Elements of information theory
Elements of information theory
A Tutorial on Support Vector Machines for Pattern Recognition
Data Mining and Knowledge Discovery
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
IEEE Security and Privacy
Is negative selection appropriate for anomaly detection?
GECCO '05 Proceedings of the 7th annual conference on Genetic and evolutionary computation
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Applicability issues of the real-valued negative selection algorithms
Proceedings of the 8th annual conference on Genetic and evolutionary computation
Detecting anomalies in network traffic using maximum entropy estimation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Implementing and testing a virus throttle
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Dendritic cells for SYN scan detection
Proceedings of the 9th annual conference on Genetic and evolutionary computation
Evo'08 Proceedings of the 2008 conference on Applications of evolutionary computing
LIBSVM: A library for support vector machines
ACM Transactions on Intelligent Systems and Technology (TIST)
On the use of hyperspheres in artificial immune systems as antibody recognition regions
ICARIS'06 Proceedings of the 5th international conference on Artificial Immune Systems
Articulation and clarification of the dendritic cell algorithm
ICARIS'06 Proceedings of the 5th international conference on Artificial Immune Systems
A comparative study of real-valued negative selection to statistical anomaly detection techniques
ICARIS'05 Proceedings of the 4th international conference on Artificial Immune Systems
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Review Article: Recent Advances in Artificial Immune Systems: Models and Applications
Applied Soft Computing
Accurate network anomaly classification with generalized entropy metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
In this paper, we show that a Bio-inspired classifier's accuracy can be dramatically improved if it operates on intelligent features. We propose a novel set of intelligent features for the well-known problem of malware portscan detection. We compare the performance of three well-known Bio-inspired classifiers operating on the proposed intelligent features: (1) Real Valued Negative Selection (RVNS) based on the adaptive immune system; (2) Dendritic Cell Algorithm (DCA) based on the innate immune system; and (3) Adaptive Neuro Fuzzy Inference System (ANFIS). To empirically evaluate the improvements provided by the intelligent features, we use a network traffic dataset collected on diverse endpoints for a period of 12 months. The endpoints' traffic is infected with well-known malware. For unbiased performance comparison, we also include a machine learning algorithm, Support Vector Machine (SVM), and two state-of-the-art statistical malware detectors, Rate-Limiting (RL) and Maximum-Entropy (ME). To the best of our knowledge, this is the first study in which RVNS and DCA are not only compared with each other but also with several other classifiers on a comprehensive real-world dataset. The experimental results indicate that our proposed features significantly improve the TP rate and FP rate of both RVNS and DCA.