Biomedical Engineering Reference
In-Depth Information
Artificial Immune Systems
The HIS protects the body against damage from an extremely large number of
harmful bacteria, viruses, parasites, and fungi, termed pathogens. It does this
largely without prior knowledge of the structure of these pathogens. This property,
along with the distributed, self-organized, and lightweight nature of the mecha-
nisms by which it achieves this protection [
11
], has in recent years made it the
focus of increased interest within the computer science and intrusion detection
communities. Seen from such a perspective, the HIS can be viewed as a form of
anomaly detector with very low false positive and false negative rates.
An increasing amount of work is being carried out attempting to understand and
extract the key mechanisms through which the HIS is able to achieve its detection
and protection capabilities. A number of AIS have been built for a wide range of
applications including document classification, fraud detection, and network- and
host-based intrusion detection [
16
]. These AIS have met with some success and in
many cases have rivaled or bettered existing statistical and ML techniques. Two
important mechanisms dominate AIS research: network-based models and negative
selection models, although this distinction is somewhat artificial as many hybrid
models also exist. The first of these mechanisms refers to systems which are largely
based on Jerne's idiotypic network theory [
17
,
18
] which recognizes that interac-
tions occur between antibodies and antibodies as well as between antibodies and
antigens. Negative selection models use the process of non-self matching selection,
as seen with T-lymphocytes in the thymus as a method of generating a population
of detectors. This latter approach (along with other newer algorithms) has been, by
far, the most popular when building IDS, as can be seen from the work.
Problem Identification in IDS
Clustering Used in IDS
Clustering is an unsupervised learning technique which aims to find structure in a
collection of unlabeled data. It is being used in many fields such as data mining,
IDS [
17
,
19
]. Traditional methods of network intrusion detection [
17
,
18
,
20
] are
based on the saved patterns of known attacks. They detect intrusion by comparing
the network connection features to the attack pattern that are provided by human
experts. The main drawback of traditional methods is that they cannot detect
unknown intrusion. Even if a new pattern of the attacks was discovered, this new
pattern would have to be manually updated into system. It is also capable of
identifying new attacks to some degree of resemblance to the learned ones, the
neural networks are widely considered as an efficient approach to adaptively
classify patterns (Boger) [
21
], but their high computation intensity and the long
training cycles greatly hinder their applications, especially for the intrusion
detection problem, where the amount of related data is very important.
Search WWH ::
Custom Search