TY - GEN
T1 - Avidity-model based clonal selection algorithm for network intrusion detection
AU - Tang, Wan
AU - Yang, Xi Min
AU - Xie, Xia
AU - Peng, Li Mei
AU - Youn, Chan Hyun
AU - Cao, Yang
PY - 2010
Y1 - 2010
N2 - To make an immune-inspired network intrusion detection system (IDS) effective, this paper proposes a new framework, which includes our avidity-model based clonal selection (AMCS) algorithm as core element. The AMCS algorithm uses an improved representation for antigens (corresponding to network access patterns) and detectors (corresponding to detection rules). In particular, a bio-inspired technique called gene expression programming (GEP) is integrated with artificial immune system (AIS) in detector representation. In addition, inspired by the avidity model of immunology, this paper also defines new avidity/affinity functions (corresponding to the metric for quantify the interactions between detector and antigens) that take the priorities of attribute into account. Accordingly, the proposed algorithm integrates both negative selection and positive selection with a balance factor k to assign appropriate weights to self and non-self avidity. The well known KDD CUP'99 DATA set is used for performance evaluation. The results show that the intrusion detection based on AMCS provides a higher detection rate of DoS attack, a lower false alarm rate, and a lower detectors generation cost. Our results indicate that breaking the bottleneck of immune-inspired network IDS through adjusting basic elements is feasible and effective.
AB - To make an immune-inspired network intrusion detection system (IDS) effective, this paper proposes a new framework, which includes our avidity-model based clonal selection (AMCS) algorithm as core element. The AMCS algorithm uses an improved representation for antigens (corresponding to network access patterns) and detectors (corresponding to detection rules). In particular, a bio-inspired technique called gene expression programming (GEP) is integrated with artificial immune system (AIS) in detector representation. In addition, inspired by the avidity model of immunology, this paper also defines new avidity/affinity functions (corresponding to the metric for quantify the interactions between detector and antigens) that take the priorities of attribute into account. Accordingly, the proposed algorithm integrates both negative selection and positive selection with a balance factor k to assign appropriate weights to self and non-self avidity. The well known KDD CUP'99 DATA set is used for performance evaluation. The results show that the intrusion detection based on AMCS provides a higher detection rate of DoS attack, a lower false alarm rate, and a lower detectors generation cost. Our results indicate that breaking the bottleneck of immune-inspired network IDS through adjusting basic elements is feasible and effective.
KW - Artificial immune system
KW - Avidity model
KW - Clonal selection
KW - Gene expression programming
KW - Network intrusion detection
UR - http://www.scopus.com/inward/record.url?scp=77956588400&partnerID=8YFLogxK
U2 - 10.1109/IWQoS.2010.5542731
DO - 10.1109/IWQoS.2010.5542731
M3 - Conference contribution
AN - SCOPUS:77956588400
SN - 9781424459889
T3 - IEEE International Workshop on Quality of Service, IWQoS
BT - 2010 IEEE 18th International Workshop on Quality of Service, IWQoS 2010
T2 - 2010 IEEE 18th International Workshop on Quality of Service, IWQoS 2010
Y2 - 16 June 2010 through 18 June 2010
ER -