Table of Contents Author Guidelines Submit a Manuscript
The Scientific World Journal
Volume 2014, Article ID 156790, 11 pages
http://dx.doi.org/10.1155/2014/156790
Review Article

A Survey of Artificial Immune System Based Intrusion Detection

1College of Computer Science, Sichuan University, Chengdu 610064, China
2Computer School, China West Normal University, Nanchong 637002, China

Received 28 November 2013; Accepted 30 December 2013; Published 23 March 2014

Academic Editors: K. K. Mishra and A. K. Misra

Copyright © 2014 Hua Yang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. J. P. Anderson, Computer Security Technology Planning Study, vol. 2, James P. Anderson Company, Fort Washington, Pa, USA, 1972.
  2. J. P. Anderson, “Computer security threat monitoring and surveillance,” Tech. Rep., James P. Anderson Company, Fort Washington, Pa, USA, 1980. View at Google Scholar
  3. D. E. Denning, “An intrusion-detection model,” IEEE Transactions on Software Engineering, vol. 13, no. 2, pp. 222–232, 1987. View at Google Scholar · View at Scopus
  4. L. T. Heberlein, G. V. Dias, K. N. Levitt, B. Mukherjee, J. Wood, and D. D. Wolber, “A network security monitor,” in Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 296–304, Oakland, Calif, USA, May 1990. View at Scopus
  5. S. Forrest, S. A. Hofmeyr, and A. Somayaji, “Computer Immunology,” Communications of the ACM, vol. 40, no. 10, pp. 88–96, 1997. View at Google Scholar · View at Scopus
  6. C. A. Janeway, P. Travers, M. Walport, and M. Shlomchik, Immunobiology: The Immune System in Health and Disease, Garland Science, New York, NY, USA, 2005.
  7. S. X. Wu and W. Banzhaf, “The use of computational intelligence in intrusion detection systems: a review,” Applied Soft Computing Journal, vol. 10, no. 1, pp. 1–35, 2010. View at Publisher · View at Google Scholar · View at Scopus
  8. M. F. A. Gadi, X. Wang, and A. P. do Lago, “Credit card fraud detection with artificial immune system,” in Artificial Immune Systems, vol. 5132 of Lecture Notes in Computer Science, pp. 119–131, Springer, Berlin, Germany, 2008. View at Publisher · View at Google Scholar
  9. L. N. de Castro and F. J. von Zuben, “Learning and optimization using the clonal selection principle,” IEEE Transactions on Evolutionary Computation, vol. 6, no. 3, pp. 239–251, 2002. View at Publisher · View at Google Scholar · View at Scopus
  10. A. Watkins, J. Timmis, and L. Boggess, “Artificial immune recognition system (AIRS): an immune-inspired supervised learning algorithm,” Genetic Programming and Evolvable Machines, vol. 5, no. 3, pp. 291–317, 2004. View at Publisher · View at Google Scholar · View at Scopus
  11. J. Timmis, A. Tyrrell, M. Mokhtar, A. Ismail, N. Owens, and R. Bi, “An artificial immune system for robot organisms,” in Symbiotic Multi-Robot Organisms: Reliability, Adaptability, Evolution, pp. 268–288, Springer, Berlin, Germany, 2010. View at Google Scholar
  12. L. N. de Castro and J. Timmis, Artificial Immune Systems: A New Computational Intelligence Approach, Springer, Berlin, Germany, 2002.
  13. J. D. Farmer, N. H. Packard, and A. S. Perelson, “The immune system, adaptation, and machine learning,” Physica D: Nonlinear Phenomena, vol. 22, no. 1–3, pp. 187–204, 1986. View at Google Scholar · View at Scopus
  14. S. Forrest, L. Allen, A. S. Perelson, and R. Cherukuri, “Self-nonself discrimination in a computer,” in Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 202–212, Oakland, Calif, USA, May 1994. View at Scopus
  15. J. O. Kephart, “A biologically inspired immune system for computers,” in Artificial Life IV: Proceedings of the Fourth International Workshop on the Synthesis and Simulation of Living Systems, pp. 130–139, MIT Press, Cambridge, Mass, USA, 1994. View at Google Scholar
  16. L. N. de Castro and F. J. von Zuben, “The clonal selection algorithm with engineering applications,” in Proceedings of Genetic and Evolutionary Computation Conference (GECCO '00), pp. 36–39, Las Vegas, Nev, USA, July 2000.
