November2010
Title: Onthe appliation ofArtiialImmuneSystemsfor anomaly detetion.
Supervisors: ManuelEduardoCorreia(md.f.up.pt)andMárioAntunes(mario.antunesestg.ipleiria.pt)
CRACS-INESCLA,DepartmentofComputerSiene, FaultyofSiene,OportoUniversity
Thefuntionsof anomaly detetionandself/non-self distintionembodied bythe Vertebrate
Immune System (IS) have been a very attrative soure of inspiration for the development of
innovative Artiial Immune Systems (AIS) [5℄ applied within the ontext of anomaly dete-
tion [7℄. The two most popular immunologial theories that have been used thus far for the
deploymentofeetiveanomalydetetionAISframeworksareNegativeSeletion(NS)andDan-
gerTheory (DT)[7℄. Despite thepromisingresultsahievedthusfar, theyprovedto havesome
welldoumenteddiulties indealingwithrealworldproblems[7℄.
Morereently,otherpromisingimmunologialtheorieshavebeenappliedforthedevelopmentof
newAISanomalydetetionframeworks. OneofsuhtheoriesistheTunableAtivationThreshold
(TAT) theory, whih postulates that self tolerane and non-self disrimination is produed by
the tunable adjustment of immune ells ativation thresholds on some well known enzymati
levels[6, 4℄.
Inthe pastthree yearswehavedevelopedageneriand ontext-independentAISframework
basedonTAT[2,1, 3℄. This frameworkembodies animmunologialmetaphor betweenimmune
ells and artiial ounterparts, as well as the adopted model. We have also made extensive
eetiveness tests on several problem domains, for example by proessing data sets omprised
of real-world omputer network tra and have, for this ase, ompared the AIS performane
withoneofthemostommonly usedsignature-basedIDS;theSnort-IDS. Thepromisingresults
obtainedthusfarmotivatedusto proposethefollowingresearhativities:
1. Researhinnovativepre-proessingmethodologiesfornetworktrathatouldimproveTAT
anomaly detetionperformane.
2. Extend TAT proessing for other appliation domains where we have already made some
experimentswithTAT,likeemailspamdetetionand textlassiation.
3. FinetunetheTATadoptedmodel,namely(1)NewwaysofalulatingthesignaleahT-ell
reeivesinitsinterationswiththeenvironment(i.e. networktraoremailmessages)and
(2)exploreandevaluateseveralnewanitymetrisforthesimulator.
4. Explorenewmethodologiesfortheoptimizationofthesimulatorrun-timeparameterset.
5. DevelopTAT-AISasaplug-infortheSnort-IDSsystem.
6. Takeadvantageofmulti-orearhiteturesbyparalysingtheellsimulatorrun-timeyles.
7. Developnew strategies for the deployment of TAT embedded within an ensemble ontext
omposed by other mahine learning approahes, like for exampleSVM. Wehave already
triedthisapproahonthefreetextlassiationdomain,withverypromisingresults.
[1℄ M. Antunes and M.Correia. Selftolerane by tuning t-ell ativation: an artiial immune
systemforanomalydetetion. InSpringerLNICST,editor,Bionetis, 2010.
[2℄ M. Antunesand M.Correia. TemporalAnomaly Detetion: anArtiial ImmuneApproah
Basedon T-ell Ativation, Clonal SizeRegulationandHomeostasis. Advanes inComputa-
tional Biology- Bookseries,680:291298,2010.
[3℄ M.J. Antunes and M.E. Correia. An Artiial Immune System for Temporal Anomaly De-
tetion Using Cell Ativation Thresholds and Clonal Size Regulation with Homeostasis. In
Bioinformatis, Systems Biology and Intelligent Computing, 2009. IJCBS'09. International
Joint Confereneon, pages323326.IEEE,2009.
[4℄ J.Carneiro,T.Paixão,D.Milutinovi,J.Sousa,K.Leon,R.Gardner,andJ.Faro. Immuno-
logial self-tolerane: Lessons from mathematial modeling. Journal of Computational and
AppliedMathematis,184(1):77100,2005.
[5℄ L.N.deCastroandJ.Timmis.ArtiialImmuneSystems: ANewComputationalIntelligene
Approah. Springer,2002.
[6℄ Z.GrossmanandWEPaul. Adaptiveellularinterationsintheimmunesystem:Thetunable
ativationthresholdandthesignianeofsubthresholdresponses.ProeedingsoftheNational
Aademy ofSienes, 89(21):1036510369,1992.
[7℄ J.Kim,P.J.Bentley,U.Aikelin,J.Greensmith,G.Tedeso,andJ.Twyross.Immunesystem
approahestointrusiondetetion-areview. NaturalComputing,6(4):413466,2007.
