  23. 23.
    P. D. Williams, K. P. Anchor, J. L. Bebo, G. H. Gunsch, and G. D. Lamont. CDIS: Towards a computer immune system for detecting network intrusions. Lecture Notes in Computer Science, 2212:117–133, 2001.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Fabio González
    • 1
    • 2
  • Dipankar Dasgupta
    • 1
  • Jonatan Gómez
    • 1
    • 2
  1. 1.Division of Computer ScienceThe University of MemphisMemphis
  2. 2.Universidad Nacional de ColombiaBogotáColombia

Personalised recommendations