  17. U. Aickelin, P. Bentley, S. Cayzer, J. Kim, and J. McLeod, “Danger theory: the link between AIS and IDS?” in Artificial Immune Systems, vol. 2787 of Lecture Notes in Computer Science, pp. 147–155, Springer, Berlin, Germany, 2003. View at Google Scholar
  18. U. Aickelin, J. Greensmith, and J. Twycross, “Immune system approaches to intrusion detection-a review,” in Artificial Immune Systems, vol. 3239 of Lecture Notes in Computer Science, pp. 316–329, Springer, Berlin, Germany, 2004. View at Google Scholar
  19. J. Kim, P. J. Bentley, U. Aickelin, J. Greensmith, G. Tedesco, and J. Twycross, “Immune system approaches to intrusion detection—a review,” Natural Computing, vol. 6, no. 4, pp. 413–466, 2007. View at Publisher · View at Google Scholar · View at Scopus
  20. S. A. Hofmeyr and S. Forrest, An Immunological Model of Distributed Detection and Its Application to Computer Security, The University of New Mexico, Albuquerque, NM, USA, 1999.
  21. J. Kim and P. J. Bentley, “Towards an artificial immune system for network intrusion detection: an investigation of clonal selection with a negative selection operator,” in Proceedings of the Congress on Evolutionary Computation (CEC '01), pp. 1244–1252, Seoul, Korea, May 2001. View at Scopus
  22. L. Peng, W. Chen, D. Xie, Y. Gao, and C. Liang, “Dynamically real-time anomaly detection algorithm with immune negative selection,” Applied Mathematics & Information Sciences, vol. 7, no. 3, pp. 1157–1163, 2013. View at Google Scholar
  23. P. K. Harmer, P. D. Williams, G. H. Gunsch, and G. B. Lamont, “An artificial immune system architecture for computer security applications,” IEEE Transactions on Evolutionary Computation, vol. 6, no. 3, pp. 252–280, 2002. View at Publisher · View at Google Scholar · View at Scopus
  24. J. Kim and P. J. Bentley, “Towards an artificial immune system for network intrusion detection: an investigation of clonal selection,” in Proceedings of the Congress on Evolutionary Computation (CEC '02), vol. 2, pp. 1015–1020, Honolulu, Hawaii, USA, May 2002. View at Scopus
  25. T. S. Sobh and W. M. Mostafa, “A cooperative immunological approach for detecting network anomaly,” Applied Soft Computing Journal, vol. 11, no. 1, pp. 1275–1283, 2011. View at Publisher · View at Google Scholar · View at Scopus
  26. D. Dasgupta and N. S. Majumdar, “Anomaly detection in multidimensional data using negative selection algorithm,” in Proceedings of the Congress on Evolutionary Computation (CEC '02), vol. 2, pp. 1039–1044, Honolulu, Hawaii, USA, May 2002. View at Publisher · View at Google Scholar
  27. J. Balthrop, F. Esponda, S. Forrest, and M. Glickman, “Coverage and generalization in an artificial immune system,” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO '02), pp. 3–10, July 2002.
  28. S. Forrest and S. Hofmeyr, “Immunity by design: an artificial immune system,” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO '99), pp. 1289–1296, Morgan-Kaufmann, San Francisco, Calif, USA, 1999.
  29. P. K. Harmer, “A distributed agent architecture for a computer virus immune system,” DTIC Document, 2000. View at Google Scholar
  30. F. González, D. Dasgupta, and J. Gómez, “The effect of binary matching rules in negative selection,” in Genetic and Evolutionary Computation-GECCO 2003, vol. 2723 of Lecture Notes in Computer Science, pp. 195–206, Springer, Berlin, Germany, 2003. View at Publisher · View at Google Scholar
  31. F. Gonzalez, D. Dasgupta, and R. Kozma, “Combining negative selection and classification techniques for anomaly detection,” in Proceedings of the Congress on Evolutionary Computation (CEC '02), vol. 1, pp. 705–710, Honolulu, Hawaii, USA, May 2002. View at Publisher · View at Google Scholar
  32. J. Kim and P. J. Bentley, “An evaluation of negative selection in an artificial immune system for network intrusion detection,” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO '01), pp. 1330–1337, 2001.
  33. Z. Ji, “A boundary-aware negative selection algorithm,” in Proceedings of the 9th IASTED International Conference on Artificial Intelligence and Soft Computing (ASC '05), Acta Press, Benidorm, Spain, 2005.
