Anomaly detection in multidimensional data using negative selection algorithm

Dasgupta, Dipankar; Majumdar, Nivedita

doi:10.1109/cec.2002.1004386

Cited by 73 publications

(29 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ideally, the use of this affinity function (or any other affinity function) should be justified taken into account the data being mined, but this is not usually the case in the literature. The r-contiguous bits rule or its variants are often used without any specific justification for this choice [3], [4], [19]. When a justification is presented, it is usually the fact that this rule is more biologically plausible than the Hamming distance [9], [5] (p. 70).…”

Section: Affinity Functions For Binary Antibody/antigen Representationmentioning

confidence: 99%

“…In some cases, the approach of "adapting" the data to the algorithm will even throw away some potentially relevant data just because the algorithm cannot handle that data. For instance, [4] apply a negative selection algorithm to a multidimensional personnel data containing both categorical and numeric data. However, instead of using a hybrid categorical/numeric representation and take all the attributes into account, they simply ignore categorical attributes and work only with numeric attributes.…”

Section: Issues In the Choice Of Antibody/antigen Representationmentioning

confidence: 99%

See 1 more Smart Citation

Revisiting the Foundations of Artificial Immune Systems: A Problem-Oriented Perspective

Freitas

Timmis

2003

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Since their development, AIS have been used for a number of machine learning tasks including that of classification. Within the literature, there appears to be a lack of appreciation for the possible bias in the selection of various representations and affinity measures that may be introduced when employing AIS in classification tasks. Problems are then compounded when inductive bias of algorithms are not taken into account when applying seemingly generic AIS algorithms to specific application domains. This paper is an attempt at highlighting some of these issues. Using the example of classification, this paper explains the potential pitfalls in representation selection and the use of various affinity measures. Additionally, attention is given to the use of negative selection in classification and it is argued that this may be not an appropriate algorithm for such a task. This paper then presents ideas on avoiding unnecessary mistakes in the choice and design of AIS algorithms and ultimately delivered solutions.

show abstract

Section: Affinity Functions For Binary Antibody/antigen Representationmentioning

confidence: 99%

Section: Issues In the Choice Of Antibody/antigen Representationmentioning

confidence: 99%

Revisiting the Foundations of Artificial Immune Systems: A Problem-Oriented Perspective

Freitas

Timmis

2003

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Neural network one-class classification helps to reveal anomalies among typical patterns. This approach leads us to online analysis of multidimensional data [9][10][11] and it's known to be used not only for network anomaly detection [12]. It postulates that anomaly is just a novelty.…”

Section: Introductionmentioning

confidence: 99%

Investigation of neural network algorithm for detection of network host anomalies in the automated search for XSS vulnerabilities and SQL injections

Shabalin¹,

Елисеев²

2016

Naučno-teh. vestn. inf. tehnol. meh. opt.

View full text Add to dashboard Cite

Mechanics and Optics, 2016, vol. 16, no. 2, pp. 318-323, doi: 10.17586/2226-1494-2016 Abstract A problem of aberrant behavior detection for network communicating computer is discussed. A novel approach based on dynamic response of computer is introduced. The computer is suggested as a multiple-input multipleoutput (MIMO) plant. To characterize dynamic response of the computer on incoming requests a correlation between input data rate and observed output response (outgoing data rate and performance metrics) is used. To distinguish normal and aberrant behavior of the computer one-class neural network classifier is used. General idea of the algorithm is shortly described. Configuration of network testbed for experiments with real attacks and their detection is presented (the automated search for XSS and SQL injections). Real found-XSS and SQL injection attack software was used to model the intrusion scenario. It would be expectable that aberrant behavior of the server will reveal itself by some instantaneous correlation response which will be significantly different from any of normal ones. It is evident that correlation picture of attacks from different malware running, the site homepage overriding on the server (so called defacing), hardware and software failures will differ from correlation picture of normal functioning. Intrusion detection algorithm is investigated to estimate false positive and false negative rates in relation to algorithm parameters. The importance of correlation width value and threshold value selection was emphasized. False positive rate was estimated along the time series of experimental data. Some ideas about enhancement of the algorithm quality and robustness were mentioned. Аннотация Рассматривается проблема выявления аномального поведения у компьютера, участвующего в обмене данными по сети. Предлагается подход, основанный на анализе динамического отклика компьютера, рассматриваемого как мно-госвязный объект. В качестве характеристики динамического отклика используется корреляция входных возму-щающих сетевых воздействий и выходных наблюдаемых величин, включающих исходящий сетевой трафик и по-требление вычислительных ресурсов компьютера. Для распознавания нормального и аномального поведения ис-пользуется одноклассовый нейросетевой классификатор. В статье представлено краткое описание алгоритма. Пред-ставлена схема стенда для проведения экспериментов с реальными атаками на стенд (автоматизированный поиск XSS и внедрение операторов SQL). Очевидно, что корреляционная картина атак от различного вредоносного про-граммного обеспечения, подмены страниц, программных и аппаратных сбоев будет отличаться от нормальной. В заключении алгоритм обнаружения вторжений (аномалий) исследован, сделаны выводы о зависимости ошибок пер-вого и второго рода от параметров алгоритма. Подчеркнута важность значений ширины окна корреляции и выбора порогового значения. Предложены несколько идей о дальнейшем улучшении алгоритма. Ключевые слова определение аномалий, обнаружение вторжений, нейронная сеть, одноклассовый...

show abstract

“…This emerging field of research is known as Artificial Immune System (AIS) [11]. Based on the different immune theories, various algorithms such as Danger Theory (DT) models [2], [3], Negative Selection Algorithms [5], [17], Immune Network Theory-based model [15], Clonal Selection Algorithms (CSA) [12], [18] are proposed and also applied on patter recognition [9],intrusion detection [10], [21], optimization problems [1], [14] and so on.…”

Section: Introductionmentioning

confidence: 99%

Quantum Interference Crossover-Based Clonal Selection Algorithm and Its Application to Traveling Salesman Problem

Dai

et al. 2009

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYClonal Selection Algorithm (CSA), based on the clonal selection theory proposed by Burnet, has gained much attention and wide applications during the last decade. However, the proliferation process in the case of immune cells is asexual. That is, there is no information exchange during different immune cells. As a result the traditional CSA is often not satisfactory and is easy to be trapped in local optima so as to be premature convergence. To solve such a problem, inspired by the quantum interference mechanics, an improved quantum crossover operator is introduced and embedded in the traditional CSA. Simulation results based on the traveling salesman problems (TSP) have demonstrated the effectiveness of the quantum crossover-based Clonal Selection Algorithm. key words: clonal selection algorithm, quantum interference crossover, traveling salesman problem, hybrid model

show abstract

Anomaly detection in multidimensional data using negative selection algorithm

Cited by 73 publications

References 3 publications

Revisiting the Foundations of Artificial Immune Systems: A Problem-Oriented Perspective

Revisiting the Foundations of Artificial Immune Systems: A Problem-Oriented Perspective

Investigation of neural network algorithm for detection of network host anomalies in the automated search for XSS vulnerabilities and SQL injections

Quantum Interference Crossover-Based Clonal Selection Algorithm and Its Application to Traveling Salesman Problem

Contact Info

Product

Resources

About