TOWARDS AN IMMUNE-INSPIRED TEMPORAL ANOMALY DETECTION ALGORITHM BASED ON TUNABLE ACTIVATION THRESHOLDS

Mário Antunes, Manuel Correia, Jorge Carneiro

2009

Abstract

The detection of anomalies in computer environments, like network intrusion detection, computer virus or spam classification, is usually based on some form of pattern search on a database of “signatures” for known anomalies. Although very successful and widely deployed, these approaches are only able to cope with anomalous events that have already been seen. To cope with these weaknesses, the “behaviour” based systems has been deployed. Although conceptually more appealing, they have still an impractical high rate of false alarms. The vertebrate Immune System is an emergent and appealing metaphor for new ideas on anomaly detection, being already adopted some algorithms and theoretical theories in particular fields, such as network intrusion detection. In this paper we present a temporal anomaly detection architecture based on the Grossman’s Tunable Activation Threshold (TAT) hypothesis. The basic idea is that the repertoire of immune cells is constantly tuned according to the cells temporal interactions with the environment and yet retains responsiveness to an open-ended set of abnormal events. We describe some preliminary work on the development of an anomaly detection algorithm derived from TAT and present the results obtained thus far using some synthetic data-sets.

References

  1. Antunes, M. and Correia, M. (2008). TAT-NIDS: an immune-based anomaly detection architecture for network intrusion detection. IWPACBB08 - Advances in Soft Computing (Springer), pages 6067.
  2. Carneiro, J., Paixo, T., Milutinovic, D., Sousa, J., Leon, K., Gardner, R., and Faro, J. (2005). Immunological self-tolerance: Lessons from mathematical modeling. Journal of Computational and Applied Mathematics, 184(1):77100.
  3. de Castro, L. and Timmis, J. (2002). Artificial Immune Systems: A New Computational Intelligence Approach. Springer.
  4. Forrest, S., Perelson, A., Allen, L., and Cherukuri, R. (1994). Self-nonself discrimination in a computer. Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, pages 201212.
  5. Greensmith, J., Twycross, J., and Aickelin, U. (2006). Dendritic cells for anomaly detection. In Proc. of the IEEE World Congress on Computational Intelligence, pages 664671.
  6. Grossman, Z. and Paul, W. (1992). Adaptive cellular interactions in the immune system: The tunable activation threshold and the significance of subthreshold responses. Proceedings of the National Academy of Sciences, 89(21):1036510369.
  7. Kim, J., Bentley, P., Aickelin, U., Greensmith, J., Tedesco, G., and Twycross, J. (2007). Immune system approaches to intrusion detection - a review. Natural Computing, 6(4):413466.
  8. Pedroso, J. (2007). Simple Metaheuristics Using the Simplex Algorithm for Non-linear Programming. LNCS, 4638:217221.
  9. Sompayrac, L. (2008). How the Immune System Works. Blackwell Publishing.
Download


Paper Citation


in Harvard Style

Antunes M., Correia M. and Carneiro J. (2009). TOWARDS AN IMMUNE-INSPIRED TEMPORAL ANOMALY DETECTION ALGORITHM BASED ON TUNABLE ACTIVATION THRESHOLDS . In Proceedings of the International Conference on Bio-inspired Systems and Signal Processing - Volume 1: BIOSIGNALS, (BIOSTEC 2009) ISBN 978-989-8111-65-4, pages 357-362. DOI: 10.5220/0001553303570362


in Bibtex Style

@conference{biosignals09,
author={Mário Antunes and Manuel Correia and Jorge Carneiro},
title={TOWARDS AN IMMUNE-INSPIRED TEMPORAL ANOMALY DETECTION ALGORITHM BASED ON TUNABLE ACTIVATION THRESHOLDS},
booktitle={Proceedings of the International Conference on Bio-inspired Systems and Signal Processing - Volume 1: BIOSIGNALS, (BIOSTEC 2009)},
year={2009},
pages={357-362},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001553303570362},
isbn={978-989-8111-65-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Bio-inspired Systems and Signal Processing - Volume 1: BIOSIGNALS, (BIOSTEC 2009)
TI - TOWARDS AN IMMUNE-INSPIRED TEMPORAL ANOMALY DETECTION ALGORITHM BASED ON TUNABLE ACTIVATION THRESHOLDS
SN - 978-989-8111-65-4
AU - Antunes M.
AU - Correia M.
AU - Carneiro J.
PY - 2009
SP - 357
EP - 362
DO - 10.5220/0001553303570362