[Retracted] Temporal Logic-Based Artificial Immune System for Intrusion Detection

Chen, Xiyue; Pang, Jianmin

doi:https://doi.org/10.1155/2022/4685754

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Related Work Results and Discussion Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article Retraction

!

This article has been Retracted. To view the article details, please click the ‘Retraction’ tab above.

Special Issue

Machine Learning Enabled Signal Processing Techniques for Large Scale 5G and 5G Networks

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 4685754 | https://doi.org/10.1155/2022/4685754

[Retracted] Temporal Logic-Based Artificial Immune System for Intrusion Detection

Xiyue Chen^1,2and Jianmin Pang²

Academic Editor: Mohammad Farukh Hashmi

Received28 Dec 2021

Accepted08 Feb 2022

Published09 Mar 2022

Abstract

Artificial immune system has made many contributions to network security areas, but there are still problems of insufficient detection range and high time cost. This paper presents a Hybrid Detector (HD) mechanism in which temporal logic antigens are proposed. The HD mechanism is constructed by using the advantage of temporal logic to describe time-varying behaviors in system. Finally, simulation experiments were carried out on KDD99 and NSL-KDD datasets. Experimental results show that the proposed method can extend the detection range and improve the detection rate. This work proves the possibility of applying temporal logic to AIS system.

1. Introduction

Intrusion Detection (ID) is an important network security technology and has achieved good results. However, there are still problems of insufficient detection range and low detection rate. Facing lots of increasingly complex attack patterns in the network, single intrusion detection technology falls short of detection ability seriously. In contrast, the human immune system generates new immune cells so that it is able to detect previously unknown and rapidly evolving harmful antigens [1].

This paper uses the intrusion detection method based on artificial immunity system. The artificial immune system realizes recognition, learning, memory, and elimination by imitating the principle of the immune system. This method has good performance in intelligent network, intelligent robot, data mining, and so on.

The semantics of common linear temporal logic formula are interpreted at points [2, 3]. The point represents a state and the relationship between points represents the temporal relationship between states. In a series of application fields including hardware circuits, this sequential relationship description ability cannot even describe the properties expressed by regular expressions. Different from point semantics-based LTL, Moszkowski proposed an interval temporal logic (ITL) based on interval semantics [4, 5]. The logic formula is interpreted and satisfied on an interval composed of discrete points with continuous positions. Therefore, compared with LTL, the former has stronger property description ability. At present, ITL logic has been applied to sequential circuit [6, 7], web service [8–10], multimedia [11], PLTL judgment algorithm and axiomatic completeness analysis [12], and other fields.

We proposed a hybrid detector mechanism based on Interval Temporal Logic (ITL) to improve the detection rate on some certain attacks and expand the detection range. The hybrid detectors are acting as antigens in the artificial immune system for intrusion detection. This hybrid detector mechanism of R-L module is constructed by using the advantage of interval temporal logic to describe time-varying behaviors in the system.

The contributions of this paper are as follows: (1)We applied ITL into artificial immune system to expand the detection range(2)The proposed AIS can gain a higher detection rate(3)Comparisons on KDD dataset and NSL-KDD dataset is performed

This paper is arranged as a brief outline of related studies and the Interval Temporal Logic is covered in Section 2; Section 3 gives details of the proposed system; Experiment and results are given in Section 4. Conclusions and future directions are provided in Section 5.

2.1. Related Work

At present, intrusion detection systems can be roughly divided into five kinds: pattern-based, rule-based, statistics-based, status-based, and heuristic [13, 14]. Pattern-based methods can detect known attacks through pattern matching [15], Petri net [16, 17], keystroke monitoring, and file system inspection [18]. Rule-based detection system can be divided into rule-based [19], data mining [20], model-based/profile-based [21], and support vector machine (SVM) [22]. The system based on statistics is divided into statistics [23, 24], distance-based [25], Bayesian [26], and game theory. State-based systems include state transition analysis [27], user intent recognition [28], Markov process model [29], and stateful protocol analysis (SPA) [30]. Heuristic technologies are divided into neural network [31], fuzzy logic [32], genetic algorithm [33], immune system [34], and swarm intelligence [35–37].

