Botnet is a network and internet risk. It is necessary to detect botnet by analyzing and monitoring in order to quickly prevent them. Most approaches are proposed to detect bots using processing and preprocessing on a...
详细信息
Botnet is a network and internet risk. It is necessary to detect botnet by analyzing and monitoring in order to quickly prevent them. Most approaches are proposed to detect bots using processing and preprocessing on a large number of incoming information from network packets, structures, etc. The recent growth of Internet and network environments has caused a significant growth in botnet attack. Accordingly, the traditional approaches are not good for botnet detection. This paper presents a new approach for the detection of botnet within networks. The proposed detection model is used to compare four attacks, the IRC, HTTP, DNS and P2P, which are used by botnet. Additionally, this model evaluates the accuracy of botnet detection. We use network nerves and correlation and also NSA (negative selection algorithm) which is based on the artificial immune system to identify botnet and compare our results with random forest, K-neighbors, SVM, Gaussian NB, CNN, LSTM algorithms. Our method (CNN-LSTM) presents shorter training time and higher accuracy. In this experiment, we use ISOT and ISCX botnet dataset which are labeled as traffic data. In addition, we investigate various types of botnet attacks and the final evaluation is presented.
The negative selection algorithm(NSA)is an adaptive technique inspired by how the biological immune system discriminates the self from *** asserts itself as one of the most important algorithms of the artificial immun...
详细信息
The negative selection algorithm(NSA)is an adaptive technique inspired by how the biological immune system discriminates the self from *** asserts itself as one of the most important algorithms of the artificial immune system.A key element of the NSA is its great dependency on the random detectors in monitoring for any ***,these detectors have limited *** detectors are generated,leading to difficulties for detectors to effectively occupy the non-self *** alleviate this problem,we propose the nature-inspired metaheuristic cuckoo search(CS),a stochastic global search algorithm,which improves the random generation of detectors in the *** characteristics such as mutation,crossover,and selection operators make the CS attain global *** the use of Lévy flight and a distance measure,efficient detectors are *** results show that integrating CS into the negative selection algorithm elevated the detection performance of the NSA,with an average increase of 3.52%detection rate on the tested *** proposed method shows superiority over other models,and detection rates of 98%and 99.29%on Fisher’s IRIS and Breast Cancer datasets,***,the generation of highest detection rates and lowest false alarm rates can be achieved.
Path testing is one of the areas covered in structural testing. In this process, it is a key challenge to search for a set of test data in the whole search space to satisfy path coverage. Thus, finding an efficient me...
详细信息
Path testing is one of the areas covered in structural testing. In this process, it is a key challenge to search for a set of test data in the whole search space to satisfy path coverage. Thus, finding an efficient method for generating test data automatically is a key issue in software testing. This paper proposed a method based on negative selection algorithm (NSA) for generating test data to satisfy the path coverage criterion. The results show that NSA could reduce the number of test data generated and improve the coverage percentage, as well as enhance the efficiency of the test data generation process. To evaluate the performance of the method, results from the proposed method were compared with random testing and a previous work that used Genetic algorithm and Ant Colony Optimization. The results demonstrate that NSA outperforms other methods in reducing the number of test data that cover all program paths even the difficult ones. (C) 2016 Elsevier B.V. All rights reserved.
Compared with the traditional negative selection algorithms produce detectors randomly in whole state space, the boundary-fixed negative selection algorithm (FB-NSA) non-randomly produces a layer of detectors closely ...
详细信息
Compared with the traditional negative selection algorithms produce detectors randomly in whole state space, the boundary-fixed negative selection algorithm (FB-NSA) non-randomly produces a layer of detectors closely surrounding the self space. However, the false alarm rate of FB-NSA is higher than many anomaly detection methods. Its detection rate is very low when normal data close to the boundary of state space. This paper proposed an improved FB-NSA (IFB-NSA) to solve these problems. IFB-NSA enlarges the state space and adds auxiliary detectors in appropriate places to improve the detection rate, and uses variable-sized training samples to reduce the false alarm rate. We present experiments on synthetic datasets and the UCI Iris dataset to demonstrate the effectiveness of this approach. The results show that IFB-NSA outperforms FB-NSA and the other anomaly detection methods in most of the cases.
negative selection algorithm is the core algorithm of artificial immune system. It only uses the self for training and generates detectors to detect abnormalities. Holes are feature space areas that the detector fails...
详细信息
negative selection algorithm is the core algorithm of artificial immune system. It only uses the self for training and generates detectors to detect abnormalities. Holes are feature space areas that the detector fails to cover, it is the root cause of the performance degradation of the negative selection algorithm. The conventional method generates a large number of detectors randomly to repair the holes, which is time-consuming and not effective. To alleviate the problem, we propose a V-Detector-KN algorithm in this paper. V-Detector is the abbreviation of the real-valued negative selection algorithm with Variable-sized Detectors, KN represents Known Nonself. The V-Detector-KN algorithm uses the known nonself as the candidate detector to further generate the detector based on the V-Detector randomly generated detector, so as to realize the repair of holes. Compared with the conventional method to randomly generate detectors to repair holes, our proposed V-Detector-KN method uses known nonself to repair holes, reducing the randomness and blindness of hole repair. Theoretical analysis shows that the detection rate of our algorithm is not lower than that of the conventional V-Detector algorithm. The results of experiment comparing with other 6 algorithms on 7 UCI data sets show the superiority of our proposed algorithm.
The adaptive nature of unsolicited email by the use of huge mailing tools prompts the need for spam detection. Implementation of different spam detection methods based on machine learning techniques was proposed to so...
