Immunology as a Metaphor for Computational ... - Napier University
Immunology as a Metaphor for Computational ... - Napier University
Immunology as a Metaphor for Computational ... - Napier University
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter 2. Background 18system. The b<strong>as</strong>ic principles behind all of these models are <strong>as</strong> follows (modified fromD<strong>as</strong>gupta [D<strong>as</strong>gupta and Forrest, 1999])Define self <strong>as</strong> a multiset S of strings of length l over a finite alphabet, a collection¢which we wish to process or monitorGenerate a set R of detectors, each of which fails to match any string in S. (A¢partial matching rule may be applied)Monitor S <strong>for</strong> changes by continually matching the detectors against S. If any¢detector ever matches, a change or deviation must have occurred.This b<strong>as</strong>ic algorithm h<strong>as</strong> been employed extensively in computer security applications.[Forrest et al., 1994] applied the analogy to computer virus detection, to hostb<strong>as</strong>edintrusion detection[Forrest et al., 1997a], and to making computers robust towide-spread attacks, [Forrest et al., 1997b]. [Hofmeyr and Forrest, 2000] describe afurther system <strong>for</strong> protecting local area networks (LANs) from network-b<strong>as</strong>ed attacks.The key to each of these applications clearly lies in defining ’self’ in each c<strong>as</strong>e. Forexample, in Hofmeyr’s work on LAN security, self is defined <strong>as</strong> a set of datapath triplesdefining TCP connections logged to the network. These were collected over a periodof 50 days, which after filtering out noisy traffic sources such <strong>as</strong> web-servers, resultedin a set of 1.5 million datapaths.The negative detection algorithm h<strong>as</strong> also been applied by D<strong>as</strong>gupta in[D<strong>as</strong>gupta and Forrest, 1996, D<strong>as</strong>gupta, 1996] to detecting anomalies in time seriesdata. In this c<strong>as</strong>e, the aim is to detect temporal changes in the cutting <strong>for</strong>ce patternsobtained from machine tool data, and thus predict when a machine is likely to break. Inthis c<strong>as</strong>e, self is defined by first collecting raw sensory data from machines in normaloperation over a moving time window and mapping this real-valued data into a binary<strong>for</strong>m (essentially by normalising each analog value with respect to a defined range anddiscretising it into bins — each data point is <strong>as</strong>signed the integer corresponding to thebin within which it falls).In [Hofmeyr and Forrest, 2000], Hofmeyr describes a general immune frameworkcalled ARTIS, b<strong>as</strong>ed on the principle of negative selection, which embodies many ofthe characteristics of the biological immune system. In this system, a set of detectors is