An improved real-valued negative selection algorithm based on the constant detector for anomaly detection

2021 ◽  
Vol 40 (5) ◽  
pp. 8793-8806
Author(s):  
Dong Li ◽  
Xin Sun ◽  
Furong Gao ◽  
Shulin Liu
Keyword(s):  
Anomaly Detection ◽  
False Alarm ◽  
State Space ◽  
False Alarm Rate ◽  
Negative Selection ◽  
Detection Rate ◽  
Detection Methods ◽  
Selection Algorithm ◽  
Negative Selection Algorithm ◽  
Synthetic Datasets

Compared with the traditional negative selection algorithms produce detectors randomly in whole state space, the boundary-fixed negative selection algorithm (FB-NSA) non-randomly produces a layer of detectors closely surrounding the self space. However, the false alarm rate of FB-NSA is higher than many anomaly detection methods. Its detection rate is very low when normal data close to the boundary of state space. This paper proposed an improved FB-NSA (IFB-NSA) to solve these problems. IFB-NSA enlarges the state space and adds auxiliary detectors in appropriate places to improve the detection rate, and uses variable-sized training samples to reduce the false alarm rate. We present experiments on synthetic datasets and the UCI Iris dataset to demonstrate the effectiveness of this approach. The results show that IFB-NSA outperforms FB-NSA and the other anomaly detection methods in most of the cases.

scholarly journals Interface Detector Based on Vaccination Strategy for Anomaly Detection

2020 ◽  
Vol 2020 ◽  
pp. 1-13
Author(s):  
Yinghui Liu ◽  
Dong Li ◽  
Yuan Wei ◽  
Hongli Zhang
Keyword(s):  
Anomaly Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Adaptive Learning ◽  
Detection Rate ◽  
Vaccination Strategy ◽  
Negative Selection Algorithm ◽  
Training Samples ◽  
Testing Stage ◽  
And Training

Interface detector is an enhanced negative selection algorithm with online adaptive learning under small training samples for anomaly detection. It has better detection performance when it has an appropriate self-radius. Otherwise, overfitting or underfitting would occur. In the present paper, an improved interface detector, which is based on vaccination strategy, is proposed. During the testing stage, negative vaccine can overcome overfitting to improve the detection rate and positive vaccine can overcome underfitting to reduce the false alarm rate. The experimental results show that under the same dataset, self-radius, and training samples condition, the detection rate of the interface detector with negative vaccine is much higher than that of interface detector, SVM, and BP neural network. Moreover, the false alarm rate of the interface detector with positive vaccine is much lower than that of the interface detector and PSA.

Negative Selection Algorithm Based on Double Matching Rules

2011 ◽  
Vol 204-210 ◽  
pp. 42-45 ◽  
Author(s):  
Yu Hu ◽  
Bin Li
Keyword(s):  
False Alarm ◽  
False Alarm Rate ◽  
Negative Selection ◽  
Hamming Distance ◽  
Network Intrusion Detection ◽  
Selection Algorithm ◽  
Matching Rule ◽  
Negative Selection Algorithm ◽  
Network Intrusion ◽  
Matching Rules

The theory of artificial immune had been widely used in the research of network intrusion detection. Nowadays, the existing detector generating algorithms based on negative selection usually use a certain matching rule, as a result, too many detectors may generate, and the false alarm rate will become more serious. This paper proposes an improved negative selection algorithm using double matching rule: candidate detectors should be selected by the improved Hamming distance matching first, then the remaining detectors go through the segmented r-chunks(rch) matching rule. Experiments show that compared with traditional algorithms, this method brings a small number and more efficient detectors, reduces the false alarm rate and guarantees the efficiency of detectors.

Windows Malware Detection Method Based on the Path IRP

2014 ◽  
Vol 687-691 ◽  
pp. 2626-2629
Author(s):  
Fu Yong Zhang
Keyword(s):  
Operating System ◽  
Positive Selection ◽  
Negative Selection ◽  
Detection Rate ◽  
Detection Method ◽  
Malware Detection ◽  
Experimental Results ◽  
Selection Algorithm ◽  
Negative Selection Algorithm ◽  
Request Sequence

Because the IRP (I/O Request Packets) sequences of programs are not identical in different environments in the same operating system, which have a certain influence on the detection results. Through a lot of experiments, we found that the IRP request sequences of programs on the same operation path are consistent. Therefore, the new malware detection method based on the path IRP sequences is proposed. Every single IRP request sequence on the same operation path is extracted, Negative Selection Algorithm (NSA) and Positive Selection Algorithm (PSA) are used for detection. Experimental results reveal that our method outperforms the method which based on IRP sequences in detection rate.

scholarly journals Robust and Accurate Anomaly Detection in ECG Artifacts Using Time Series Motif Discovery

2015 ◽  
Vol 2015 ◽  
pp. 1-20 ◽  
Author(s):  
Haemwaan Sivaraks ◽  
Chotirat Ann Ratanamahatana
Keyword(s):  
Anomaly Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Motif Discovery ◽  
Expert Knowledge ◽  
Academic Research ◽  
Detection Methods ◽  
Ecg Signals ◽  
Sensitivity Specificity ◽  
Ecg Artifacts

Electrocardiogram (ECG) anomaly detection is an important technique for detecting dissimilar heartbeats which helps identify abnormal ECGs before the diagnosis process. Currently available ECG anomaly detection methods, ranging from academic research to commercial ECG machines, still suffer from a high false alarm rate because these methods are not able to differentiate ECG artifacts from real ECG signal, especially, in ECG artifacts that are similar to ECG signals in terms of shape and/or frequency. The problem leads to high vigilance for physicians and misinterpretation risk for nonspecialists. Therefore, this work proposes a novel anomaly detection technique that is highly robust and accurate in the presence of ECG artifacts which can effectively reduce the false alarm rate. Expert knowledge from cardiologists and motif discovery technique is utilized in our design. In addition, every step of the algorithm conforms to the interpretation of cardiologists. Our method can be utilized to both single-lead ECGs and multilead ECGs. Our experiment results on real ECG datasets are interpreted and evaluated by cardiologists. Our proposed algorithm can mostly achieve 100% of accuracy on detection (AoD), sensitivity, specificity, and positive predictive value with 0% false alarm rate. The results demonstrate that our proposed method is highly accurate and robust to artifacts, compared with competitive anomaly detection methods.

Sign in / Sign up

Export Citation Format

Share Document