Skip to main content

Research Repository

See what's under the surface

Advanced Search

Detecting anomalous process behaviour using second generation Artificial Immune Systems

Twycross, Jamie; Aickelin, Uwe; Whitbrook, Amanda

Authors

Jamie Twycross

Uwe Aickelin

Amanda Whitbrook



Abstract

Artificial Immune Systems have been successfully applied to a number of problem domains including fault tolerance and data mining, but have been shown to scale poorly when applied to computer intrusion detection despite the fact that the biological immune system is a very effective anomaly detector. This may be because AIS algorithms have previously been based on the adaptive immune system and biologically-naive models. This paper focuses on describing and testing a more complex and biologically-authentic AIS model, inspired by the interactions between the innate and adaptive immune systems. Its performance on a realistic process anomaly detection problem is shown to be better than standard AIS methods (negative-selection), policy-based anomaly detection methods (systrace), and an alternative innate AIS approach (the DCA). In addition, it is shown that runtime information can be used in combination with system call information to enhance detection capability.

Journal Article Type Article
Publication Date Jan 1, 2010
Journal International Journal of Unconventional Computing
Print ISSN 1548-7199
Electronic ISSN 1548-7202
Publisher Old City Publishing
Peer Reviewed Peer Reviewed
Volume 6
Issue 3-4
APA6 Citation Twycross, J., Aickelin, U., & Whitbrook, A. (2010). Detecting anomalous process behaviour using second generation Artificial Immune Systems. International Journal of Unconventional Computing, 6(3-4),
Keywords Second Generation Artificial Immune Systems, Innate Immunity, Process Anomaly Detection, Intrusion Detection Systems
Publisher URL http://www.oldcitypublishing.com/pdf/693
Copyright Statement Copyright information regarding this work can be found at the following address: http://eprints.nottingh.../end_user_agreement.pdf

Files

twycross2010a.pdf (215 Kb)
PDF

Copyright Statement
Copyright information regarding this work can be found at the following address: http://eprints.nottingham.ac.uk/end_user_agreement.pdf





You might also like



Downloadable Citations

;