As for artificial immune system, Forrest et al. (on negative selection) and Kephart et al. [38] published their first papers on AIS in 1994, and Dasgupta conducted extensive studies on Negative Selection Algorithms. Hunt and Cooke (Hunt 1999) started the works on Immune Network models in 1995; Timmis and Neal [39] continued this work and made some improvements. De Castro and Von Zuben’s and Nicosia and Cutello’s [40, 41] work (on clonal selection) became notable in 2002.

Hofmeyr proposed LISYS system which includes the use of negative selection algorithm to generate initial detector (immature detectors) populations. In order to achieve the adaptability, many mechanisms are put forward: mature detectors, memory detectors, tolerance period, activation threshold, and life span mechanisms. While the evolutionary idea of detector population is not proposed in LISYS model, Kim proposed a complete artificial immune model of network intrusion detection, which includes three different evolutionary stages: Negative Selection Algorithm (NSA), Clonal Selection Algorithm (CSA), and gene library evolution. But the model of negative selection, unlike LISYS system, uses the NSA to filter predetector which is produced by the gene expression and gene recombination. In the field of AIS-based network intrusion detection, Kim’s contribution is to propose the evolutionary idea of detector population using clonal selection algorithm (CSA).

2.2. Temporal Logic

Temporal Logic (TL) finds application in computer science, artificial intelligence, and linguistics. First-order interval temporal logic was initially developed in 1980s for the specification and verification of hardware protocols. Interval temporal logic (ITL) is a specific form of temporal logic, originally developed by Ben Moszkowski for his thesis at Stanford University. It is useful in the formal description of hardware and software for computer-based systems.

ITL is a flexible notation for both propositional and first-order reasoning about periods of time found in descriptions of hardware and software systems. Unlike most other temporal logics, ITL can handle both sequential and parallel composition and offers powerful and extensible specification and proof techniques for reasoning about properties involving safety, liveness, and projected time [42]. Tempura provides an executable framework for developing and experimenting with suitable ITL specifications [43]. In addition, various researchers have applied Tempura to hardware simulation and other areas where timing is important.

3. Temporal Logic-Based Artificial Immune System

In the artificial immune system, any foreign object is considered an antigen. The AIS will produce antibodies to defend the antigen. When an antigen enters the body for the first time, the organism produces antibodies based on its strategy. When the antigen enters the body again, the organism immediately produces a large number of antibodies. This principle is similar to that of intrusion detection. In AIS-based intrusion detection system, abnormal behaviors are regarded as foreign objects, and AIS is used to determine whether the behavior is an attack. There are four categories of algorithms in AIS: Forrest et al. proposed negative selection algorithm in 1994. Castro and Zuben proposed clone selection algorithm. Chun [44] proposed genetic algorithm which is a combination of genetic algorithm and immune algorithm to increase chromosome diversity and dendritic cell algorithm.

Firstly, we hypothesize that AIS has no antigens nor antibodies. Unknown samples are encoded as antigens, and all the other samples in the sample set may be antibodies. The antigen was added to AIS and then one candidate antibody was added at a time. At first, the size of the antibody collection will decrease slightly (to eliminate the antibodies with low matching degree); then, new antibodies will be produced. The way new antibodies are added depends on the clonal selection algorithm. Once the number of antibodies reaches its maximum, the system repeats the process of dying weak antibodies and producing new antibodies until AIS reaches a stabilized state.

The pseudo of AIS is below:

Initialise artificial immune systems
Preprocessing antigens AG
while (AIS not Full) & (More Antibodies)
do{
Add next sample as an antibody AB
Calculate matching scores between AB and AG
while (AIS is Full) & (AIS not stable)
do{
Reduce Concentration of all AB by a fixed amount
Match each AB against AG and stimulate as necessary
}end while
}end while

Use final set of antibodies to produce recommendation.

