Title: The dual negative selection algorithm and its application for network anomaly detection

Authors: Xufei Zheng; Yanhui Zhou; Yonghui Fang

Addresses: Faculty of Computer and Information Science, Southwest University, China ' Faculty of Computer and Information Science, Southwest University, China ' Faculty of Electronic and Information Engineering, Southwest University, China

Abstract: Negative selection algorithm (NSA) is an important artificial immune detectors generation method for network anomaly detection. In this paper, we put forward the dual negative selection algorithm (DNSA) which includes two negative selection processes. In the first negative selection process, every randomly generated candidate detector tolerates with mature detector set and becomes semi-mature detector when not matches with any existing mature detectors. In the second negative selection process, the semi-mature detector tolerates with self set and becomes mature detector when not matches with any self element. The DNSA avoids the unnecessary and time-consuming self-tolerance process of candidate detector within the coverage of existing mature detectors, thus greatly reduces detector set size, and significantly improves detector generation efficiency. Theoretical analysis and simulations show that the DNSA effectively improves detector generation efficiency, and more suitable for network anomaly detection than traditional NSAs.

Keywords: artificial immune system; AIS; negative selection algorithm; NSA; variable-sized detector; dual negative selection algorithm; DNSA; network anomaly detection.

DOI: 10.1504/IJICT.2017.085464

International Journal of Information and Communication Technology, 2017 Vol.11 No.1, pp.94 - 118

Received: 04 Oct 2014
Accepted: 28 Oct 2014
Published online: 28 Jul 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article