Information fusion for anomaly detection with the dendritic cell algorithm

Anomaly detection in computer networks is a complex task that requires the distinction of normality and anomaly. Network attack detection in information systems is a constant challenge in computer security research, as information systems provide essential services for enterprises and individuals. The consequences of these attacks could be the access, disclosure, or modification of information, as well as denial of computer services and resources. Intrusion Detection Systems (IDS) are developed as solutions to detect anomalous behavior, such as denial of service, and backdoors. The proposed model was inspired by the behavior of dendritic cells and their interactions with the human immune system, known as Dendritic Cell Algorithm (DCA), and combines the use of Multiresolution Analysis (MRA) Maximal Overlap Discrete Wavelet Transform (MODWT), as well as the segmented deterministic DCA approach (S-dDCA). The proposed approach is a binary classifier that aims to analyze a time-frequency representation of time-series data obtained from high-level network features, in order to classify data as normal or anomalous. The MODWT was used to extract the approximations of two input signal categories at different levels of decomposition, and are used as processing elements for the multi resolution DCA. The model was evaluated using the NSL-KDD, UNSW-NB15, CIC-IDS2017 and CSE-CIC-IDS2018 datasets, containing contemporary network traffic and attacks. The proposed MRA S-dDCA model achieved an accuracy of 97.37%, 99.97%, 99.56%, and 99.75% for the tested datasets, respectively. Comparisons with the DCA and state-of-the-art approaches for network anomaly detection are presented. The proposed approach was able to surpass state-of-the-art approaches with UNSW-NB15 and CSECIC-IDS2018 datasets, whereas the results obtained with the NSL-KDD and CIC-IDS2017 datasets are competitive with machine learning approaches.

Download Full-text

A Dendritic Cell Algorithm for real-time anomaly detection

2012 IEEE International Conference on Computer Science and Automation Engineering (CSAE) ◽

10.1109/csae.2012.6272635 ◽

2012 ◽

Cited By ~ 1

Author(s):

Song Yuan ◽

Qi-juan Chen

Keyword(s):

Dendritic Cell ◽

Anomaly Detection ◽

Real Time ◽

Dendritic Cell Algorithm

Download Full-text

Towards Bio-Inspired Anomaly Detection Using the Cursory Dendritic Cell Algorithm

Algorithms ◽

10.3390/a15010001 ◽

2021 ◽

Vol 15 (1) ◽

pp. 1

Author(s):

Carlos Pinto ◽

Rui Pinto ◽

Gil Gonçalves

Keyword(s):

Dendritic Cell ◽

Anomaly Detection ◽

Production Systems ◽

Detection System ◽

Artificial Immune Systems ◽

Object Oriented ◽

Research Area ◽

Detection Problem ◽

Network Intrusion ◽

Dendritic Cell Algorithm

The autonomous and adaptable identification of anomalies in industrial contexts, particularly in the physical processes of Cyber-Physical Production Systems (CPPS), requires using critical technologies to identify failures correctly. Most of the existing solutions in the anomaly detection research area do not consider such systems’ dynamics. Due to the complexity and multidimensionality of CPPS, a scalable, adaptable, and rapid anomaly detection system is needed, considering the new design specifications of Industry 4.0 solutions. Immune-based models, such as the Dendritic Cell Algorithm (DCA), may provide a rich source of inspiration for detecting anomalies, since the anomaly detection problem in CPPS greatly resembles the functionality of the biological dendritic cells in defending the human body from hazardous pathogens. This paper tackles DCA limitations that may compromise its usage in anomaly detection applications, such as the manual characterization of safe and danger signals, data analysis not suitable for online classification, and the lack of an object-oriented implementation of the algorithm. The proposed approach, the Cursory Dendritic Cell Algorithm (CDCA), is a novel variation of the DCA, developed to be flexible and monitor physical industrial processes continually while detecting anomalies in an online fashion. This work’s contribution is threefold. First, it provides a comprehensive review of Artificial Immune Systems (AIS), focusing on AIS applied to the anomaly detection problem. Then, a new object-oriented architecture for the DCA implementation is described, enabling the modularity and abstraction of the algorithm stages into different classes (modules). Finally, the CDCA for the anomaly detection problem is proposed. The CDCA was successfully validated in two industrial-oriented dataset benchmarks for physical anomaly and network intrusion detection, the Skoltech Anomaly Benchmark (SKAB) and M2M using OPC UA. When compared to other algorithms, the proposed approach exhibits promising classification results. It was placed fourth on the SKAB scoreboard and presented a competitive performance with the incremental Dendritic Cell Algorithm (iDCA).

Download Full-text

Double Anomaly Detection Algorithm Based on Dendritic Cells

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.926-930.3034 ◽

2014 ◽

Vol 926-930 ◽

pp. 3034-3037

Author(s):

Lian Cheng Xu ◽

Di Xu ◽

Guang Gang Zhou ◽

Xiu Yan Hou

Keyword(s):

Dendritic Cells ◽

Dendritic Cell ◽

Anomaly Detection ◽

High Efficiency ◽

Data Preprocessing ◽

Original Data ◽

Detection Algorithm ◽

Preprocessing Method ◽

Dendritic Cell Algorithm ◽

Anomaly Index

On the problem of data quantity in anomaly detection, traditional dendritic cell algorithms should be improved by proposing an antigen data preprocessing method which introduced suspected abnormal base. The abnormal data should be judged with high efficiency in the shortest time possible by double anomaly detection. First of all, set of the original data should be preprocessed into individual antigen, and was matched with the suspected abnormal base to conduct the first anomaly detection. Then a double anomaly detection should be conducted by dendritic cell algorithm and the intensity of anomaly be judged according to the dynamic anomaly index. Experiments show that this algorithm produces better effect on both time and accuracy.

Download Full-text

Implementation of dendritic cell algorithm as an anomaly detection method for port scanning attack

2015 International Conference on Information Technology Systems and Innovation (ICITSI) ◽

10.1109/icitsi.2015.7437688 ◽

2015 ◽

Cited By ~ 5

Author(s):

Silvia Anandita ◽

Yusep Rosmansyah ◽

Budiman Dabarsyah ◽

Jong Uk Choi

Keyword(s):

Dendritic Cell ◽

Anomaly Detection ◽

Detection Method ◽

Dendritic Cell Algorithm

Download Full-text

Method of Locating Anomaly Source in Software System Based on Dendritic Cell Algorithm

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.556-562.6255 ◽

2014 ◽

Vol 556-562 ◽

pp. 6255-6258

Author(s):

Sai Liu ◽

Jie Ke

Keyword(s):

Dendritic Cell ◽

Anomaly Detection ◽

Real Time ◽

Software System ◽

The Real ◽

Dendritic Cell Algorithm ◽

Real Time Detection ◽

Improved Algorithm

The method of anomaly detection in traditional software system cannot locate anomaly or find the lack of abnormal source accurately and timely. With regard to this deficiency, this paper presents an improved algorithm based on biological immune dendritic cell algorithm. This method aims to modify PAMP signal to achieve the purpose of locating anomaly source. It proves not only applicable to the real-time detection, but also to locate the anomaly source and processing, which further improves the accuracy of anomaly detection.

Download Full-text