Information Technology Reference
In-Depth Information
Articulation and Clarification of the Dendritic
Cell Algorithm
Julie Greensmith, Uwe Aickelin, and Jamie Twycross
CS&IT, University of Nottingham, UK, NG8 1BB
{
jqg, uxa, jpt
}
@cs.nott.ac.uk
Abstract.
The Dendritic Cell algorithm (DCA) is inspired by recent
work in innate immunity. In this paper a formal description of the DCA
is given. The DCA is described in detail, and its use as an anomaly de-
tector is illustrated within the context of computer security. A port scan
detection task is performed to substantiate the influence of signal selec-
tion on the behaviour of the algorithm. Experimental results provide a
comparison of differing input signal mappings.
Keywords:
dendritic cells, artificial immune systems, anomaly detection.
1
Introduction
Artificial immune systems (AIS) are a collection of algorithms developed from
models or abstractions of the function of the cells of the human immune system.
The first, and arguably the most obvious, application for AIS is in the protection
of computers and networks, through virus and intrusion detection[2]. In this
paper we present an AIS approach to intrusion detection based on the Danger
Theory, through the development of an algorithm based on the behaviour of
Dendritic Cells
(DCs). DCs have the power to suppress or activate the immune
system through the correlation of signals from an environment, combined with
location markers in the form of antigen. A DCs function is to instruct the immune
system to act when the body is under attack, policing the tissue for potential
sources of damage. DCs are natural anomaly detectors, the sentinel cells of the
immune system, and therefore the development of a DC based algorithm was
only a matter of time. The Dendritic Cell Algorithm (DCA) was introduced in
2005 and has demonstrated potential as a classifier for a static machine learning
data set[4] and anomaly detector for real-time port scan detection[5]. The DCA
differs from other AIS algorithm for the following reasons:
-
multiple signals are combined and are a representation of environment or
context information
-
signals are combined with antigen in a temporal and distributed manner
-
pattern matching is not used to perform detection, unlike negative
selection[6]
-
cells of the innate immune system are used as inspiration, not the adaptive
immune cells and unlike clonal selection, no dynamic learning is attempted
