An immunology-inspired multi-engine anomaly detection system with hybrid particle swarm optimisations

Frank Jiang; Sai Ho Ling; Kit Yan Chan; Zenon Chaczko; Hung Fat Frank Leung; Michael R. Frater

doi:10.1109/FUZZ-IEEE.2012.6251241

An immunology-inspired multi-engine anomaly detection system with hybrid particle swarm optimisations

Frank Jiang, Sai Ho Ling, Kit Yan Chan, Zenon Chaczko, Hung Fat Frank Leung, Michael R. Frater

The Hong Kong Polytechnic University

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

1 Citation (Scopus)

Abstract

In this paper, multiple detection engines with multi-layered intrusion detection mechanisms are proposed for enhancing computer security. The principle is to coordinate the results from each single-engine intrusion alert system, which seamlessly integrates with a multiple layered distributed service-oriented structure. An improved hidden Markov model (HMM) is created for the detection engine which is capable of the immunology-based self/nonself discrimination. The classifications of normal and abnormal behaviours of system calls are further examined by an advanced fuzzy-based inference process tuned by HPSOWM. Considering a real benchmark dataset from the public domain, our experimental results show that the proposed scheme can greatly shorten the training time of HMM and significantly reduce the false positive rate. The proposed HPSOWM works especially well for the efficient classification of unknown behaviors and malicious attacks.

Original language	English
Title of host publication	2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012
DOIs	https://doi.org/10.1109/FUZZ-IEEE.2012.6251241
Publication status	Published - 23 Oct 2012
Event	2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012 - Brisbane, QLD, Australia Duration: 10 Jun 2012 → 15 Jun 2012

Conference

Conference	2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012
Country/Territory	Australia
City	Brisbane, QLD
Period	10/06/12 → 15/06/12

Keywords

Anomaly intrusion detection
Fuzzy logic
Hidden Markov model
Immunology
Multiple detection engines

ASJC Scopus subject areas

Theoretical Computer Science
Software
Artificial Intelligence
Applied Mathematics

More information

10.1109/FUZZ-IEEE.2012.6251241

Cite this

@inproceedings{fdaf602eff024af6ae3a6a0c34a5efbe,

title = "An immunology-inspired multi-engine anomaly detection system with hybrid particle swarm optimisations",

abstract = "In this paper, multiple detection engines with multi-layered intrusion detection mechanisms are proposed for enhancing computer security. The principle is to coordinate the results from each single-engine intrusion alert system, which seamlessly integrates with a multiple layered distributed service-oriented structure. An improved hidden Markov model (HMM) is created for the detection engine which is capable of the immunology-based self/nonself discrimination. The classifications of normal and abnormal behaviours of system calls are further examined by an advanced fuzzy-based inference process tuned by HPSOWM. Considering a real benchmark dataset from the public domain, our experimental results show that the proposed scheme can greatly shorten the training time of HMM and significantly reduce the false positive rate. The proposed HPSOWM works especially well for the efficient classification of unknown behaviors and malicious attacks.",

keywords = "Anomaly intrusion detection, Fuzzy logic, Hidden Markov model, Immunology, Multiple detection engines",

author = "Frank Jiang and Ling, {Sai Ho} and Chan, {Kit Yan} and Zenon Chaczko and Leung, {Hung Fat Frank} and Frater, {Michael R.}",

year = "2012",

month = oct,

day = "23",

doi = "10.1109/FUZZ-IEEE.2012.6251241",

language = "English",

isbn = "9781467315067",

booktitle = "2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012",

note = "2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012 ; Conference date: 10-06-2012 Through 15-06-2012",

}

Jiang, F, Ling, SH, Chan, KY, Chaczko, Z, Leung, HFF & Frater, MR 2012, An immunology-inspired multi-engine anomaly detection system with hybrid particle swarm optimisations. in 2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012., 6251241, 2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012, Brisbane, QLD, Australia, 10/06/12. https://doi.org/10.1109/FUZZ-IEEE.2012.6251241

An immunology-inspired multi-engine anomaly detection system with hybrid particle swarm optimisations. / Jiang, Frank; Ling, Sai Ho; Chan, Kit Yan et al.
2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012. 2012. 6251241.

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - An immunology-inspired multi-engine anomaly detection system with hybrid particle swarm optimisations

AU - Jiang, Frank

AU - Ling, Sai Ho

AU - Chan, Kit Yan

AU - Chaczko, Zenon

AU - Leung, Hung Fat Frank

AU - Frater, Michael R.

PY - 2012/10/23

Y1 - 2012/10/23

N2 - In this paper, multiple detection engines with multi-layered intrusion detection mechanisms are proposed for enhancing computer security. The principle is to coordinate the results from each single-engine intrusion alert system, which seamlessly integrates with a multiple layered distributed service-oriented structure. An improved hidden Markov model (HMM) is created for the detection engine which is capable of the immunology-based self/nonself discrimination. The classifications of normal and abnormal behaviours of system calls are further examined by an advanced fuzzy-based inference process tuned by HPSOWM. Considering a real benchmark dataset from the public domain, our experimental results show that the proposed scheme can greatly shorten the training time of HMM and significantly reduce the false positive rate. The proposed HPSOWM works especially well for the efficient classification of unknown behaviors and malicious attacks.

AB - In this paper, multiple detection engines with multi-layered intrusion detection mechanisms are proposed for enhancing computer security. The principle is to coordinate the results from each single-engine intrusion alert system, which seamlessly integrates with a multiple layered distributed service-oriented structure. An improved hidden Markov model (HMM) is created for the detection engine which is capable of the immunology-based self/nonself discrimination. The classifications of normal and abnormal behaviours of system calls are further examined by an advanced fuzzy-based inference process tuned by HPSOWM. Considering a real benchmark dataset from the public domain, our experimental results show that the proposed scheme can greatly shorten the training time of HMM and significantly reduce the false positive rate. The proposed HPSOWM works especially well for the efficient classification of unknown behaviors and malicious attacks.

KW - Anomaly intrusion detection

KW - Fuzzy logic

KW - Hidden Markov model

KW - Immunology

KW - Multiple detection engines

UR - http://www.scopus.com/inward/record.url?scp=84867618999&partnerID=8YFLogxK

U2 - 10.1109/FUZZ-IEEE.2012.6251241

DO - 10.1109/FUZZ-IEEE.2012.6251241

M3 - Conference article published in proceeding or book

SN - 9781467315067

BT - 2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012

T2 - 2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012

Y2 - 10 June 2012 through 15 June 2012

ER -

An immunology-inspired multi-engine anomaly detection system with hybrid particle swarm optimisations

Abstract

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this