Article

Dendritic cells for SYN scan detection

Authors:

Julie Greensmith,

Uwe AickelinAuthors Info & Claims

GECCO '07: Proceedings of the 9th annual conference on Genetic and evolutionary computation

Pages 49 - 56

https://doi.org/10.1145/1276958.1276966

Published: 07 July 2007 Publication History

Abstract

Artificial immune systems have previously been applied to the problem of intrusion detection. The aim of this research is to develop an intrusion detection system based on the function of Dendritic Cells (DCs). DCs are antigen presenting cells and key to the activation of the human immune system, behaviour which has been abstracted to form the Dendritic Cell Algorithm (DCA). In algorithmic terms, individual DCs perform multi-sensor data fusion, asynchronously correlating the fused data signals with a secondary data stream. Aggregate output of a population of cells is analysed and forms the basis of an anomaly detection system. In this paper the DCA is applied to the detection of outgoing port scans using TCP SYN packets. Results show that detection can be achieved with the DCA, yet some false positives can be encountered when simultaneously scanning and using other network services. Suggestions are made for using adaptive signals to alleviate this uncovered problem.

References

[1]

U Aickelin, P Bentley, S Cayzer, J Kim, and J McLeod. Danger theory: The link between ais and ids. In Proc. of the Second Internation Conference on Artificial Immune Systems (ICARIS--03), pages 147--155, 2003.

[2]

U. Aickelin, J. Greensmith, and J. Twycross. Immune system approaches to intrusion detection -- a review. In Proc. of the Second Internation Conference on Artificial Immune Systems (ICARIS--03), pages 316--329, 2004.

[3]

Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, and Thomas A. Longstaff. A sense of self for Unix processes. In Proceedinges of the 1996 IEEE Symposium on Research in Security and Privacy, pages 120--128. IEEE Computer Society Press, 1996.

Digital Library

[4]

J. Greensmith, U. Aickelin, and S. Cayzer. Introducing dendritic cells as a novel immune--inspired algorithm for anomaly detection. In ICARIS--05, LNCS 3627, pages 153--167, 2005.

Digital Library

[5]

J. Greensmith, U. Aickelin, and J. Twycross. Articulation and clarification of the dendritic cell algorithm. In ICARIS--06, LNCS 4163, pages 404--417, 2006.

Digital Library

[6]

J. Greensmith, J. Twycross, and U. Aickelin. Dendritic cells for anomaly detection. In IEEE Congress on Evolutionary Computation(CEC 2006), pages 664--671, 2006.

[7]

S Hofmeyr. An immunological model of distributed detection and its application to computer security. PhD thesis, University Of New Mexico, 1999.

Digital Library

[8]

J Kim and P J Bentley. Towards an artificial immune system for network intrusion detection: An investigation of clonal selection with a negative selection operator. In Proceeding of the Congress on Evolutionary Computation (CEC--2001), Seoul, Korea, pages 1244--1252, 2001.

Digital Library

[9]

M.B. Lutz and G. Schuler. Immature, semi--mature and fully mature dendritic cells: which signals induce tolerance or immunity? Trends in Immunology, 23(9):991--1045, 2002.

[10]

P. Matzinger. Tolerance, danger and the extended family. Annual Reviews in Immunology, 12:991--1045, 1994.

[11]

T.R. Mosmann and A.M. Livingstone. Dendritic cells: the immune information management experts. Nature Immunology, 5(6):564--566, 2004.

[12]

nmap. http://www.insecure.org.

[13]

M. Roesch. Snort -- lightweight intrusion detection for networks. In LISA '99: Proceedings of the 13th USENIX conference on System administration, pages 229--238, Berkeley, CA, USA, 1999. USENIX Association.

Digital Library

[14]

T Stibor, P Mohr, J Timmis, and C Eckert. Is negative selection appropriate for anomaly detection? In Proceedings of Genetic and Evolutionary Computation Conference (GECCO)Washington DC. USA., pages 321--328, 2005.

Digital Library

[15]

J. Twycross. Integrated Innate and Adaptive Artificial Immune Systems Applied to Process Anomaly Detection. PhD thesis, University Of Nottingham, 2007.

[16]

J. Twycross and U. Aickelin. libtissue -- implementing innate immunity. In Congress on Evolutionary Computation (CEC--2006), pages 499--506, 2006.

[17]

C.A. Williams, R.A. Harry, and J.D. McLeod. Mechanisms of apoptosis induced dc suppression. Submitted to the Journal of Immunology, 2007.

