| The roles of intrusive detection technology are to recognize the behaviors which destroying the security of computer and network systems, and to intercept and respond the intrusion before the systems are endangered. The basic function of the biological immune system is to recognize and eliminate foreign antigen, and to act as a defensive barrier. It appears that the recognition and protection mechanism of the immune system could lead to the development of novel concepts and techniques for detecting intrusions in computer networks. Negative selection is a process of the immune system, which destroys immature antibodies which are capable of recognizing self-antigens. Antibodies which survive the negative selection process are self-tolerant and are capable of recognizing almost any foreign body substance. Roughly speaking one can say that the negative selection endows the immune system with an ability to distinguish between self and non-self. In this thesis, we explore the coverage of generable detectors in the artificial immune system negative selection, which is important for the study of its application in intrusion detection system and its performance as an anomaly detection method.In Hamming shape-space, an algorithm which generates all possible r-chunk detectors is proposed and used to estimate the average number of generable detectors. We investigate the parameter dependencies of the number of self elements, the alphabet size and matching length and their effects on the number of generable detectors and holes. Results reveal that only the matching length must lie near detector length, it is feasible to generate all possible detectors and little holes. The number of generable detectors exponentially decreases to the number of self elements, whereas the number of holes exponentially increases. By the above analysis, we find out that for real-world intrusion detection problem, the Hamming negative selection approach is not applicable.The classification performance of negative selection and positive selection in low-dimensional and high-dimensional data sets is explored experimentally. Results reveal that the negative selection produced similar classification results as the positive selection for low-dimensional data sets. However it produced poor results for the high-dimensional data sets. Therefore we have shown that properties of hyperspheres in high dimensions, such as the volume tends to zero by keeping the radius fixed, nearly all uniformly randomly distributed points are close to the hypersphere surface, and it reaches the maximum volume for a certain radius, lead to the most fundamental limitations of real-valued negative selection for high-dimensional classification problems. |
PDF Full Text Request