Detecting anomalous process behaviour using second generation Artificial Immune Systems
Artificial Immune Systems have been successfully applied to a number of problem domains including fault tolerance and data mining, but have been shown to scale poorly when applied to computer intrusion detection despite the fact that the biological immune system is a very effective anomaly detector....
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Published: |
Old City Publishing
2010
|
| Subjects: | |
| Online Access: | https://eprints.nottingham.ac.uk/34057/ |
| _version_ | 1848794764746424320 |
|---|---|
| author | Twycross, Jamie Aickelin, Uwe Whitbrook, Amanda |
| author_facet | Twycross, Jamie Aickelin, Uwe Whitbrook, Amanda |
| author_sort | Twycross, Jamie |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | Artificial Immune Systems have been successfully applied to a number of problem domains including fault tolerance and data mining, but have been shown to scale poorly when applied to computer intrusion detection despite the fact that the biological immune system is a very effective anomaly detector. This may be because AIS algorithms have previously been based on the adaptive immune system and biologically-naive models. This paper focuses on describing and testing a more complex and biologically-authentic AIS model, inspired by the interactions between the innate and adaptive immune systems. Its performance on a realistic process anomaly detection problem is shown to be better than standard AIS methods (negative-selection), policy-based anomaly detection methods (systrace), and an alternative innate AIS approach (the DCA). In addition, it is shown that runtime information can be used in combination with system call information to enhance detection capability. |
| first_indexed | 2025-11-14T19:21:23Z |
| format | Article |
| id | nottingham-34057 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| last_indexed | 2025-11-14T19:21:23Z |
| publishDate | 2010 |
| publisher | Old City Publishing |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-340572020-05-04T20:26:01Z https://eprints.nottingham.ac.uk/34057/ Detecting anomalous process behaviour using second generation Artificial Immune Systems Twycross, Jamie Aickelin, Uwe Whitbrook, Amanda Artificial Immune Systems have been successfully applied to a number of problem domains including fault tolerance and data mining, but have been shown to scale poorly when applied to computer intrusion detection despite the fact that the biological immune system is a very effective anomaly detector. This may be because AIS algorithms have previously been based on the adaptive immune system and biologically-naive models. This paper focuses on describing and testing a more complex and biologically-authentic AIS model, inspired by the interactions between the innate and adaptive immune systems. Its performance on a realistic process anomaly detection problem is shown to be better than standard AIS methods (negative-selection), policy-based anomaly detection methods (systrace), and an alternative innate AIS approach (the DCA). In addition, it is shown that runtime information can be used in combination with system call information to enhance detection capability. Old City Publishing 2010 Article PeerReviewed Twycross, Jamie, Aickelin, Uwe and Whitbrook, Amanda (2010) Detecting anomalous process behaviour using second generation Artificial Immune Systems. International Journal of Unconventional Computing, 6 (3-4). pp. 301-326. ISSN 1548-7202 Second Generation Artificial Immune Systems Innate Immunity Process Anomaly Detection Intrusion Detection Systems http://www.oldcitypublishing.com/pdf/693 |
| spellingShingle | Second Generation Artificial Immune Systems Innate Immunity Process Anomaly Detection Intrusion Detection Systems Twycross, Jamie Aickelin, Uwe Whitbrook, Amanda Detecting anomalous process behaviour using second generation Artificial Immune Systems |
| title | Detecting anomalous process behaviour using second generation Artificial Immune Systems |
| title_full | Detecting anomalous process behaviour using second generation Artificial Immune Systems |
| title_fullStr | Detecting anomalous process behaviour using second generation Artificial Immune Systems |
| title_full_unstemmed | Detecting anomalous process behaviour using second generation Artificial Immune Systems |
| title_short | Detecting anomalous process behaviour using second generation Artificial Immune Systems |
| title_sort | detecting anomalous process behaviour using second generation artificial immune systems |
| topic | Second Generation Artificial Immune Systems Innate Immunity Process Anomaly Detection Intrusion Detection Systems |
| url | https://eprints.nottingham.ac.uk/34057/ https://eprints.nottingham.ac.uk/34057/ |