3.1. Signature Generation Module

3.1.1. Preprocessing

The preprocessing process is as follows: Each record of the sample has 41 conditional attributes and 1 decision attribute, among which 34 attribute values are numeric types, 4 attribute values are binary variable types, and the remaining 4 attribute values are nominal types. By removing punctuation, converting nominal type to decimal, analyzing and orderly replacing nominal type, the record is turned into a regular format. For example, 3 102116216112 16699112 8170 239 486 0 0 0 0 0 1 0 0 1 0 2 0 0 0 0 0 8 8 0.00 0.00 0.00 0.00 1.00 0.00 0.00 19 19 1.00 0.00 0.05 0.00 0.00 0.00 0.00 0.00 1101221940180108.

As we can see, the range of the record values is irregular. This will produce big values and small values and may lead to the missing of important feature after signature generation. The method of normalization can solve this problem. The normalization formula is as follows: represents the initial value of the sample and represents the normalized value.

3.1.2. Signature Generation

In the signature generation component, we adopt Particle Swarm Optimization (PSO) algorithm. PSO algorithm is a swarm intelligence optimization algorithm proposed by Kennedy and Eberhart in 1995 [45]. It is a stochastic optimization algorithm based on the calculation theory of humanity. Its evolutionary retrieval process is based on fitness function rather than external information.

The algorithm steps are as follows: (1)Load training data and set initial parameters(2)Randomly generate initial group, generate random initial velocity for each particle, and set of the particle and of the group(3)Evaluate the adaptive value of each particle according to the fitness function(4)Compare each particle with the best position it has experienced, and if it is superior than , set it as the best place (5)For each particle, the adaptive value is compared with the best position experienced by the group . If it is superior than , it is the optimal location of the group and the index number of is reset(6)Update the velocity and position of the particle(7)If the number of iterations reaches the maximum, turn to 8); otherwise, turn to 3);(8)Convert the optimal location of the group into the corresponding feature subset

The optimal subsets selected from the characteristic subset are like {0,1,0,0,1,1,0,1,0……, 1,0,0,1,1,0,0,1,1,1}, 1 represents the corresponding feature that has been selected.

In this way, the AIS filters out the irrelevant and redundant features in the high-dimensional sample.

3.2. Negative Selection Algorithm

Basically, NSA can be divided into three stages: self-definition, detector generation, and nonself detection [46]. However, self-definition and detector generation are generally regarded as one stage, as shown in Figure 1. In the figure, the left side is the training stage and the right side is the detection stage. In the training stage, given a set of self-samples, the candidate detector is tested to see if it matches the self-samples. If matches, the candidate detector is deleted; otherwise, accept this candidate detector as a new detector. When the number of detectors reaches the preset value, the training stops. The generated detector is used to detect the new sample. If the new sample matches any detector, it will be judged as not me; otherwise, it will be identified as self.

The pseudo of NSA [47] is below:

Define: (i.j), (i,j), clone (i), mutation(i,j),mutation_rate(i), dynamics(i), update(i)
generate B
init L
while (Not meet the stop criterion)
do{
for(i =0; i < \|A\|; i++)
do{
for(j =0; j < \|B\|; j++)
do{
(, )
}end for
}end for
for(i =0; i < \|A\|; i++)
do{
for(j =0; j < \|B\|; j++)
do{
(,)
}end for
}end for
calculate F
= clone (B)
= mutate (, mutation_rate ())
dynamics (i)
update (i)
}end while

3.3. Clonal Selection Algorithm

The basic concept of CSA is as follows: only cells who can recognize antigens are selected and proliferated by the immune system, while those cannot be abandoned. The clone selection process is as follows: the immune cells who are selected by antigens will be cloned with large quantities. Each cloned cell expresses the same specific receptor. The higher the affinity is, the more number cloned antigens are.

