A Novel Approach for Intrusion Detection System Using Artificial Immune System - Proceedings of All India Seminar on Biomedical Engineering 2012 (AISOBE-2012)

Biomedical Engineering Reference

In-Depth Information

Begin

Repeat

• Randomly generate potential detectors and place them in a set P

• Determine the affinity of each member of P with each member of the self-set

S seen

• If at least one element in S recognizes a detector in P according to a recognition

threshold,

• then the detector is rejected, otherwise it is added to the set of available

detectors D

• until Stopping criteria has been met

end

The negative selection algorithm was designed for change detection, novelty

detection, intrusion detection, similar pattern recognition, and two-class classifi-

cation problem domains. The algorithm can be configured to balance between

detector convergence (quality of the matches) and the space complexity (number

of detectors). The lack of dependence between detectors means that detector

preparation and application is inherently parallel and suited for a distributed and

parallel implementation, respectively.

Evaluation Measures

To evaluate the system performance, the following measures (based on [ 26 ]) were

used.

True Positive Rate (TP) (also known as detection rate or completeness): the

percentage of terrorist pages receiving a rating above the threshold in the exper-

iments, terrorist pages will be obtained from the users simulating terrorists.

False Positive Rate (FP): the percentage of regular Internet access pages that

the system incorrectly determined as related to terrorist activities, i.e., the per-

centage of nonterrorist pages receiving a rating above threshold and suspected

falsely as terrorists.

Conclusion

This chapter has described the use of negative selection algorithm with niching for

network intrusion detection. After an existing negative selection algorithm was

analyzed, this chapter proposed a modified negative selection algorithm with

niching and the anticipated advantages of this modified approach for network

intrusion detection were discussed. Based on these studies, real network packet

data used for this work were introduced. Finally, this chapter outlined a number of

Search WWH ::

Custom Search

Home