An immunology-inspired multi-engine anomaly detection system with hybrid particle swarm optimisations

Frank Jiang, Sai Ho Ling, Kit Yan Chan, Zenon Chaczko, Hung Fat Frank Leung, Michael R. Frater

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

1 Citation (Scopus)

Abstract

In this paper, multiple detection engines with multi-layered intrusion detection mechanisms are proposed for enhancing computer security. The principle is to coordinate the results from each single-engine intrusion alert system, which seamlessly integrates with a multiple layered distributed service-oriented structure. An improved hidden Markov model (HMM) is created for the detection engine which is capable of the immunology-based self/nonself discrimination. The classifications of normal and abnormal behaviours of system calls are further examined by an advanced fuzzy-based inference process tuned by HPSOWM. Considering a real benchmark dataset from the public domain, our experimental results show that the proposed scheme can greatly shorten the training time of HMM and significantly reduce the false positive rate. The proposed HPSOWM works especially well for the efficient classification of unknown behaviors and malicious attacks.
Original languageEnglish
Title of host publication2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012
DOIs
Publication statusPublished - 23 Oct 2012
Event2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012 - Brisbane, QLD, Australia
Duration: 10 Jun 201215 Jun 2012

Conference

Conference2012 IEEE International Conference on Fuzzy Systems, FUZZ 2012
Country/TerritoryAustralia
CityBrisbane, QLD
Period10/06/1215/06/12

Keywords

  • Anomaly intrusion detection
  • Fuzzy logic
  • Hidden Markov model
  • Immunology
  • Multiple detection engines

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Software
  • Artificial Intelligence
  • Applied Mathematics

Cite this