Abstract
The Dendritic Cell Algorithm is an immune-inspired algorithm originally based on the function of natural dendritic cells. The original instantiation of the algorithm is a highly stochastic algorithm. While the performance of the algorithm is good when applied to large real-time datasets, it is difficult to analyse due to the number of random-based elements. In this paper a deterministic version of the algorithm is proposed, implemented and tested using a port scan dataset to provide a controllable system. This version consists of a controllable amount of parameters, which are experimented with in this paper. In addition the effects are examined of the use of time windows and variation on the number of cells, both which are shown to influence the algorithm. Finally a novel metric for the assessment of the algorithms output is introduced and proves to be a more sensitive metric than the metric used with the original Dendritic Cell Algorithm.
Highlights
Artificial Immune Systems (AISs) have developed significantly over the past five years, instigated by the creation of novel algorithms termed ‘2nd Generation AISs’
The use of various probabilistic elements was in part an artifact of the use of the Twycross’ libtissue framework for the initial algorithm development. While this framework is useful for the rapid development of such AISs, one of the drawbacks for the Dendritic Cell Algorithm (DCA) is the sheer amount of interacting entities
Within the applications of the DCA in security so far, the signals are always updated after the antigens are generated, indicating one reason for why the DCA functions in the manner shown previously. These results suggest that the deterministic DCA (dDCA) has the potential to be error tolerant to at least a five second lag in signal data, which is a desirable property for any behaviour based anomaly detection approach, as this reflects the situation often seen in real world intrusion data
Summary
Artificial Immune Systems (AISs) have developed significantly over the past five years, instigated by the creation of novel algorithms termed ‘2nd Generation AISs’ These AISs initially rely on interdisciplinary collaboration to use current research in immunology to produce algorithms which are both true to the underlying metaphor used as inspiration and perform well upon their resultant application domain. All versions of the DCA to date have used a relatively large number of parameters and stochastic elements, such as random selection of cells and variable thresholds Setting these parameters to the appropriate values has always been somewhat arbitrary, and has left the algorithm open to various criticisms. Initial tests are performed using the dDCA This involves re-visiting a past dataset, namely the ping scan data used in Greensmith et al [7] with one randomly selected set used to test the algorithm. For more information of the necessity of these signals for port scan detection and for the mechanisms involve in port scanning please refer to [3]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
