Dual representation of samples for negative selection issues
Keywords:
anomaly detection, negative selection, binary receptors, real-valued receptors, intrusion detectionAbstract
This paper presents a new dual model combining binary and real-valued representations of samples for negative selection algorithms. Recent research show that the two types of encoding can produce quite good results for some types of datasets when they are applied separately in such algorithms. Besides a number of efficient algorithms, various affinity (or similarity) functions fitted to particular implementation was investigated. Basing on a series of experiments, we propose a dual representation enabling overcome some of the existing drawbacks of these algorithms, and allowing significant speed up the classification process. This new model was designed mainly for detecting anomalies in real-time applications, were the time of classification is crucial, e.g. intrusion detection systems.
References
[2] U. Aickelin, J . Greensmith, J . Twycross. Immune system approaches to intrusion detection - a review. In: Proceedings of 3rd International Conference on Artificial Immune Systems, LNCS Vol. 3239, pp. 316-329. Springer, 2004.
[3] U. Aickelin, J. Twycross, T. Hesketh-Roberts. Rule generalisation in intrusion detection systems using SNORT. In: International Journal of Electronic Security and Digital Forensics, 1(1): 101-116, 2007.
[4] J . Balthrop, F. Esponda, S. Forrest, M. Glickman. Coverage and generalization in an artificial immune system. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2002), New York, July 9- 13, 2002, pp. 3-10.
[5] K Beyer, J. Goldstein, R. Ramakrishnan, U. Shaft. When is "nearest neighbor" meaningful. LNCS Vol. 1540, pp. 217-235, Springer-Verlag, 1999.
Published
Issue
Section
License
Copyright © The Author(s).
This work is licensed under the Creative Commons Attribution 4.0 International CC BY 4.0.