The pseudo of CSA [47] is below:

Define: , , clone (i), mutation(i,j), mutation_rate(i), dynamics(i), update(i)
generate B
init L
while (Not meet the stop criterion)
do{
for(i =0; i < \|A\|; i++)
do{
for(j =0; j < \|B\|; j++)
do{
(,)
}end for
}end for
for(i =0; i < \|A\|; i++)
do{
for(j =0; j < \|B\|; j++)
do{
(,)
}end for
}end for
calculate F
= clone (B)
= mutate (, mutation_rate ())
dynamics (i)
update (i)
}end while

The procedure of antigens is shown in Figure 2.

3.4. Hybrid Detector Mechanism

The AIS system presented in this paper uses a hybrid detector module. This module combines random detector and interval temporal logic detector. The two kinds of detectors work cooperatively to ensure the detection rate and expand the detection range.

3.4.1. Random Detector (R-Detector)

Hamming distance is used in n-dimensional vector random detectors to judge the matching ability between the detector and unclassified antigen.

Let be the detector and be the radius of detectors. The coverage area is a suprasphere, where is the center and is the radius. If is defined as an unknown antigen, then the hamming distance between and is the formula: when the distance between and is less than , then unknown antigen is within the detection range. In other words, the detector recognizes the antigen. Then, the antigen counter +1 and the detector counter +1. The operation until the antigen threshold exceeds the preset value which indicates an attack. If the detector counter exceeds the preset value, the detector becomes a memory detector.

3.4.2. ITL Detector (I-Detector)

Syntax: The key notion of ITL is an interval. An interval is considered to be a (in) finite sequence of states , where each state is the union of the mapping from the set of integer variables IntVar to the set of integer values and the mapping from propositional variables PropVar to set of Boolean vales [48]. Each interval has at least one state. The length of an interval is equal to , one less than the number of states in the interval (this has always been a convention in ITL), i.e., a one state interval has length 0. The syntax of ITL is defined as follows: (i) is an integer value,(ii) is a static integer variable (does not change within an interval),(iii) is a state integer variable (can change within an interval),(iv) is a static or state integer variable,(v) is an integer function symbol,(vi) is a static propositional variable (does not change within an interval),(vii) is a state propositional variable (can change within an interval),(viii) is a predicate symbol.

Semantics: The informal semantics of the most interesting constructs are as follows:

Expressions:

Formula: _where,

: if interval is nonempty then the value of A in the next state of that interval else an arbitrary value.

: if interval is finite then the value of A in the last state of that interval else an arbitrary value unit interval (length 1).

holds if the interval can be decomposed (“chopped”) into a prefix and suffix interval, such thatholds over the prefix andover the suffix, or if the interval is infinite and holds for that interval.

holds if the interval is decomposable into a finite number of intervals such that for each of themholds, or the interval is infinite and can be decomposed into an infinite number of finite intervals for whichholds [49].

The method of describing ITL detectors is as follows: (i)Analyze the meaning of each attribute in the sample(ii)Analyze the attack principle(iii)Construct temporal logic detector based on existing work and logic formulas

ITL detector formulae: According to the method mentioned above, we firstly analyzed 41 attributes in KDD and NSL-KDD dataset. Table 1 shows the attributes’ meanings:

The second step is analyzing the attack principle. We take port scan as an example.

The principle of Port scan is as follows: When a source IP address sends an IP packet containing the TCPSYN fragment to 10 different ports at the same destination IP address at a specified interval of time (the default is 0.01 seconds), the network guard firewall determines that a port scan has been performed.

The formula of PortScan is

; is the time ordered TCP/SYN packet, and the ten record destination host fields are the same. represents the time interval of the records.

3.4.3. Hybrid Detector Mechanism

Randomly generated detectors can expand the detection rate. However, it also prolongs the execution time. R-detectors will be simplified and affected by I-detectors during GA. Then, we will get a smaller but stronger R-detector set. In this way, a hybrid detector set (HDset) is achieved. The mechanism of hybrid detectors is shown in Figure 3.

