Negative Selection with Antigen Feedback in Intrusion Detection

  • Wanli Ma
  • Dat Tran
  • Dharmendra Sharma
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5132)


One of the major challenges for negative selection is to efficiently generate effective detectors. The experiment in the past shows that random generation fails to generate useful detectors within acceptable time duration. In this paper, we propose an antigen feedback mechanism for generating the detectors. For an unmatched antigen, we make a copy of the antigen and treat it the same as a newly randomly generated antibody: it goes through the same maturing process and is subject to elimination due to self matching. If it survives and is then activated by more antigens, it becomes a legitimate detector. Our experiment demonstrates that the antigen feedback mechanism provides an efficient way to generate enough effective detectors within a very short period of time. With the antigen feedback mechanism, we achieved 95.21% detection rate on attack strings, with 4.79% false negative rate, and 99.21% detection rate on normal strings, 0.79% false positive. In this paper, we also introduce Arisytis – Artificial Immune System Tool K it s – a project we are undertaking for not only our own experiment, but also the research communities in the same area to avoid the waste on repeatedly developing similar software. Arisytis is available on the public domain. Finally, we also discuss the effectiveness of the r-continuous bits match and its impact on data presentation.


Artificial Immune System Negative Selection Intrusion Detection System 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Forrest, S., Hofmeyr, S.A., et al.: A sense of self for Unix processes. In: IEEE Symposium on Security and Privacy, Oakland, CA, USA (1996)Google Scholar
  2. 2.
    Timmis, J.: Artificial immune systems - today and tomorrow. Natural Computing: an international journal 6(1), 1–18 (2007)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Dasgupta, D.: Advances in artificial immune systems. IEEE Computational Intelligence Magazine 1(4), 40–49 (2006)Google Scholar
  4. 4.
    Garrett, S.M.: How Do We Evaluate Artificial Immune Systems? Evolutionary Computation 13(2), 145–177 (2005)CrossRefGoogle Scholar
  5. 5.
    Dasgupta, D., Ji, Z., Gonzalez, F.: Artificial immune system (AIS) research in the last five years. In: The 2003 Congress on Evolutionary Computation (CEC 2003). IEEE Press, Los Alamitos (2003)Google Scholar
  6. 6.
    Hofmeyr, S.A., Forrest, S.: Immunity by Design: An Artificial Immune System. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 1999), Orlando, Florida. Morgan Kaufmann, USA (1999)Google Scholar
  7. 7.
    Hofmeyr, S.A., Forrest, S.: Architecture for an Artificial Immune System. Evolutionary Computation 8(4), 443–473 (2000)CrossRefGoogle Scholar
  8. 8.
    Hart, E., Timmis, J.: Application Areas of AIS: The Past, The Present and The Future. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627. Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Forrest, S., Perelson, A.S., et al.: Self-Nonself Discrimination in a Computer. In: Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, Oakland, CA, USA. IEEE Computer Society Press, Los Alamitos (1994)Google Scholar
  10. 10.
    Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion Detection Using Sequences of System Calls. Journal of Computer Security 6, 151–180 (1998)Google Scholar
  11. 11.
    Hofmeyr, S.: An Immunology Model of Distributed Detection and Its Application to Computer Security. Department of Computer Science, University of New Mexico, USA (1999)Google Scholar
  12. 12.
    Castro, L.N.D., Timmis, J.: Artificial Immune Systems: A New Computational Intelligence Approach. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  13. 13.
    Balthrop, J., Forrest, S., Glickman, M.R.: Revisiting LISYS: Parameters and normal behavior. In: Proceedings of the Congress on Evolutionary Computing (CEC-2002) (2002)Google Scholar
  14. 14.
    Gabrielli, N., Rigodanzo, M.: An Artificial Immune System for Network Intrusion. Detection on a Web Server: First Results. In: Proceedings of the 2nd Italian Workshop on Evolutionary Computation (GSICE 2006) (2006)Google Scholar
  15. 15.
    Gonzalez, F.A., Dasgupta, D.: Anomaly Detection Using Real-Valued Negative Selection. Genetic Programming and Evolvable Machines 4(4), 383–403 (2003)CrossRefGoogle Scholar
  16. 16.
    Ji, Z., Dasgupta, D.: Revisiting Negative Selection Algorithms. Evolutionary Computation 15(2), 223–251 (2007)CrossRefGoogle Scholar
  17. 17.
    Kim, J., Bentley, P.: An evaluation of negative selection in an artificial immune system for network intrusion detection. In: Proceedings of GECCO 2001 (2001)Google Scholar
  18. 18.
    ACM. KDD CUP 1999 data. [cited 12 January 2007],
  19. 19.
    DARPA. DARPA Intrusion Detection Evaluation Data Sets. 1999 [cited 2006 15 October 2006],
  20. 20.
    Stolfo, S.J., Fan, W., et al.: Cost-based Modeling and Evaluation for Data Mining With Application to Fraud and Intrusion Detection: Results from the JAM Project. In: Proceedings of 2000 DARPA Information Survivability Conference and Exposition (2000)Google Scholar
  21. 21.
    Ma, W., Tran, D., Sharma, D.: A Study on the Feature Selection of Network Traffic for Intrusion Detection Purpose. In: The Proceedings of IEEE International Conference on Intelligence and Security Informatics (ISI 2008) (to be published, 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Wanli Ma
    • 1
  • Dat Tran
    • 1
  • Dharmendra Sharma
    • 1
  1. 1.Faculty of Information Sciences and EngineeringUniversity of CanberraAustralia

Personalised recommendations