Kim, Jung Won;
(2002)
Integrating Artificial Immune Algorithms for Intrusion Detection.
Doctoral thesis (Ph.D), UCL (University College London).
![[thumbnail of Integrating artificial immune algorithms for intrusion detection.pdf]](https://discovery.ucl.ac.uk/style/images/fileicons/text.png) |
Text
Integrating artificial immune algorithms for intrusion detection.pdf Download (11MB) |
Abstract
This thesis focuses on the combination of a set of artificial immune algorithms and their application to intrusion detection. Three evolutionary algorithms are investigated, each based on a process from the human immune system. It is demonstrated that these three algorithms, negative selection, clonal selection and gene library evolution, lead to self-organisation in the artificial immune system (AIS). In addition, the attributes required for effective intrusion detection are analysed in depth. With the aim of intrusion detection in mind, novel variations of the algorithm are created and tested on different data sets, including real network traffic data. This thesis makes the following eight main contributions. 1. The components of human immune systems that are crucial to the improvement of AIS for intrusion detection are identified. 2. A systematic framework for an AIS for network intrusion detection is introduced by combining three evolutionary stages: negative selection, clonal selection and gene library maintenance. It is demonstrated that this framework can fulfil the role of a network-based intrusion detection system. 3. It is demonstrated that the negative selection algorithm employed for the thesis has a severe scaling problem when applied in a real network environment. 4. It is demonstrated that a static clonal selection algorithm with a negative selection operator achieves efficient niche maintenance and acceptable self-tolerance. 5. A dynamic clonal selection algorithm that combines three evolutionary stages allows the AIS to be adaptable to dynamically changing antigen behaviours. 6. The effect of three parameters on the behaviour of the dynamic clonal selection algorithm is analysed. These parameters are: tolerisation period, activation threshold and life span. Satisfactory TP and FP rates are obtained by setting these parameters to appropriate values. 7. The extension of the dynamic clonal selection algorithm to employ deletion of memory detectors reduces high FP rates observed when previously observed normal behaviours no longer represent normal behaviours. 8. It is demonstrated that simulation of gene library evolution using hypermutation reduces the amount of costimulation (human intervention). These contributions support the conclusion of this thesis: that an artificial immune model harnessing the three evolutionary stages demonstrates adaptability to continuously changing environments, dynamically learning the fluid patterns of 'self, and detecting new patterns of 'non-self'.
| Type: | Thesis (Doctoral) |
|---|---|
| Qualification: | Ph.D |
| Title: | Integrating Artificial Immune Algorithms for Intrusion Detection |
| Open access status: | An open access version is available from UCL Discovery |
| Language: | English |
| Additional information: | Thesis digitised by ProQuest |
| Keywords: | Applied sciences; Artificial immune algorithms |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10099628 |
Archive Staff Only
 |
View Item |