4. Results and Discussion

4.1. Experiment

We use KDD and NSL-KDD as input of the system, respectively, to test the true detection rate (TR) and the detection range. Also, comparisons between the two datasets are made. KDD99 dataset is built by Lincoln LABS. Lincoln LABS built a network environment that simulated the air force’s LAN, collected nine weeks of TCP dump network connection and system audit data, and simulated various user types, network traffic, and attack methods to make it look like a real network environment. It is the benchmark for intrusion detection. But as we know, there is too much redundant data in KDD99, and NSL-KDD can overcome this shortcoming.

The experiment in this paper is conducted on 10% of the dataset of KDD99 and NSL-KDD. The data of training set and test set are included in equal proportion.

The experimental results are below: Table 2 shows the of detectors and proposed AIS in KDD and NLS-KDD, respectively.

Table 3 gives out the TPR of KDD and NSL-KDD for each recognized attack by ITL detectors.

4.2. Results

As we can see from the results, the ITL detectors gained a higher TR, and the detection range has expanded compared with existing work [50].This paper presents a HD mechanism in which temporal logic antigens are proposed and it is constructed by using the advantage of temporal logic to describe time-varying behaviors in system. This work gives a novelty method for intrusion detection and proves the possibility of applying temporal logic to AIS system.

5. Conclusion and Future Work

A method of using ITL detectors into AIS for intrusion detection is illustrated. The logic formula is interpreted and satisfied on an interval composed of discrete points with continuous positions. Therefore, ITL has stronger property description ability. Due to the strong describing ability of ITL, the AIS proposed in this article gained a good performance in detecting attacks with a higher accuracy. Experimental results show that the proposed method can extend the detection range and reduce the time complexity. Comparisons on KDD dataset and NSL-KDD dataset are performed.

As for the future work, here is our arrangement: To further expand the detection range of ITL; search for more efficient detector mechanism; lower the time complexity; and search other novelty approaches to improve the detection performance.

Data Availability

The datasets used and/or analyzed during the current study are available from the corresponding author on reasonable request.

Conflicts of Interest

It is declared by the authors that this article is free of conflict of interest.

Acknowledgments

This work is supported by National Natural Science Foundation of China (NSFC) (No.61472447).

