Abstract
Contemporary signature-based intrusion detection systems are reactive in nature and are storage-limited. Their operation depends upon identifying an instance of an intrusion or virus and encoding it into a signature that is stored in its anomaly database, providing a window of vulnerability to computer systems during this time. Further, the maximum size of an Internet Protocol-based message requires a huge database in order to maintain possible signature combinations. To tighten this response cycle within storage constraints, this paper presents an innovative artificial immune system (AIS) integrated with a multiobjective evolutionary algorithm (MOEA). This new distributed intrusion detection system (IDS) design is intended to measure the vector of tradeoff solutions among detectors with regard to two independent objectives: best classification fitness and multiobjective hypervolume size. AIS antibody detectors promiscuously monitor network traffic for exact and variant abnormal system events based on only the detector’s own data structure and the application domain truth set. Applied to the MIT-DARPA 1999 insider intrusion detection data set, this new software engineered AIS-MOEA IDS called jREMISA correctly classifies normal and abnormal events at a relative high statistical level which is directly attributed to finding the proper detector affinity threshold.
Keywords
- Pareto Front
- Intrusion Detection
- Intrusion Detection System
- Artificial Immune System
- Correct Classification Rate
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Coello, C., Van Veldhuizen, D., Lamont, G.: Evolutionary Algorithms for Solving Multi-Objective Problems, Kluwer 2002, 2nd edn. Springer, Heidelberg (2007)
Coello, C., Cortés, N.: Solving Multiobjective Optimization Problems Using an Artificial Immune System. Genetic Programming and Evolvable Machines 6, 163–190 (2005)
De Castro, L.N., Timmis, J.: Artificial Immune Systems: A New Computational Intelligence Approach. Springer, London (2002)
Dréo, J., Pétrowski, A., Siarry, P., Taillard, E.: Metaheuristics for Hard Optimization: Methods and Case Studies. Springer, Germany (2006)
Edge, K., Lamont, G., Raines, R.: A Retrovirus Inspired Algorithm for Virus Detection & Optimization. In: GECCO 2006. Genetic and Evolutionary Computation Conference (2006)
Gonzalez, F., Dasgupta, D., Gomez, J.: The Effect of Binary Matching Rules in Negative Selection. In: CEC 2003. Genetic and Evolutionary Computation, Springer, Heidelberg (2003)
Haag, C.R.: An Artificial Immune System-inspired Multiobjective Evolutionary Algorithm with Application to the Detection of Distributed Computer Network Intrusions. M.S. Thesis, Graduate School of Engineering and Management, Air Force Institute of Technology, WPAFB, Dayton, OH, (March 2007)
Harmer, P., Williams, P., Gunsch, G., Lamont, G.: An Artificial Immune System Architecture for Computer Security Applications. IEEE Transactions on Evolutionary Computation 6(3) (June 2002)
Kim, J., Bentley, P., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune System Approaches to Intrusion Detection - A Review, Natural Computing. Springer, Heidelberg (2007)
McGee, P.: Building Better Antibody Therapeutics, Drug Discovery & Development, www.dddmag.com/ShowPR.aspx? PUBCODE=090&ACCT=1600000100&ISSUE=0701&RELTYPE=DEV&PRODCODE=00000000&PRODLETT=AG&CommonCount=0
Michalewicz, Z., Fogel, D.: How to Solve It: Modern Heuristics, 2nd edn. Springer, Heidelberg (2004)
Middlemiss, M.: Positive and Negative Selection in a Multilayer Artificial Immune System. Information Science Discussion Paper Series, No. 2006/03, University of Otago (January 2006)
MIT Lincoln Laboratory–DARPA Intrusion Detection Evaluation: www.ll.mit.edu/IST/ideval/
Sim, J.S., Park, K.: The Consensus String Problem for a Metric is NP-Complete. J. of Discrete Algorithms 1(1), 111–117 (2003)
Symantec Internet Security Threat Report; Trends for January 1, 2004 – June 30, 2004, vol. VI, (September 2004), eval.veritas.com/mktginfo/enterprise/white_papers/ent-whitepaper_symantec_internet_security_threat_report_vi.pdf
Williams, P.: WARTHOG: Towards a Computer Immune System for Detecting “Low and Slow” Information System Attacks, M.S. Thesis, Graduate School of Engineering and Management. Air Force Institute of Technology, WPAFB, Dayton, OH, (March 2001)
Williams, P., Anchor, K., Bebo, J., Gunsch, G., Lamont, G.: CDIS: Towards a Computer Immune System for Detecting Network Intrusions. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, Springer, Heidelberg (2001)
Zitzler, E., Thiele, L., Laumanns, M., Fonseca, C.M., Fonseca, V.G.: Performance Assessment of Multiobjective Optimizers: An Analysis and Review. IEEE Transactions on Evolutionary Computation 7, 117–132 (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Haag, C.R., Lamont, G.B., Williams, P.D., Peterson, G.L. (2007). An Artificial Immune System-Inspired Multiobjective Evolutionary Algorithm with Application to the Detection of Distributed Computer Network Intrusions. In: de Castro, L.N., Von Zuben, F.J., Knidel, H. (eds) Artificial Immune Systems. ICARIS 2007. Lecture Notes in Computer Science, vol 4628. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73922-7_36
Download citation
DOI: https://doi.org/10.1007/978-3-540-73922-7_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73921-0
Online ISBN: 978-3-540-73922-7
eBook Packages: Computer ScienceComputer Science (R0)