Browse > Article
http://dx.doi.org/10.3837/tiis.2010.12.017

GEP-based Framework for Immune-Inspired Intrusion Detection  

Tang, Wan (College of Computer Science, South-Central University for Nationalities)
Peng, Limei (Department of Electrical Engineering, GRID Middleware Research Center, KAIST)
Yang, Ximin (College of Computer Science, South-Central University for Nationalities)
Xie, Xia (College of Computer Science, Huazhong University of Science & Technology)
Cao, Yang (School of Electronic Information,Wuhan University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.4, no.6, 2010 , pp. 1273-1293 More about this Journal
Abstract
Immune-inspired intrusion detection is a promising technology for network security, and well known for its diversity, adaptation, self-tolerance, etc. However, scalability and coverage are two major drawbacks of the immune-inspired intrusion detection systems (IIDSes). In this paper, we propose an IIDS framework, named GEP-IIDS, with improved basic system elements to address these two problems. First, an additional bio-inspired technique, gene expression programming (GEP), is introduced in detector (corresponding to detection rules) representation. In addition, inspired by the avidity model of immunology, new avidity/affinity functions taking the priority of attributes into account are given. Based on the above two improved elements, we also propose a novel immune algorithm that is capable of integrating two bio-inspired mechanisms (i.e., negative selection and positive selection) by using a balance factor. Finally, a pruning algorithm is given to reduce redundant detectors that consume footprint and detection time but do not contribute to improving performance. Our experimental results show the feasibility and effectiveness of our solution to handle the scalability and coverage problems of IIDS.
Keywords
Network intrusion detection; artificial immune system; gene expression programming;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
Times Cited By Web Of Science : 1  (Related Records In Web of Science)
Times Cited By SCOPUS : 1
연도 인용수 순위
1 J. Kim, P. Bentley, U. Aickelin, J. Greensmith, G. Tedesco and J. Twycross, "Immune system approaches to intrusion detection - a review," Natural Computing, vol. 6, no. 4, pp. 413-466, Dec. 2007.
2 D. Dasgupta, "Advances in artificial immune systems," IEEE Computational Intelligence Magazine, vol. 1, no. 4, pp. 40-49, Nov. 2006.   DOI
3 Y. Bouzida and F. Cuppens, "Neural networks vs. decision trees for intrusion detection," in Proc. of IEEE / IST Workshop on Monitoring, Attack Detection and Mitigation (MonAM), Tuebingen, Germany, pp. 81-88, Sep. 2006.
4 K. Faraun and A. Boukelif, "Genetic programming approach for multi-category pattern classification applied to network intrusions detection," International Arab Journal of Information Technology, vol. 4, no. 3, pp. 237-246, July 2007.
5 S. Mariathasan, R. G. Jones and P. S. Ohashi, "Signals involved in thymocyte positive and negative selection," Seminars in Immunology. vol. 11, pp. 263-272, Aug. 1999.   DOI   ScienceOn
6 W. Tang, Y. Cao, X. M. Yang and W. H. So, "Study on adaptive intrusion detection engine based on gene expression programming rules," in Proc. of International Conf. on Computer Science and Software Engineering (CSSE'08),Wuhan, China, pp.959-963, Dec. 2008.
7 U. Aickelin, "Artificial immune system," Introductory tutorials in optimization, decision support and search methodology, Chapter 13, Kluwer, 2005.
8 M. Ayara, J. Timmis, L.N. d Lemos and R. Duncan, "Negative selection: how to generate detectors," in Proc. of the 1st International Conf. on Artificial Immune Systems (CARIS '02), University of Kenta at Canterbury, pp. 89-98, Sept. 2002.
9 Z. Ji and D. Dasgupta, "Applicability issues of the real-valued negative selection algorithms," in Proc. of IEEE Congress on Evolutionary Computation Conference (CEC'03), Canberra, Australia, ACM, pp. 111-118, Dec. 2003.
10 L. N. de Castro and F. J. V. Zuben, "The clonal selection algorithm with engineering applications," in Proc. of GECCO'00, Las Vegas, Nevada, USA, pp.36-39, July, 2000.
11 F. Liu and L Luo, "Immune clonal selection wavelet network based intrusion detection," in Proc. of Artificial Neural Networks: Biological Inspirations-ICANN 2005, LNCS, vol. 3696, Springer, pp. 331-336, 2005.
12 G.F. Luger, "Artificial intelligence: structures and strategies for complex problem solving," 6th Ed., England: Addision Wesley, 2008.