References

S. Forrest, A. S. Perelson, L. Allen, and R. Cherukuri, “Self-nonself discrimination in a computer,” in Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 202–212, Oakland, CA, USA, 1994.
View at: Publisher Site | Google Scholar
S. A. Hofmeyr and S. A. Forrest, “Architecture for an artificial immune system,” Evolutionary Computation, vol. 8, no. 4, pp. 443–473, 2000.
View at: Publisher Site | Google Scholar
J. E. Hunt and D. E. Cooke, “Learning using an artificial immune system,” Journal of Network and Computer Applications, vol. 19, no. 2, pp. 189–212, 1996.
View at: Publisher Site | Google Scholar
W. J. Zhu, Time Interval Sequential Logic Model Detection: Theory, Algorithm and Application, Xidian University, China, 2011.
B. Moszkowski, Reasoning about digital circuits, [Ph.D. thesis], Department of Computer Science, Stanford University, Stanford, CA, USA, 1983.
M. Hira and D. Sarkar, “Verification of tempura specification of sequential circuits,” IEEE transactions on computer-aided design of integrated circuits and systems, vol. 16, no. 4, pp. 362–375, 1997.
View at: Publisher Site | Google Scholar
A. Cau, H. Zedan, N. Coleman, and B. Moszkowski, “Using ITL and tempura for large scale specification and simulation,” in Proceedings of 4th Euromicro Workshop on Parallel and Distributed Processing, pp. 493–500, Braga, Portugal, 1996.
View at: Publisher Site | Google Scholar
M. Solanki, “Tesco S: A framework for defining temporal semantics in owl enabled services,” in Proceeding of W3C Workshop on Frameworks for Semantics in Web Services, pp. 1–6, DERI Innsbruck (Austria), 2005.
View at: Google Scholar
M. Solanki, A. Cau, and H. Zedan, “Semantically annotating reactive web services with temporal specifications,” in Proceedings of the IEEE ICWS Second International Workshop on Semantic and Dynamic Web Processes, Orlando (America), 2005.
View at: Google Scholar
H. Bowman and G. Faconti, “Analysing cognitive behaviour using LOTOS and Mexitl,” Formal Aspects of Computing, vol. 11, no. 2, pp. 132–159, 1999.
View at: Publisher Site | Google Scholar
B. Howard, C. Helen, and K. Peter, “Multimedia in executable interval temporal logic,” Formal Methods in System Design, vol. 1, pp. 5–38, 2003.
View at: Google Scholar
B. Moszkowski, “Using temporal logic to analyse temporal logic: a hierarchical approach based on intervals,” Journal of Logic and Computation, vol. 17, no. 2, pp. 333–409, 2007.
View at: Publisher Site | Google Scholar
V. Hajisalem and S. Babaie, “A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection,” Computer Networks, vol. 136, pp. 37–50, 2018.
View at: Publisher Site | Google Scholar
H. J. Liao, C. H. Richard, Y. C. Lin, and K. Y. Tung, “Intrusion detection system: a comprehensive review,” Journal of Network and Computer Applications, vol. 36, 2013.
View at: Publisher Site | Google Scholar
N. Le Dang, D. N. Le, and V. T. Le, “A new multiple-pattern matching algorithm for the network intrusion detection system,” International Journal of Engineering and Technology, vol. 8, no. 2, pp. 94–100, 2016.
View at: Publisher Site | Google Scholar
K. M. A. Alheeti, A. Gruebler, K. D. McDonald-Maier, and A. Fernando, “Prediction of DoS attacks in external communication for self-driving vehicles using a fuzzy petri net model,” in 2016 IEEE International Conference on Consumer Electronics (ICCE), pp. 502-503, Las Vegas, NV, USA, 2016.
View at: Publisher Site | Google Scholar
S. Babaie, A. Khosrohosseini, and A. Khadem-Zadeh, “A new self-diagnosing approach based on petri nets and correlation graphs for fault management in wireless sensor networks,” Journal of Systems Architecture, vol. 59, no. 8, pp. 582–600, 2013.
View at: Publisher Site | Google Scholar
A. Murali and M. Rao, “A survey on intrusion detection approaches,” in 2005 International Conference on Information and Communication Technologies, pp. 233–240, Karachi, Pakistan, 2005.
View at: Publisher Site | Google Scholar
S. Y. Ji, B. K. Jeong, S. Choi, and D. H. Jeong, “A multi-level intrusion detection method for abnormal network behaviors,” Journal of Network and Computer Applications, vol. 62, pp. 9–17, 2016.
