“…Chen et al [28] analyzed the probabilistic aspects of the non-self-space coverage when given the conditions for detector stop generation. Li and Chen [33] used the Monte Carlo method to calculate the overlap volume of the hypersphere and proposed a nonself-covering calculation method based on confdence estimation. Fouladvand et al [31] compared the randomly generated pattern with the self-space GMM and retained the low probability random pattern as a detector.…”
Intrusion detection systems are crucial in fighting against various network attacks. By monitoring the network behavior in real time, possible attack attempts can be detected and acted upon. However, with the development of openness and flexibility of networks, artificial immunity-based network anomaly detection methods lack continuous adaptability and hence have poor detection performance. Thus, a novel framework for network anomaly detection with adaptive regulation is built in this paper. First, a heuristic dimensionality reduction algorithm based on unsupervised clustering is proposed. This algorithm uses the correlation between features to select the best subset. Then, a hybrid partitioning strategy is introduced in the negative selection algorithm (NSA), which divides the feature space into a grid based on the sample distribution density and generates specific candidate detectors in the boundary grid to effectively mitigate the holes caused by boundary diversity. Finally, the NSA is improved by self-set clustering and a novel gray wolf optimizer to achieve adaptive adjustment of the detector radius and position. The results show that the proposed NSA algorithm based on mixed hierarchical division and gray wolf optimization (MDGWO-NSA) achieves a higher detection rate, lower false alarm rate, and better generation quality than other network anomaly detection algorithms.
“…Chen et al [28] analyzed the probabilistic aspects of the non-self-space coverage when given the conditions for detector stop generation. Li and Chen [33] used the Monte Carlo method to calculate the overlap volume of the hypersphere and proposed a nonself-covering calculation method based on confdence estimation. Fouladvand et al [31] compared the randomly generated pattern with the self-space GMM and retained the low probability random pattern as a detector.…”
Intrusion detection systems are crucial in fighting against various network attacks. By monitoring the network behavior in real time, possible attack attempts can be detected and acted upon. However, with the development of openness and flexibility of networks, artificial immunity-based network anomaly detection methods lack continuous adaptability and hence have poor detection performance. Thus, a novel framework for network anomaly detection with adaptive regulation is built in this paper. First, a heuristic dimensionality reduction algorithm based on unsupervised clustering is proposed. This algorithm uses the correlation between features to select the best subset. Then, a hybrid partitioning strategy is introduced in the negative selection algorithm (NSA), which divides the feature space into a grid based on the sample distribution density and generates specific candidate detectors in the boundary grid to effectively mitigate the holes caused by boundary diversity. Finally, the NSA is improved by self-set clustering and a novel gray wolf optimizer to achieve adaptive adjustment of the detector radius and position. The results show that the proposed NSA algorithm based on mixed hierarchical division and gray wolf optimization (MDGWO-NSA) achieves a higher detection rate, lower false alarm rate, and better generation quality than other network anomaly detection algorithms.
“…What makes the immune system source of inspiration from an algorithmic perspective is its ability in detect, recognize, and distinguish entities own to the organism from foreign ones, together with its ability to learn new information and remember those foreign entities already recognized. Three principal theories are at the basis of the immune-inspired algorithms: (1) clonal selection (Pavone et al 2012;Scollo et al 2021); (2) negative selection (Fouladvand et al 2017;Poggiolini and Engelbrecht 2013); and (3) immune networks (Smith and Timmis 2008). Among these, what has proven to be quite efficient is the one based on the clonal selection principle (called Clonal Selection Algorithms-CSA) (Cutello et al , 2010 mostly in search and optimization applications.…”
Section: Opt-ia: An Immune Algorithm For Community Detectionmentioning
Community detection is a prominent research topic in Complex Network Analysis, and it constitutes an important research field on all those areas where complex networks represent a powerful interpretation tool for describing and understanding systems involved in neuroscience, biology, social science, economy, and many others. A challenging approach to uncover the community structure in complex network, and then revealing the internal organization of nodes, is Modularity optimization. In this research paper, we present an immune optimization algorithm (opt-IA) developed to detect community structures, with the main aim to maximize the modularity produced by the discovered communities. In order to assess the performance of opt-IA, we compared it with an overall of 20 heuristics and metaheuristics, among which one Hyper-Heuristic method, using social and biological complex networks as data set. Unlike these algorithms, opt-IA is entirely based on a fully random search process, which in turn is combined with purely stochastic operators. According to the obtained outcomes, opt-IA shows strictly better performances than almost all heuristics and metaheuristics to which it was compared; whilst it turns out to be comparable with the Hyper-Heuristic method. Overall, it can be claimed that opt-IA, even if driven by a purely random process, proves to be reliable and with efficient performance. Furthermore, to prove the latter claim, a sensitivity analysis of the functionality was conducted, using the classic metrics NMI, ARI and NVI.
“…The negative selection algorithm generates detectors and then monitors anomalies, but has the limitation that, on large data sizes, it leads to poor results or an excessive number of detectors. The - distribution estimation-based negative selection algorithm (DENSA) proposed by Fouladvand et al ( 2017 ) has been combined with the Gaussian mixture model (GMM, in Spall and Maryak, 1992 ) which obtains results in real time and interprets a large amount of data. The parameters of the GMM are determined according to the maximization of the likelihood, through the expectation-maximization algorithm (EM).…”
Section: Metaheuristics Machine Learning and Anomaly Detectionmentioning
With the increase in available data from computer systems and their security threats, interest in anomaly detection has increased as well in recent years. The need to diagnose faults and cyberattacks has also focused scientific research on the automated classification of outliers in big data, as manual labeling is difficult in practice due to their huge volumes. The results obtained from data analysis can be used to generate alarms that anticipate anomalies and thus prevent system failures and attacks. Therefore, anomaly detection has the purpose of reducing maintenance costs as well as making decisions based on reports. During the last decade, the approaches proposed in the literature to classify unknown anomalies in log analysis, process analysis, and time series have been mainly based on machine learning and deep learning techniques. In this study, we provide an overview of current state-of-the-art methodologies, highlighting their advantages and disadvantages and the new challenges. In particular, we will see that there is no absolute best method, i.e., for any given dataset a different method may achieve the best result. Finally, we describe how the use of metaheuristics within machine learning algorithms makes it possible to have more robust and efficient tools.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.