  34. D. Wang, F. Zhang, and L. Xi, “Evolving boundary detector for anomaly detection,” Expert Systems with Applications, vol. 38, no. 3, pp. 2412–2420, 2011. View at Publisher · View at Google Scholar · View at Scopus
  35. Z. Ji and D. Dasgupta, “Real-valued negative selection algorithm with variable-sized detectors,” in Genetic and Evolutionary Computation-GECCO 2004, vol. 3102 of Lecture Notes in Computer Science, pp. 287–298, Springer, Berlin, Germany, 2004. View at Publisher · View at Google Scholar
  36. M. Ostaszewski, F. Seredynski, and P. Bouvry, “Coevolutionary-based mechanisms for network anomaly detection,” Journal of Mathematical Modelling and Algorithms, vol. 6, no. 3, pp. 411–431, 2007. View at Publisher · View at Google Scholar · View at Scopus
  37. J. Zeng, T. Li, X. Liu, C. Liu, L. Peng, and F. Sun, “A feedback negative selection algorithm to anomaly detection,” in Proceedings of the 3rd International Conference on Natural Computation (ICNC '07), pp. 604–608, Haikou, China, August 2007. View at Publisher · View at Google Scholar · View at Scopus
  38. D. Dasgupta and F. González, “An immunity-based technique to characterize intrusions in computer networks,” IEEE Transactions on Evolutionary Computation, vol. 6, no. 3, pp. 281–291, 2002. View at Publisher · View at Google Scholar · View at Scopus
  39. F. A. Gonzalez and D. Dasgupta, “An imunogenetic technique to detect anomalies in network traffic,” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO '02), pp. 1081–1088, Morgan Kaufmann, 2002.
  40. J. M. Shapiro, G. B. Lament, and G. L. Peterson, “An evolutionary algorithm to generate hyper-ellipsoid detectors for negative selection,” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO '05), pp. 337–344, Atlanta, Ga, USA, June 2005. View at Scopus
  41. S. Balachandran, D. Dasgupta, F. Nino, and D. Garrett, “A framework for evolving multi-shaped detectors in negative selection,” in Proceedings of the IEEE Symposium on Foundations of Computational Intelligence (FOCI '07), pp. 401–408, Honolulu, Hawaii, USA, April 2007. View at Publisher · View at Google Scholar · View at Scopus
  42. Z. Ji and D. Dasgupta, “Revisiting negative selection algorithms,” Evolutionary Computation, vol. 15, no. 2, pp. 223–251, 2007. View at Publisher · View at Google Scholar · View at Scopus
  43. A. A. Freitas and J. Timmis, “Revisiting the foundations of artificial immune systems: a problem-oriented perspective,” in Artificial Immune Systems, vol. 2787 of Lecture Notes in Computer Science, pp. 229–241, Springer, Berlin, Germany, 2003. View at Google Scholar
  44. X. Hang and H. Dai, “An extended negative selection algorithm for anomaly detection,” in Advances in Knowledge Discovery and Data Mining, vol. 3056 of Lecture Notes in Computer Science, pp. 245–254, Springer, Berlin, Germany, 2004. View at Publisher · View at Google Scholar
  45. V. D. Kotov and V. I. Vasilyev, “Immune model based approach for network intrusion detection,” in Proceedings of the 3rd International Conference on Security of Information and Networks (SIN '10), pp. 233–237, Taganrog, Russia, September 2010. View at Publisher · View at Google Scholar · View at Scopus
  46. T. Stibor, P. Mohr, and J. Timmis, “Is negative selection appropriate for anomaly detection?” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO '05), pp. 321–328, Washington, DC, USA, June 2005. View at Publisher · View at Google Scholar · View at Scopus
  47. P. D'haeseleer, S. Forrest, and P. Helman, “Immunological approach to change detection: algorithms, analysis and implications,” in Proceedings of the 17th IEEE Symposium on Security and Privacy, pp. 110–119, May 1996. View at Scopus
  48. M. Ayara, J. Timmis, R. de Lemos, L. N. de Castro, and R. Duncan, “Negative selection: how to generate detectors,” in Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS '02), pp. 89–98, 2002.
  49. S. F. M. Burnet, The Clonal Selection Theory of Acquired Immunity, vol. 3, Vanderbilt University Press, Nashville, Tenn, USA, 1959.
