Use this URL to cite or link to this record in EThOS:
Title: Integrating artificial immune algorithms for intrusion detection
Author: Kim, Jung Won
ISNI:       0000 0001 3599 3661
Awarding Body: University of London
Current Institution: University College London (University of London)
Date of Award: 2002
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
This thesis focuses on the combination of a set of artificial immune algorithms and their application to intrusion detection. Three evolutionary algorithms are investigated, each based on a process from the human immune system. It is demonstrated that these three algorithms, negative selection, clonal selection and gene library evolution, lead to self-organisation in the artificial immune system (AIS). In addition, the attributes required for effective intrusion detection are analysed in depth. With the aim of intrusion detection in mind, novel variations of the algorithm are created and tested on different data sets, including real network traffic data. This thesis makes the following eight main contributions. 1. The components of human immune systems that are crucial to the improvement of AIS for intrusion detection are identified. 2. A systematic framework for an AIS for network intrusion detection is introduced by combining three evolutionary stages: negative selection, clonal selection and gene library maintenance. It is demonstrated that this framework can fulfil the role of a network-based intrusion detection system. 3. It is demonstrated that the negative selection algorithm employed for the thesis has a severe scaling problem when applied in a real network environment. 4. It is demonstrated that a static clonal selection algorithm with a negative selection operator achieves efficient niche maintenance and acceptable self-tolerance. 5. A dynamic clonal selection algorithm that combines three evolutionary stages allows the AIS to be adaptable to dynamically changing antigen behaviours. 6. The effect of three parameters on the behaviour of the dynamic clonal selection algorithm is analysed. These parameters are: tolerisation period, activation threshold and life span. Satisfactory TP and FP rates are obtained by setting these parameters to appropriate values. 7. The extension of the dynamic clonal selection algorithm to employ deletion of memory detectors reduces high FP rates observed when previously observed normal behaviours no longer represent normal behaviours. 8. It is demonstrated that simulation of gene library evolution using hypermutation reduces the amount of costimulation (human intervention). These contributions support the conclusion of this thesis: that an artificial immune model harnessing the three evolutionary stages demonstrates adaptability to continuously changing environments, dynamically learning the fluid patterns of 'self, and detecting new patterns of 'non-self'.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available