IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Intrusion detection systems and multisensor data fusion
Communications of the ACM
Neural Networks: A Comprehensive Foundation
Neural Networks: A Comprehensive Foundation
Artificial Immune Systems: A New Computational Intelligence Paradigm
Artificial Immune Systems: A New Computational Intelligence Paradigm
An Imunogenetic Technique To Detect Anomalies In Network Traffic
GECCO '02 Proceedings of the Genetic and Evolutionary Computation Conference
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Anomaly Detection Using Real-Valued Negative Selection
Genetic Programming and Evolvable Machines
Revisiting LISYS: parameters and normal behavior
CEC '02 Proceedings of the Evolutionary Computation on 2002. CEC '02. Proceedings of the 2002 Congress - Volume 02
A hybrid machine learning approach to network anomaly detection
Information Sciences: an International Journal
Immune system approaches to intrusion detection --- a review
Natural Computing: an international journal
Expert Systems with Applications: An International Journal
A linear genetic programming approach to intrusion detection
GECCO'03 Proceedings of the 2003 international conference on Genetic and evolutionary computation: PartII
ICARIS'07 Proceedings of the 6th international conference on Artificial immune systems
An immunity-based technique to characterize intrusions in computernetworks
IEEE Transactions on Evolutionary Computation
IEEE Network: The Magazine of Global Internetworking
Editorial: Special Issue on "Nature Inspired Problem-Solving"
Information Sciences: an International Journal
Information Sciences: an International Journal
Probabilistic Self-Organizing Graphs
IWANN '09 Proceedings of the 10th International Work-Conference on Artificial Neural Networks: Part I: Bio-Inspired Systems: Computational and Ambient Intelligence
Using machine learning in a cooperative hybrid parallel strategy of metaheuristics
Information Sciences: an International Journal
Multivariate Student-t self-organizing maps
Neural Networks
Optimization of Real-Valued Self Set for Anomaly Detection Using Gaussian Distribution
AICI '09 Proceedings of the International Conference on Artificial Intelligence and Computational Intelligence
Baldwinian learning in clonal selection algorithm for optimization
Information Sciences: an International Journal
Information Sciences: an International Journal
A cooperative immunological approach for detecting network anomaly
Applied Soft Computing
Evolving boundary detector for anomaly detection
Expert Systems with Applications: An International Journal
Probabilistic self-organizing maps for qualitative data
Neural Networks
A novel Artificial Immune System for fault behavior detection
Expert Systems with Applications: An International Journal
Generalized association rule mining with constraints
Information Sciences: an International Journal
Structural design of the danger model immune algorithm
Information Sciences: an International Journal
A hybrid network intrusion detection system using simplified swarm optimization (SSO)
Applied Soft Computing
Information Sciences: an International Journal
idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL injection through data mining
Information Sciences: an International Journal
Information Sciences: an International Journal
| Hi-index | 0.07 |
Network intrusion detection is the problem of detecting unauthorised use of, or access to, computer systems over a network. Two broad approaches exist to tackle this problem: anomaly detection and misuse detection. An anomaly detection system is trained only on examples of normal connections, and thus has the potential to detect novel attacks. However, many anomaly detection systems simply report the anomalous activity, rather than analysing it further in order to report higher-level information that is of more use to a security officer. On the other hand, misuse detection systems recognise known attack patterns, thereby allowing them to provide more detailed information about an intrusion. However, such systems cannot detect novel attacks. A hybrid system is presented in this paper with the aim of combining the advantages of both approaches. Specifically, anomalous network connections are initially detected using an artificial immune system. Connections that are flagged as anomalous are then categorised using a Kohonen Self Organising Map, allowing higher-level information, in the form of cluster membership, to be extracted. Experimental results on the KDD 1999 Cup dataset show a low false positive rate and a detection and classification rate for Denial-of-Service and User-to-Root attacks that is higher than those in a sample of other works.