View at: Publisher Site | Google Scholar
S. Pan, T. Morris, and U. Adhikari, “Developing a hybrid intrusion detection system using data mining for power systems,” IEEE Transactions on Smart Grid, vol. 6, no. 6, pp. 3104–3113, 2015.
View at: Publisher Site | Google Scholar
Y. Song, M. Ben, S. Salem, and S. J. Hershkop, “System level user behavior bio- metrics using Fisher features and Gaussian mixture models,” in 2013 IEEE Security and Privacy Workshops, pp. 52–59, San Francisco, CA, USA, 2013.
View at: Publisher Site | Google Scholar
M. Gupta and S. K. Shrivastava, “Intrusion detection system based on SVM and bee colony,” International Journal of Computer Applications, vol. 111, pp. 27–32, 2015.
View at: Google Scholar
E. Kabir, J. Hu, H. Wang, and G. Zhuo, “A novel statistical technique for intrusion detection systems,” Future Generation Computer Systems, vol. 79, 2018.
View at: Publisher Site | Google Scholar
L. Boero, M. Cello, M. Marchese, E. Mariconti, T. Naqash, and S. Zappatore, “Statistical fingerprint-based intrusion detection system (SF-IDS),” International Journal of Communication, vol. 30, no. 10, pp. 25–32, 2017.
View at: Publisher Site | Google Scholar
J. Hussain and S. Lalmuanawma, “Fusion of misuse detection with anomaly detec- tion technique for novel hybrid network intrusion detection system,” Recent developments in intelligent computing, communication and devices, Springer, vol. 555, pp. 73–87, 2017.
View at: Publisher Site | Google Scholar
L. Koc, T. A. Mazzuchi, and S. Sarkani, “A network intrusion detection system based on a Hidden Naive Bayes multiclass classifier,” Expert Systems, vol. 39, no. 18, pp. 13492–13500, 2012.
View at: Publisher Site | Google Scholar
B. Subba, S. Biswas, and S. Karmakar, “Intrusion detection in mobile ad-hoc networks: Bayesian game formulation,” Engineering Science and Technology, an International Journal, vol. 19, pp. 782–799, 2016.
View at: Publisher Site | Google Scholar
S. Shamshirband, A. Patel, N. B. Anuar, M. L. M. Kiah, and A. Abraham, “Cooperative game theoretic approach using fuzzy Q-learning for detecting and preventing intrusions in wireless sensor networks,” Engineering Applications of Artificial Intelligence, vol. 32, pp. 228–241, 2014.
View at: Publisher Site | Google Scholar
H. Ren, Z. Ye, and Z. Li, “Anomaly detection based on a dynamic Markov model,” Information Sciences, vol. 411, pp. 52–65, 2017.
View at: Publisher Site | Google Scholar
M. F. Umer, M. Sher, and Y. Bi, “Flow-based intrusion detection: techniques and challenges,” Computers & Security, vol. 70, pp. 238–254, 2017.
View at: Publisher Site | Google Scholar
T. Dash, “A study on intrusion detection using neural networks trained with evolutionary algorithms,” Soft Computing, vol. 21, no. 10, pp. 2687–2700, 2017.
View at: Publisher Site | Google Scholar
A. H. Hamamoto, L. F. Carvalho, L. D. H. Sampaio, T. Abrão, and M. L. Proença, “Network anomaly detection system using genetic algorithm and fuzzy logic,” Expert Systems, vol. 92, pp. 390–402, 2018.
View at: Publisher Site | Google Scholar
M. R. G. Raman, N. Somu, K. Kirthivasan, R. Liscano, and V. S. S. Sriram, “An ecient intrusion detection system based on hypergraph - genetic algorithm for parameter optimization and feature selection in support vector machine,” Knowledge-Based Systems, vol. 134, pp. 1–12, 2017.
View at: Publisher Site | Google Scholar
M. H. Chen, P. C. Chang, and J. Wu, “A population-based incremental learning approach with artificial immune system for network intrusion detection,” Engineering Applications of Artificial Intelligence, vol. 51, pp. 171–181, 2016.
View at: Publisher Site | Google Scholar
C. Kolias, G. Kambourakis, and M. Maragoudakis, “Swarm intelligence in intrusion detection: a survey,” Computers & Security, vol. 30, pp. 625–642, 2011.
View at: Publisher Site | Google Scholar
E. Zorarpacı and S. A. Özel, “A hybrid approach of differential evolution and ar- tificial bee colony for feature selection,” Expert Systems with Applications, vol. 62, pp. 91–103, 2016.
View at: Publisher Site | Google Scholar