  50. L. N. de Castro and F. J. Von Zuben, “Artificial immune systems: part I-basic theory and applications,” Tech. Rep., Universidade Estadual de Campinas, Campinas, Brazil, 1999. View at Google Scholar
  51. S. M. Garrett, “Parameter-free, adaptive clonal selection,” in Proceedings of the Congress on Evolutionary Computation (CEC '04), pp. 1052–1058, June 2004. View at Scopus
  52. S. M. Garrett, “How do we evaluate artificial immune systems?” Evolutionary Computation, vol. 13, no. 2, pp. 145–177, 2005. View at Publisher · View at Google Scholar · View at Scopus
  53. F. Liu, B. Qu, and R. Chen, “Intrusion detection based on immune clonal selection algorithms,” in AI 2004: Advances in Artificial Intelligence, vol. 3339 of Lecture Notes in Computer Science, pp. 1226–1232, Springer, Berlin, Germany, 2004. View at Publisher · View at Google Scholar
  54. W. Tang, X.-M. Yang, X. Xie, L.-M. Peng, C.-H. Youn, and Y. Cao, “Avidity-model based clonal selection algorithm for network intrusion detection,” in Proceedings of the IEEE 18th International Workshop on Quality of Service (IWQoS '10), pp. 1–5, Beijing, China, June 2010. View at Publisher · View at Google Scholar · View at Scopus
  55. D. Dasgupta, S. Yu, and F. Nino, “Recent advances in artificial immune systems: models and applications,” Applied Soft Computing Journal, vol. 11, no. 2, pp. 1574–1587, 2011. View at Publisher · View at Google Scholar · View at Scopus
  56. L. Nunes de Casto and F. J. Von Zuben, “An evolutionary immune network for data clustering,” in Proceedings of the 6th Brazilian Symposium on Neural Networks, pp. 84–89, Rio de Janeiro, Barzil, 2000. View at Publisher · View at Google Scholar
  57. J. C. Galeano, A. Veloza-Suan, and F. A. González, “A comparative analysis of artificial immune network models,” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO '05), pp. 361–368, Washington, DC, USA, June 2005. View at Publisher · View at Google Scholar · View at Scopus
  58. J. Gómez, F. González, and D. Dasgupta, “An immuno-fuzzy approach to anomaly detection,” in Proceedings of the 12th IEEE International Conference on Fuzzy Systems (FUZZ '03), pp. 1219–1224, Baton Rouge, La, USA, May 2003. View at Scopus
  59. D. Dasgupta, S. Yu, and N. S. Majumdar, “MILA-multilevel immune learning algorithm and its application to anomaly detection,” Soft Computing, vol. 9, no. 3, pp. 172–184, 2005. View at Publisher · View at Google Scholar · View at Scopus
  60. S. T. Powers and J. He, “A hybrid artificial immune system and Self Organising Map for network intrusion detection,” Information Sciences, vol. 178, no. 15, pp. 3024–3042, 2008. View at Publisher · View at Google Scholar · View at Scopus
  61. P. Matzinger, “Tolerance, danger, and the extended family,” Annual Review of Immunology, vol. 12, pp. 991–1045, 1994. View at Publisher · View at Google Scholar · View at Scopus
  62. P. Matzinger, “Essay 1: the danger model in its historical context,” Scandinavian Journal of Immunology, vol. 54, no. 1-2, pp. 4–9, 2001. View at Publisher · View at Google Scholar · View at Scopus
  63. U. Aickelin and S. Cayzer, “The danger theory and its application to artificial immune systems,” in Proceedings of the 1st Internat Conference on ARtif icial Immune Systems (ICARIS '02), pp. 141–148, Canterbury, UK, 2002.
  64. J. Greensmith and U. Aickelin, “Dendritic cells for real-time anomaly detection,” in Proceedings of the Workshop on Artificial Immune Systems and Immune System Modelling (AISB '06), pp. 7–8, Bristol, UK, April 2006. View at Scopus
  65. J. Greensmith and U. Aickelin, “Dendritic cells for SYN scan detection,” in Proceedings of the 9th Annual Genetic and Evolutionary Computation Conference (GECCO '07), pp. 49–56, London, UK, July 2007. View at Publisher · View at Google Scholar · View at Scopus
  66. J. Twycross and U. Aickelin, “An immune inspired approach to anomaly detection,” in Handbook of Research on Information Assurance and Security, charpter 10, pp. 109–121, Information Science Reference, New York, NY, USA, 2007. View at Google Scholar
  67. J. P. Twycross and U. Aickelin, Integrated innate and adaptive artificial immune systems applied to process anomaly detection [Ph.D. thesis], University of Nottingham, Nottingham, UK, 2007.