详细信息
The adaptive nature of unsolicited email by the use of huge mailing tools prompts the need for spam detection. Implementation of different spam detection methods based on machine learning techniques was proposed to solve the problem of numerous email spam ravaging the system. Previous algorithm used in email spam detection compares each email message with spam and non-spam data before generating detectors while our proposed system inspired by the artificial immune system model with the adaptive nature of negative selection algorithm uses special features to generate detectors to cover the spam space. To cope with the trend of email spam, a novel model that improves the random generation of a detector in negative selection algorithm (NSA) with the use of stochastic distribution to model the data point using particle swarm optimization (PSO) was implemented. Local outlier factor is introduced as the fitness function to determine the local best (Pbest) of the candidate detector that gives the optimum solution. Distance measure is employed to enhance the distinctiveness between the non-spam and spam candidate detector. The detector generation process was terminated when the expected spam coverage is reached. The theoretical analysis and the experimental result show that the detection rate of NSA-PSO is higher than the standard negative selection algorithm. Accuracy for 2000 generated detectors with threshold value of 0.4 was compared. negative selection algorithm is 68.86% and the proposed hybrid negative selection algorithm with particle swarm optimization is 91.22%. (C) 2014 Elsevier B.V. All rights reserved.
negative selection algorithm (NSA) is one of the major algorithms developed within artificial immune system (AIS) and can be used for network security, fault detection, especially, anomaly detection. NSA generates the...
详细信息
negative selection algorithm (NSA) is one of the major algorithms developed within artificial immune system (AIS) and can be used for network security, fault detection, especially, anomaly detection. NSA generates the detectors based on the self space. Due to the drawbacks of the current representation of the self space in NSAs, the generated detectors cannot enough cover the non-self space and at the same time, cover some of the self space. In this paper, an extension of real-valued negative selection algorithm with the variable-sized self radius and bi-directional matching rule are introduced. Using the variable-sized self radius and bi-directional matching rule, we can construct an appropriate profile of the system, and then based on the constructed profile of the system we produce the more quality detectors to cover the non-self space;at the same time, using the variable-sized self radius and bi-directional matching rule, we can decrease the number of detectors and cover enough the non-self space. In our experiments, this approach is tested using the well-known real world datasets;preliminary results show that the new approach improves the overall performance of detectors and without increase in complexity.
negative selection algorithm (NSA) is an important method for generating detectors in artificial immune systems. Traditional NSAs randomly generate detectors in the whole feature space. However, with increasing dimens...
详细信息
negative selection algorithm (NSA) is an important method for generating detectors in artificial immune systems. Traditional NSAs randomly generate detectors in the whole feature space. However, with increasing dimensions, data samples aggregate in some specific subspaces, not uniformly distributed in the whole space. The detectors randomly generated by traditional NSAs cannot exactly fall into these specific subspaces, which results in a low coverage of detectors and a poor performance in a high-dimensional space. To overcome this defect, an improved real NSA based on subspace density seeking (SDS-RNSA) is proposed in this paper. In an SDS-RNSA, a subspace density seeking algorithm is adopted to procure the dense subspace regions of samples. Then, detectors are generated in each subspace region to cover up nonself-region efficiently and improve the performance of the algorithm. During the process of detector generation, the redundancy of candidate detectors is calculated, and the redundant is eliminated to minimize the time expense of the algorithm. Experimental results demonstrate that, compared with the classic NSAs, the SDS-RNSA can significantly improve the detection rate with an approximative false alarm rate and a smaller time expense. At the best case, the detection rate of the SDS-RNSA is increased by 14.7%, while the time expense is decreased by 78.1%.
Inspired by the self/nonself discrimination theory of the natural immune system, the negative selection algorithm (NSA) is an emerging computational intelligence method. Generally, detectors in the original NSA are fi...
详细信息
Inspired by the self/nonself discrimination theory of the natural immune system, the negative selection algorithm (NSA) is an emerging computational intelligence method. Generally, detectors in the original NSA are first generated in a random manner. However, those detectors matching the self samples are eliminated thereafter. The remaining detectors can therefore be employed to detect any anomaly. Unfortunately, conventional NSA detectors are not adaptive for dealing with time-varying circumstances. In the present paper, a novel neural networks-based NSA is proposed. The principle and structure of this NSA are discussed, and its training algorithm is derived. Taking advantage of efficient neural networks training, it has the distinguishing capability of adaptation, which is well suited for handling dynamical problems. A fault diagnosis scheme using the new NSA is also introduced. Two illustrative simulation examples of anomaly detection in chaotic time series and inner raceway fault diagnosis of motor bearings demonstrate the efficiency of the proposed neural networks-based NSA.
The negative selection algorithm (NSA) is one of models in artificial immune systems. Traditional NSAs do not perform any differentiation for training self dataset and only use the mechanism of negativeselection. The...
详细信息
The negative selection algorithm (NSA) is one of models in artificial immune systems. Traditional NSAs do not perform any differentiation for training self dataset and only use the mechanism of negativeselection. They will generate excessive invalid detectors and have poor detection performance when the training selves contain noisy data. Inspired by immune suppression mechanism, an outlier robust NSA is proposed. The new algorithm will divide the training selves into internal selves, boundary selves and outlier selves. At the same time, the information hiding in different kind of selves is fully utilized. Furthermore, by combining negativeselection mechanism with positive selection mechanism, the new algorithm can cover the non-self region more effectively. The experiment results show that no matter the training self data is clean or not, the new algorithm can obtain better detection performance with fewer detectors.
暂无评论