Immunity-Based Dynamic Anomaly Detection Method

In many of actual anomaly detection systems, the training data is only partially composed by the normal elements; simultaneously, self and non-self space often vary over time, so these systems often build profiles based on some of self elements and adjust themselves to adapt network varieties. Howev...

Full description

Saved in:
Bibliographic Details
Main Authors: Sun, Feixian, Zheng, Qiusheng, Tao, Li
Format: Conference Proceeding
Language:English
Subjects:
Biology
Computational Intelligence Society
Computer science
Computer security
Computer vision
Detectors
Immune system
Space technology
Sun
Training data
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In many of actual anomaly detection systems, the training data is only partially composed by the normal elements; simultaneously, self and non-self space often vary over time, so these systems often build profiles based on some of self elements and adjust themselves to adapt network varieties. However, these techniques need a large number of self elements to build the profile and lack adaptability. Aiming at the problems of traditional techniques, an immunity-based dynamic method for network anomaly detection, referred to as WAD, is proposed in this paper. WAD builds an appropriate profile using only a subset of normal elements and adapts the varieties of self and non-self space, which adjust adaptively the self radius, the detection radius, and numbers of detectors to amend the built profile. The experiment results show that WAD is an efficient solution to anomaly detection, and has the features of high detection rate, low false alarm rate, self-learning, and adaptation.
ISSN:2151-7614
2151-7622
DOI:10.1109/ICBBE.2008.157