TY - JOUR
T1 - GEP-based framework for immune- inspired intrusion detection
AU - Tang, Wan
AU - Peng, Limei
AU - Yang, Ximin
AU - Xie, Xia
AU - Cao, Yang
PY - 2010/12
Y1 - 2010/12
N2 - Immune-inspired intrusion detection is a promising technology for network security, and well known for its diversity, adaptation, self-tolerance, etc. However, scalability and coverage are two major drawbacks of the immune-inspired intrusion detection systems (IIDSes). In this paper, we propose an IIDS framework, named GEP-IIDS, with improved basic system elements to address these two problems. First, an additional bio-inspired technique, gene expression programming (GEP), is introduced in detector (corresponding to detection rules) representation. In addition, inspired by the avidity model of immunology, new avidity/affinity functions taking the priority of attributes into account are given. Based on the above two improved elements, we also propose a novel immune algorithm that is capable of integrating two bio-inspired mechanisms (i.e., negative selection and positive selection) by using a balance factor. Finally, a pruning algorithm is given to reduce redundant detectors that consume footprint and detection time but do not contribute to improving performance. Our experimental results show the feasibility and effectiveness of our solution to handle the scalability and coverage problems of IIDS.
AB - Immune-inspired intrusion detection is a promising technology for network security, and well known for its diversity, adaptation, self-tolerance, etc. However, scalability and coverage are two major drawbacks of the immune-inspired intrusion detection systems (IIDSes). In this paper, we propose an IIDS framework, named GEP-IIDS, with improved basic system elements to address these two problems. First, an additional bio-inspired technique, gene expression programming (GEP), is introduced in detector (corresponding to detection rules) representation. In addition, inspired by the avidity model of immunology, new avidity/affinity functions taking the priority of attributes into account are given. Based on the above two improved elements, we also propose a novel immune algorithm that is capable of integrating two bio-inspired mechanisms (i.e., negative selection and positive selection) by using a balance factor. Finally, a pruning algorithm is given to reduce redundant detectors that consume footprint and detection time but do not contribute to improving performance. Our experimental results show the feasibility and effectiveness of our solution to handle the scalability and coverage problems of IIDS.
KW - Artificial immune system
KW - Gene expression programming
KW - Network intrusion detection
UR - http://www.scopus.com/inward/record.url?scp=78650822925&partnerID=8YFLogxK
U2 - 10.3837/tiis.2010.12.017
DO - 10.3837/tiis.2010.12.017
M3 - Article
AN - SCOPUS:78650822925
SN - 1976-7277
VL - 4
SP - 1273
EP - 1293
JO - KSII Transactions on Internet and Information Systems
JF - KSII Transactions on Internet and Information Systems
IS - 6
ER -