Cited By

Almasalmeh NSaidi FTrabelsi Z(2019)A Dendritic Cell Algorithm Based Approach for Malicious TCP Port Scanning Detection2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC)10.1109/IWCMC.2019.8766461(877-882)Online publication date: Jun-2019
https://doi.org/10.1109/IWCMC.2019.8766461
Ahmad AZainudin WKama MIdris NSaudi M(2018)Cloud Co-Residency Denial of Service Threat Detection Inspired by Artificial Immune SystemProceedings of the 2018 Artificial Intelligence and Cloud Computing Conference10.1145/3299819.3299821(76-82)Online publication date: 21-Dec-2018
https://dl.acm.org/doi/10.1145/3299819.3299821
Trivedi AShrivastava ASaxena AManoria M(2018)Survey Analysis on Immunological Approach to Intrusion Detection2018 International Conference on Advanced Computation and Telecommunication (ICACAT)10.1109/ICACAT.2018.8933710(1-11)Online publication date: Dec-2018
https://doi.org/10.1109/ICACAT.2018.8933710
Show More Cited By

Index Terms

Dendritic cells for SYN scan detection
1. Computing methodologies
  1. Artificial intelligence

Recommendations

Information fusion for anomaly detection with the dendritic cell algorithm

Dendritic cells are antigen presenting cells that provide a vital link between the innate and adaptive immune system, providing the initial detection of pathogenic invaders. Research into this family of cells has revealed that they perform information ...
Introducing dendritic cells as a novel immune-inspired algorithm for anomaly detection
ICARIS'05: Proceedings of the 4th international conference on Artificial Immune Systems

Dendritic cells are antigen presenting cells that provide a vital link between the innate and adaptive immune system. Research into this family of cells has revealed that they perform the role of co-ordinating T-cell based immune responses, both ...
Articulation and clarification of the dendritic cell algorithm
ICARIS'06: Proceedings of the 5th international conference on Artificial Immune Systems

The Dendritic Cell algorithm (DCA) is inspired by recent work in innate immunity. In this paper a formal description of the DCA is given. The DCA is described in detail, and its use as an anomaly detector is illustrated within the context of computer ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

GECCO '07: Proceedings of the 9th annual conference on Genetic and evolutionary computation

July 2007

2313 pages

ISBN:9781595936974

DOI:10.1145/1276958

General Chair:
Hod Lipson
Cornell University, USA

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 July 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

GECCO07

Sponsor:

GECCO07: Genetic and Evolutionary Computation Conference

July 7 - 11, 2007

London, England

Acceptance Rates

GECCO '07 Paper Acceptance Rate 266 of 577 submissions, 46%;

Overall Acceptance Rate 1,669 of 4,410 submissions, 38%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

43
Total Citations
View Citations
498
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)2

Reflects downloads up to 07 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Almasalmeh NSaidi FTrabelsi Z(2019)A Dendritic Cell Algorithm Based Approach for Malicious TCP Port Scanning Detection2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC)10.1109/IWCMC.2019.8766461(877-882)Online publication date: Jun-2019
https://doi.org/10.1109/IWCMC.2019.8766461
Ahmad AZainudin WKama MIdris NSaudi M(2018)Cloud Co-Residency Denial of Service Threat Detection Inspired by Artificial Immune SystemProceedings of the 2018 Artificial Intelligence and Cloud Computing Conference10.1145/3299819.3299821(76-82)Online publication date: 21-Dec-2018
https://dl.acm.org/doi/10.1145/3299819.3299821
Trivedi AShrivastava ASaxena AManoria M(2018)Survey Analysis on Immunological Approach to Intrusion Detection2018 International Conference on Advanced Computation and Telecommunication (ICACAT)10.1109/ICACAT.2018.8933710(1-11)Online publication date: Dec-2018
https://doi.org/10.1109/ICACAT.2018.8933710
Greensmith JGale M(2017)The Functional Dendritic Cell Algorithm: A formal specification with Haskell2017 IEEE Congress on Evolutionary Computation (CEC)10.1109/CEC.2017.7969518(1787-1794)Online publication date: Jun-2017
https://doi.org/10.1109/CEC.2017.7969518
Fernandes DFreire MFazendeiro PIncio P(2017)Applications of artificial immune systems to computer securityJournal of Information Security and Applications10.1016/j.jisa.2017.06.00735:C(138-159)Online publication date: 1-Aug-2017
https://dl.acm.org/doi/10.1016/j.jisa.2017.06.007
Chelly ZElouedi Z(2016)A survey of the dendritic cell algorithmKnowledge and Information Systems10.1007/s10115-015-0891-y48:3(505-535)Online publication date: 1-Sep-2016
https://dl.acm.org/doi/10.1007/s10115-015-0891-y
Du KSwamy MDu KSwamy M(2016)Artificial Immune SystemsSearch and Optimization by Metaheuristics10.1007/978-3-319-41192-7_10(175-189)Online publication date: 21-Jul-2016
https://doi.org/10.1007/978-3-319-41192-7_10
Srihari VKalpana PAnitha R(2015)Spam over IP telephony prevention using Dendritic Cell Algorithm2015 3rd International Conference on Signal Processing, Communication and Networking (ICSCN)10.1109/ICSCN.2015.7219895(1-7)Online publication date: Mar-2015
https://doi.org/10.1109/ICSCN.2015.7219895
Li Wang Xianjin Fang (2015)The detection of P2P bots using the dendritic cells algorithm2015 International Conference on Estimation, Detection and Information Fusion (ICEDIF)10.1109/ICEDIF.2015.7280211(299-302)Online publication date: Jan-2015
https://doi.org/10.1109/ICEDIF.2015.7280211
Srihari VKalpana PAnitha R(2014)Dendritic cell algorithm for preventing spam over IP telephony2014 International Conference on Informatics, Electronics & Vision (ICIEV)10.1109/ICIEV.2014.7135997(1-6)Online publication date: May-2014
https://doi.org/10.1109/ICIEV.2014.7135997
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents