KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

GEP-based Framework for Immune-Inspired Intrusion Detection

  • Tang, Wan (College of Computer Science, South-Central University for Nationalities) ;
  • Peng, Limei (Department of Electrical Engineering, GRID Middleware Research Center, KAIST) ;
  • Yang, Ximin (College of Computer Science, South-Central University for Nationalities) ;
  • Xie, Xia (College of Computer Science, Huazhong University of Science & Technology) ;
  • Cao, Yang (School of Electronic Information,Wuhan University)
  • Received : 2010.08.03
  • Accepted : 2010.10.27
  • Published : 2010.12.23
Download PDF
⟨ Previous Next ⟩

Abstract

Immune-inspired intrusion detection is a promising technology for network security, and well known for its diversity, adaptation, self-tolerance, etc. However, scalability and coverage are two major drawbacks of the immune-inspired intrusion detection systems (IIDSes). In this paper, we propose an IIDS framework, named GEP-IIDS, with improved basic system elements to address these two problems. First, an additional bio-inspired technique, gene expression programming (GEP), is introduced in detector (corresponding to detection rules) representation. In addition, inspired by the avidity model of immunology, new avidity/affinity functions taking the priority of attributes into account are given. Based on the above two improved elements, we also propose a novel immune algorithm that is capable of integrating two bio-inspired mechanisms (i.e., negative selection and positive selection) by using a balance factor. Finally, a pruning algorithm is given to reduce redundant detectors that consume footprint and detection time but do not contribute to improving performance. Our experimental results show the feasibility and effectiveness of our solution to handle the scalability and coverage problems of IIDS.

Keywords

References

  1. L. Zhou, B. Zheng, A. Wei, B. Geller and J. Cui, "A Scalable Information Security Technique: Joint Authentication-Coding Mechanism for Multimedia over Heterogeneous Wireless Networks," Wireless Personal Communications, vol. 51, no. 1, pp. 5-16, Oct. 2009. https://doi.org/10.1007/s11277-008-9595-x
  2. L. Zhou, A. Vasilakos, N. Xiong, Y. Zhang and S. Lian, "Scheduling Security-Critical Multimedia Applications in Heterogeneous Networks," to appear in Computer Communications. doi:10.1016/j.comcom.2010.01.009
  3. K. Butler, T. R. Farley, P. McDaniel and J. Rexford, "A survey of BGP Security Issues and Solutions," in Proc. of the IEEE, vol. 98, no. 1, pp.100-122, Jan. 2010. https://doi.org/10.1109/JPROC.2009.2034031
  4. P. Owezarski, "On the impact of DoS attacks on Internet traffic characteristics and QoS," in Proc. of 14th International Conf. on Computer Communications and Networks (ICCCN'05), San Diego, California USA, pp.269-274, Oct. 2005.
  5. T. Peng, C. Leckie and K. Ramamohanarao, "Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems," ACM Computing Surveys, vol. 39, no. 1, 3, pp.1-42, Apr. 2007. https://doi.org/10.1145/1216370.1216371
  6. J. Kim, P. Bentley, U. Aickelin, J. Greensmith, G. Tedesco and J. Twycross, "Immune system approaches to intrusion detection - a review," Natural Computing, vol. 6, no. 4, pp. 413-466, Dec. 2007.
  7. D. Dasgupta, "Advances in artificial immune systems," IEEE Computational Intelligence Magazine, vol. 1, no. 4, pp. 40-49, Nov. 2006. https://doi.org/10.1109/MCI.2006.329705
  8. S. A. Hofmeyr and S. Forrest, "Architecture for an artificial immune system," Evolutionary Computation, vol. 8, no. 4, pp. 443-473, Dec. 2000. https://doi.org/10.1162/106365600568257
  9. Z. Ji and D. Dasgupta, "Augmented negative selection algorithm with variable-coverage detectors," in Proc. of Congress on Evolutionary Computation (CEC'04), Portland, Oregon, USA, pp. 1081-1088, June 2004.
  10. Z. Ji, "Negative selection algorithms: from the thymus to v-detectors," University of Menphis, USA, Ph. D thesis, 2006.
  11. J. Kim and P. Bentley, "Immune memory and gene library evolution in the dynamical clonal selection algorithm," Journal of Genetic Programming and Evolvable Machines, vol. 5, no. 4, pp. 361-391, Sep. 2004. https://doi.org/10.1023/B:GENP.0000036019.81454.41
  12. J. Kim, "Integrating artificial immune algorithms for intrusion detection," University of London, UK, Ph. D thesis, 2002.
  13. E. Hart and J. Timmis, "Application areas of AIS: The past, the present and the future," Applied Soft Computing, vol. 8, no. 1, pp. 191-201, Jan. 2008. https://doi.org/10.1016/j.asoc.2006.12.004
  14. T. Stibor, "On the appropriateness of negative selection for anomaly detection and network intrusion detection," Darmstadt University of technology, Germany, Ph. D thesis, 2006.
  15. J. Jimmis. R. d. Lemos. M. Ayara and R. Duncan. "Towards immune inspired fault tolerance in embedded," in Proc. of the 9th International Conf. on Neural Information Processing (ICONIP'02), Orchid Country Club, Singapore, University of Kent at Canterbury Printing Unit, pp.1459-1463, Nov. 2002.
  16. T. Stibor, J. Timmis and C. Eckert, "On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system," in Proc. of the Congress on Evolutionary Computation (CEC'05), Edinburgh, UK, IEEE Press., pp. 995-1002, July 2005.
  17. C. Ferreira, "Gene expression programming: Mathematical modeling by an artificial intelligence," 2nd ed. Springer-Verlag, Germany, 2006.
  18. J. Skaruz, "Detecting Web application attacks with use of gep expression program," in Proc. of the Eleventh conf. on Congress on Evolutionary Computation (CEC'09), Trondheim, Norway, IEEE Press, pp. 2029-2035, May, 2009.
  19. W. Tang, Y. Cao, X. M. Yang and W. H. So, "Study on adaptive intrusion detection engine based on gene expression programming rules," in Proc. of International Conf. on Computer Science and Software Engineering (CSSE'08),Wuhan, China, pp.959-963, Dec. 2008.
  20. U. Aickelin, "Artificial immune system," Introductory tutorials in optimization, decision support and search methodology, Chapter 13, Kluwer, 2005.
  21. M. Ayara, J. Timmis, L.N. d Lemos and R. Duncan, "Negative selection: how to generate detectors," in Proc. of the 1st International Conf. on Artificial Immune Systems (CARIS '02), University of Kenta at Canterbury, pp. 89-98, Sept. 2002.
  22. S. Mariathasan, R. G. Jones and P. S. Ohashi, "Signals involved in thymocyte positive and negative selection," Seminars in Immunology. vol. 11, pp. 263-272, Aug. 1999. https://doi.org/10.1006/smim.1999.0182
  23. Z. Ji and D. Dasgupta, "Applicability issues of the real-valued negative selection algorithms," in Proc. of IEEE Congress on Evolutionary Computation Conference (CEC'03), Canberra, Australia, ACM, pp. 111-118, Dec. 2003.
  24. L. N. de Castro and F. J. V. Zuben, "The clonal selection algorithm with engineering applications," in Proc. of GECCO'00, Las Vegas, Nevada, USA, pp.36-39, July, 2000.
  25. F. Liu and L Luo, "Immune clonal selection wavelet network based intrusion detection," in Proc. of Artificial Neural Networks: Biological Inspirations-ICANN 2005, LNCS, vol. 3696, Springer, pp. 331-336, 2005.
  26. G.F. Luger, "Artificial intelligence: structures and strategies for complex problem solving," 6th Ed., England: Addision Wesley, 2008.
  27. KDD CUP'99 DATA Set,http://kdd.ics.uci.edu/data bases/kddcup99/kddcup99.html
  28. C. Zhou, W. Xiao and T.M. Tirpak, "Evolving accurate and compact classification rules with gene expression programming," IEEE Transaction on Evolutionary Computation, vol. 7, no. 6, pp. 519-531, Dec. 2003. https://doi.org/10.1109/TEVC.2003.819261
  29. C. Elkan, "Results of the KDD'99 Classifier Learning," ACM SIGKDD 2000, Boston, MA, USA, vol. 1, no. 2, pp. 63-64, Aug. 2000.
  30. I. Levin, "KDD99 classifier learning contest LLsoft's results overview," ACM SIGKDD 2000, Boston, MA, USA, vol. 1, no. 2, pp. 67-75, Aug. 2000.
  31. Y. Bouzida and F. Cuppens, "Neural networks vs. decision trees for intrusion detection," in Proc. of IEEE / IST Workshop on Monitoring, Attack Detection and Mitigation (MonAM), Tuebingen, Germany, pp. 81-88, Sep. 2006.
  32. K. Faraun and A. Boukelif, "Genetic programming approach for multi-category pattern classification applied to network intrusions detection," International Arab Journal of Information Technology, vol. 4, no. 3, pp. 237-246, July 2007.