13 KDD CUP'99 DATA Set,http://kdd.ics.uci.edu/data bases/kddcup99/kddcup99.html
14 C. Zhou, W. Xiao and T.M. Tirpak, "Evolving accurate and compact classification rules with gene expression programming," IEEE Transaction on Evolutionary Computation, vol. 7, no. 6, pp. 519-531, Dec. 2003.   DOI   ScienceOn
15 Z. Ji and D. Dasgupta, "Augmented negative selection algorithm with variable-coverage detectors," in Proc. of Congress on Evolutionary Computation (CEC'04), Portland, Oregon, USA, pp. 1081-1088, June 2004.
16 C. Elkan, "Results of the KDD'99 Classifier Learning," ACM SIGKDD 2000, Boston, MA, USA, vol. 1, no. 2, pp. 63-64, Aug. 2000.
17 I. Levin, "KDD99 classifier learning contest LLsoft's results overview," ACM SIGKDD 2000, Boston, MA, USA, vol. 1, no. 2, pp. 67-75, Aug. 2000.
18 S. A. Hofmeyr and S. Forrest, "Architecture for an artificial immune system," Evolutionary Computation, vol. 8, no. 4, pp. 443-473, Dec. 2000.   DOI   ScienceOn
19 Z. Ji, "Negative selection algorithms: from the thymus to v-detectors," University of Menphis, USA, Ph. D thesis, 2006.
20 J. Kim and P. Bentley, "Immune memory and gene library evolution in the dynamical clonal selection algorithm," Journal of Genetic Programming and Evolvable Machines, vol. 5, no. 4, pp. 361-391, Sep. 2004.   DOI
21 J. Kim, "Integrating artificial immune algorithms for intrusion detection," University of London, UK, Ph. D thesis, 2002.
22 E. Hart and J. Timmis, "Application areas of AIS: The past, the present and the future," Applied Soft Computing, vol. 8, no. 1, pp. 191-201, Jan. 2008.   DOI   ScienceOn
23 T. Stibor, "On the appropriateness of negative selection for anomaly detection and network intrusion detection," Darmstadt University of technology, Germany, Ph. D thesis, 2006.
24 J. Jimmis. R. d. Lemos. M. Ayara and R. Duncan. "Towards immune inspired fault tolerance in embedded," in Proc. of the 9th International Conf. on Neural Information Processing (ICONIP'02), Orchid Country Club, Singapore, University of Kent at Canterbury Printing Unit, pp.1459-1463, Nov. 2002.
25 T. Stibor, J. Timmis and C. Eckert, "On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system," in Proc. of the Congress on Evolutionary Computation (CEC'05), Edinburgh, UK, IEEE Press., pp. 995-1002, July 2005.
26 L. Zhou, A. Vasilakos, N. Xiong, Y. Zhang and S. Lian, "Scheduling Security-Critical Multimedia Applications in Heterogeneous Networks," to appear in Computer Communications. doi:10.1016/j.comcom.2010.01.009
27 C. Ferreira, "Gene expression programming: Mathematical modeling by an artificial intelligence," 2nd ed. Springer-Verlag, Germany, 2006.
28 J. Skaruz, "Detecting Web application attacks with use of gep expression program," in Proc. of the Eleventh conf. on Congress on Evolutionary Computation (CEC'09), Trondheim, Norway, IEEE Press, pp. 2029-2035, May, 2009.
29 L. Zhou, B. Zheng, A. Wei, B. Geller and J. Cui, "A Scalable Information Security Technique: Joint Authentication-Coding Mechanism for Multimedia over Heterogeneous Wireless Networks," Wireless Personal Communications, vol. 51, no. 1, pp. 5-16, Oct. 2009.   DOI   ScienceOn
30 K. Butler, T. R. Farley, P. McDaniel and J. Rexford, "A survey of BGP Security Issues and Solutions," in Proc. of the IEEE, vol. 98, no. 1, pp.100-122, Jan. 2010.   DOI
31 P. Owezarski, "On the impact of DoS attacks on Internet traffic characteristics and QoS," in Proc. of 14th International Conf. on Computer Communications and Networks (ICCCN'05), San Diego, California USA, pp.269-274, Oct. 2005.
32 T. Peng, C. Leckie and K. Ramamohanarao, "Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems," ACM Computing Surveys, vol. 39, no. 1, 3, pp.1-42, Apr. 2007.   DOI