Biologically Motivated Approaches for Complex Problem Solving - Proceedings of All India Seminar on Biomedical Engineering 2012 (AISOBE-2012)

Biomedical Engineering Reference

In-Depth Information

model for their application. The basic consideration is whether negative selection

is important. If so, then these points may be relevant:

• The self-/non-self boundary is blurred since self- and non-self antigens often

share common regions.

• Self changes over time. Therefore, one can expect problems with memory cells,

which later turn out to be inaccurate or even auto reactive.

• Negative selection is bound to be imperfect, and therefore auto reactions (false

positives) are inevitable.

If these points are sufficient to make a practitioner consider incorporating the

Danger Theory into their model, then the following considerations may be

instructive:

1. A danger model requires an antigen-presenting cell, which can present an

appropriate danger signal.

2. 'Danger' is an emotive term. The signal may have nothing to do with danger.

3. The appropriate danger signal can be positive (presence of signal) or negative

(absence).

4. The danger zone in biology is spatial. In AIS applications, some other measure

of proximity (for instance temporal) may be used.

5. If there is an analogue of an immune response, it should not lead to further

danger signals. In biology, killer cells cause a normal cell death, not danger.

6. Matzinger proposes priming killer cells via antigen presenting cells for greater

effect.

Depending on the immune system used (it only makes sense for spatially dis-

tributed models) this proposal may be relevant.

The Danger Theory and Anomaly Detection

In anomaly detection we watch not for a known intrusion—a signal—but rather for

abnormalities in the traffic; we assume that something abnormal is probably sus-

picious. The construction of such a detector starts by forming an opinion on what

constitutes normal for the observed subject (which can be a computer system, a

particular user etc.), and then deciding on what percentage of the activity to flag as

abnormal and how to make this particular decision (Fig. 2 ). This detection prin-

ciple flags behavior that is unlikely to originate from the normal process, without

needing actual intrusion scenarios [12].

In this section we will present indicative examples of such artificial systems,

explain their current shortcomings, and show how the Danger Theory might help

overcome some of these.

One of the first such approaches is presented by Forrest et al. [13] and extended

by Hofmeyr and Forrest [15]. This work is concerned with building an AIS that is

able to detect non-self in the area of network security where non-self is defined as

Search WWH ::

Custom Search

Home