W. Feng, Q. Zhang, G. Hu, and J. X. Huang, “Mining network data for intrusion detec- tion through combining SVMs with ant colony networks,” Future Generation Computer Systems, vol. 37, pp. 127–140, 2014.
View at: Publisher Site | Google Scholar
J. O. Kephart, “A biologically inspired immune system for computers,” Artificial Life, vol. 4, pp. 130–139, 1994.
View at: Google Scholar
J. Hunt, J. Timmis, E. Cooke, M. Neal, and C. King, “Jisys: the development of an artificial immune system for real world applications,” Artificial Immune Systems and their Applications, Springer, pp. 157–186, 1999.
View at: Publisher Site | Google Scholar
L. N. Castro and F. J. Von Zuben, “The clonal selection algorithm with engineering applications,” in In: Proceedings of GECCO’00, Workshop on Artificial Immune Systems and Their Applications, pp. 36-37, Las Vegas, USA, 2000.
View at: Google Scholar
L. N. De Castro and F. J. Von Zuben, “Learning and optimization using the clonal selection principle,” IEEE Transactions on Evolutionary Computation, vol. 6, no. 3, pp. 239–251, 2002.
View at: Publisher Site | Google Scholar
M. Ben, “Some very compositional temporal properties,” in In: Programming Concepts, Methods and Calculi. IFIP Transactions. IFIP, pp. 307–326, San Miniato-taly, 1994.
View at: Google Scholar
C. Antonio and Z. D. Hussein, “Refining interval temporal logic specifications,” Transformation Based Reactive Systems Development, Springer, vol. 1231, pp. 79–94, 1997.
View at: Publisher Site | Google Scholar
J. S. Chun, M. K. Kim, H. K. Jung, and S. K. Hong, “Shape optimization of electromagnetic devices using immune algorithm,” IEEE Transactions on Magnetics, vol. 33, no. 2, pp. 1876–1879, 1997.
View at: Publisher Site | Google Scholar
J. Kennedy and R. C. Eberhart, “Particle swarm optimization,” in Proceedings of ICNN'95 - International Conference on Neural Networks, vol. 4, pp. 1942–1948, Perth, WA, Australia, 1995.
View at: Publisher Site | Google Scholar
D. A. Fernandes, M. M. Freire, P. A. Fazendeiro, and P. R. Inácio, “Applications of artificial immune systems to computer security: a survey,” Journal of Information Security and Applications, vol. 35, pp. 138–159, 2017.
View at: Publisher Site | Google Scholar
J. C. Galeano, S. A. Veloza, and F. A. González, “A comparative analysis of artificial immune network models,” in In: Proceedings of the genetic and evolutionary computation conference (GECCO), pp. 361–368, Washington DC, USA, 2005.
View at: Publisher Site | Google Scholar
A. Costamagna, M. Drigo, M. Martini, B. Sona, and E. Venturino, “A model for the operations to render epidemic-free a hog farm infected by the Aujeszky disease,” Applied Mathematics and Nonlinear Sciences, vol. 1, pp. 207–228, 2016.
View at: Google Scholar
M. S. Sardar, S. Zafar, and Z. Zahid, “Computing topological indices of the line graphs of banana tree graph and firecracker graph,” Applied Mathematics & Nonlinear Sciences, vol. 2, pp. 83–92, 2017.
View at: Google Scholar
Q. L. Zhou, X. Y. Chen, and W. J. Zhu, “The common network attack model based on Interval Temporal Logic,” in 2014 3rd International Conference on Informatics, Environment, Energy and Applications IPCBEE, pp. 70–75, Singapore, 2014.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Xiyue Chen and Jianmin Pang. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Wireless Communications and Mobile Computing

Machine Learning Enabled Signal Processing Techniques for Large Scale 5G and 5G Networks

[Retracted] Temporal Logic-Based Artificial Immune System for Intrusion Detection

Abstract

1. Introduction

2. Related Work

2.1. Related Work

2.2. Temporal Logic

3. Temporal Logic-Based Artificial Immune System

3.1. Signature Generation Module

3.1.1. Preprocessing

3.1.2. Signature Generation

3.2. Negative Selection Algorithm

3.3. Clonal Selection Algorithm

3.4. Hybrid Detector Mechanism

3.4.1. Random Detector (R-Detector)

3.4.2. ITL Detector (I-Detector)

3.4.3. Hybrid Detector Mechanism

4. Results and Discussion

4.1. Experiment

4.2. Results

5. Conclusion and Future Work

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright