JAMIE TWYCROSS JAMIE.TWYCROSS@NOTTINGHAM.AC.UK
Associate Professor
Detecting anomalous process behaviour using second generation Artificial Immune Systems
Twycross, Jamie; Aickelin, Uwe; Whitbrook, Amanda
Authors
Uwe Aickelin
Amanda Whitbrook
Abstract
Artificial Immune Systems have been successfully applied to a number of problem domains including fault tolerance and data mining, but have been shown to scale poorly when applied to computer intrusion detection despite the fact that the biological immune system is a very effective anomaly detector. This may be because AIS algorithms have previously been based on the adaptive immune system and biologically-naive models. This paper focuses on describing and testing a more complex and biologically-authentic AIS model, inspired by the interactions between the innate and adaptive immune systems. Its performance on a realistic process anomaly detection problem is shown to be better than standard AIS methods (negative-selection), policy-based anomaly detection methods (systrace), and an alternative innate AIS approach (the DCA). In addition, it is shown that runtime information can be used in combination with system call information to enhance detection capability.
Citation
Twycross, J., Aickelin, U., & Whitbrook, A. (2010). Detecting anomalous process behaviour using second generation Artificial Immune Systems. International Journal of Unconventional Computing, 6(3-4),
Journal Article Type | Article |
---|---|
Acceptance Date | Feb 10, 2010 |
Publication Date | Jan 1, 2010 |
Deposit Date | Jun 16, 2016 |
Publicly Available Date | Jun 16, 2016 |
Journal | International Journal of Unconventional Computing |
Print ISSN | 1548-7199 |
Electronic ISSN | 1548-7202 |
Publisher | Old City Publishing |
Peer Reviewed | Peer Reviewed |
Volume | 6 |
Issue | 3-4 |
Keywords | Second Generation Artificial Immune Systems, Innate Immunity, Process Anomaly Detection, Intrusion Detection Systems |
Public URL | https://nottingham-repository.worktribe.com/output/1013383 |
Publisher URL | http://www.oldcitypublishing.com/pdf/693 |
Contract Date | Jun 16, 2016 |
Files
twycross2010a.pdf
(215 Kb)
PDF
You might also like
Infobiotics workbench: a P systems based tool for systems and synthetic biology
(2013)
Book Chapter
A new accuracy measure based on bounded relative error for time series forecasting
(2017)
Journal Article
Information fusion in the immune system
(-0001)
Journal Article
An Immune Inspired Approach to Anomaly Detection
(2008)
Book Chapter
Biological Inspiration for Artificial Immune Systems
(-0001)
Presentation / Conference Contribution
Downloadable Citations
About Repository@Nottingham
Administrator e-mail: discovery-access-systems@nottingham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search