  68. F. A. González and D. Dasgupta, “Anomaly detection using real-valued negative selection,” Genetic Programming and Evolvable Machines, vol. 4, no. 4, pp. 383–403, 2003. View at Publisher · View at Google Scholar · View at Scopus
  69. J. Kim and P. J. Bentley, “Immune memory in the dynamic clonal selection algorithm,” in Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS '02), pp. 59–67, 2002.
  70. G. Y. Li and T. Guo, “Receptor editing-inspired real negative selection algorithm,” Computer Science, vol. 39, pp. 246–251, 2012. View at Google Scholar
  71. R. Hightower, S. Forrest, and A. S. Perelson, “The evolution of secondary organization in immune system gene libraries,” in Proceedings of the 2nd European Conference on Artificial Life, pp. 458–470, Brussels, Belgium, 1994.
  72. A. S. Perelson, R. Hightower, and S. Forrest, “Evolution and somatic learning in V-region genes,” Research in Immunology, vol. 147, no. 4, pp. 202–208, 1996. View at Publisher · View at Google Scholar · View at Scopus
  73. M. Oprea and S. Forrest, “How the immune system generates diversity: Pathogen space coverage with random and evolved antibody libraries,” Tech. Rep. 99-02-014, 1999. View at Google Scholar
  74. J. Kim and P. Bentley, “The artificial immune model for network intrusion detection,” in Proceedings of the 7th European Conference on Intelligent Techniques and Soft Computing (EUFIT '99), Aachen, Germany, 1999.
  75. J. Kim and P. J. Bentley, “A model of gene library evolution in the dynamic clonal selection algorithm,” in Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS '02), Canterbury, UK, 2002.
  76. J. Zeng, X. Liu, T. Li, G. Li, H. Li, and J. Zeng, “A novel intrusion detection approach learned from the change of antibody concentration in biological immune response,” Applied Intelligence, vol. 35, no. 1, pp. 41–62, 2011. View at Publisher · View at Google Scholar · View at Scopus
  77. S. Cayzer, J. Smith, J. A. R. Marshall, and T. Kovacs, “What have gene libraries done for AIS?” in Artificial Immune Systems, vol. 3627 of Lecture Notes in Computer Science, pp. 86–99, Springer, Berlin, Germany, 2005. View at Publisher · View at Google Scholar
  78. C. A. Laurentys, G. Ronacher, R. M. Palhares, and W. M. Caminhas, “Design of an artificial immune system for fault detection: a negative selection approach,” Expert Systems with Applications, vol. 37, no. 7, pp. 5507–5513, 2010. View at Publisher · View at Google Scholar · View at Scopus
  79. T. Li, “An immune based dynamic intrusion detection model,” Chinese Science Bulletin, vol. 50, no. 22, pp. 2650–2657, 2005. View at Publisher · View at Google Scholar · View at Scopus
  80. J. Yang, X. Liu, T. Li, G. Liang, and S. Liu, “Distributed agents model for intrusion detection based on AIS,” Knowledge-Based Systems, vol. 22, no. 2, pp. 115–119, 2009. View at Publisher · View at Google Scholar · View at Scopus
  81. J. Greensmith, U. Aickelin, and S. Cayzer, “Introducing dendritic cells as a novel immune-inspired algorithm for anomaly detection,” in Artificial Immune Systems, vol. 3627 of Lecture Notes in Computer Science, pp. 153–167, Springer, Berlin, Germany, 2005. View at Publisher · View at Google Scholar
  82. J. Kim, P. Bentley, C. Wallenta, M. Ahmed, and S. Hailes, “Danger is ubiquitous: detecting malicious activities in sensor networks using the dendritic cell algorithm,” in Artificial Immune Systems, vol. 3627 of Lecture Notes in Computer Science, pp. 153–167, Springer, Berlin, Germany, 2005. View at Google Scholar
  83. Z. Grossman and A. Singer, “Tuning of activation thresholds explains flexibility in the selection and development of T cells in the thymus,” Proceedings of the National Academy of Sciences of the United States of America, vol. 93, no. 25, pp. 14747–14752, 1996. View at Publisher · View at Google Scholar · View at Scopus
  84. M. Antunes and M. Correia, “TAT-NIDS: an immune-based anomaly detection architecture for network intrusion detection,” in Proceedings of the 2nd International Workshop on Practical Applications of Computational Biology and Bioinformatics (IWPACBB '08), pp. 60–67, Salamanca, Spain, 2009.
  85. P. S. Andrews and J. Timmis, “Tunable detectors for artificial immune systems: from model to algorithm,” in Bioinformatics for Immunomics, vol. 3, pp. 103–127, Springer, New York, NY, USA, 2010. View at Publisher · View at Google Scholar