* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Advances in Artificial Immune Systems During
Survey
Document related concepts
Vaccination wikipedia , lookup
Adoptive cell transfer wikipedia , lookup
Immunocontraception wikipedia , lookup
Herd immunity wikipedia , lookup
Complement system wikipedia , lookup
DNA vaccination wikipedia , lookup
Autoimmunity wikipedia , lookup
Molecular mimicry wikipedia , lookup
Sociality and disease transmission wikipedia , lookup
Adaptive immune system wikipedia , lookup
Immune system wikipedia , lookup
Polyclonal B cell response wikipedia , lookup
Cancer immunotherapy wikipedia , lookup
Social immunity wikipedia , lookup
Immunosuppressive drug wikipedia , lookup
Innate immune system wikipedia , lookup
Transcript
Dipankar Dasgupta University of Memphis, USA Advances in Artificial Immune Systems © DIGITALVISION 40 uring the last decade, the field of Artificial Immune System (AIS) is progressing slowly and steadily as a branch of Computational Intelligence (CI) as shown in Figure 1.There has been increasing interest in the development of computational models inspired by several immunological principles. In particular, some are building models mimicking the mechanisms in the biological immune system (BIS) to better understand its natural processes and simulate its dynamical behavior in the presence of antigens/pathogens. Most of the AIS models, however, emphasize designing artifacts–computational algorithms, techniques using simplified models of various immunological processes and functionalities. Like other biologically-inspired techniques, such as artificial neural networks, genetic algorithms, and cellular automata, AISs also try to extract ideas from the BIS in order to develop computational tools for solving science and engineering problems. Although still relatively young, the Artificial Immune System (AIS) is emerging as an active and attractive field involving models, techniques and applications of greater diversity. D IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE | NOVEMBER 2006 1556-603X/06/$20.00©2006IEEE I. Immune System Metaphors response, which has recognition functions and thus binds to foreign antigens. But they have no meaning if they only bind to antigens, as antibodies do not kill anything. By binding to antigens, however, antibody molecules activate the serum complement that can bind to the appropriate region of antibody molecules and initiate the classic pathway of complement activation. Finally, a pore-forming molecule-membrane attacking complex (MAC) is formed through complement activation, which punches holes in the cell surface of the foreign antigen and destroys the foreign antigen. In the biological immune system, signal diffusion and dialogue are two kinds of communication schemes available. They take a major role in sharing and passing information during immune response. In immune diffusion, the message is passed from one immuno-component to others without any feedback. Another scheme is called immune dialogue, where the immune system continuously exchanges molecular signals with its counterparts. Immune sensitivity is determined by context, where self and foreign agents play upon each other. The body is under constant challenge to respond along a continuum of behavior and needs to adapt accordingly. Signaling is important in biological defense as it allows a cell to move a signal from the outside to the inside, and signaling results in changes to the cell, allowing it to appropriately respond to a stimulus. From an information-processing perspective, the immune system is a remarkable parallel and distributed adaptive system with (partial) decentralized control mechanism. It uses feature extraction, signaling, learning, memory, and associative retrieval to solve recognition and classification tasks. In particular, it learns to recognize relevant patterns, remember patterns that have been seen previously, and use combinatorics to construct pattern detectors efficiently. Also, the overall behavior of the system is an emergent property of many local interactions. These remarkable information-processing abilities of the immune system provide several important aspects in the field of computation. The biological immune system is a complex adaptive system that has evolved in vertebrates to protect them from invading pathogens. To accomplish its tasks, the immune system has evolved sophisticated pattern recognition and response mechanisms following various differential pathways, i.e. depending on the type of enemy, the way it enters the body and the damage it causes, the immune system uses various response mechanisms either to destroy the invader or to neutralize its effects. In medical science, historically, the term immunity refers to the condition in which an organism can resist disease, more specifically infectious disease. However, a broader definition of immunity is a reaction to foreign (or dangerous) substances. Cells and molecules responsible for immunity constitute the biological immune system, and the collective coordinated response of such cells and molecules in the presence of pathogens is known as the immune response. The biological immune system can be envisioned as a multilayer protection system, where each layer provides different types of defense mechanisms for detection, recognition and responses. Thus, three main layers include the anatomic barrier, innate immunity (nonspecific) and adaptive (specific) immunity. Innate (non-specific) immunity and adaptive (specific) immunity are inter-linked and influence each other [28]. Once adaptive immunity recognizes the presence of an invader, it triggers two types of responses humoral immunity and cell-mediated (cellular) immunity, which act in a sequential fashion. Innate immunity is directed against any pathogen. If an invading pathogen escapes the innate defenses, then the body can launch an adaptive or specific response against a particular type of foreign agent. Figure 2 presents an abstract outline of some immunological components and their functional relationships from computational perspectives. This illustration focuses on some BIS terminologies that are used to design artificial immune systems. The antibodies are generated in the humoral immune Computational Intelligence Biology-Inspired Methods ... ... Neural Networks Evolutionary Computation Negative Selection Algorithms ... ... Artificial Immune System (AIS) Immune Network Clonal Selection ... ... Other Models Danger Theory FIGURE 1 Artificial Immune System (AIS) as a branch of Computational Intelligence (CI). NOVEMBER 2006 | IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE 41 Antigen Exogenous Antigen Endogenous Antigen Target Cell Antigen Processing and Presentation Macrophages Phagocytosis Antigen Presenting Cell Antigen Processing and Presentation Monokines T Helper Cell Recognition and Activation T Killer Cell Endogenous Antigen Killing Cytokines B Cell Antigen Processing and Presentation Opsonization Complement Exogenous Antigen Killing Plasma Cell Antibody Secretion FIGURE 2 Shows different functional elements of the Biological Immune System (BIS) and their relationship. II. Artificial Immune Systems Artificial Immune Systems (AIS) emerged in the 1990s as a new branch in Computational Intelligence (CI).A number of AIS models exist, and they are used in pattern recognition, fault detection, computer security, and a variety of other applications researchers are exploring in the field of science and engineering [32], [49], [52]. Although the AIS research has been gaining its momentum, the changes in the fundamental methodologies have not been dramatic. Among various mechanisms in the biological immune system that are explored as AISs, negative selection, immune network model and clonal selection are still the most discussed models [4], [13], [30]. A. Immune Network Models The immune Network theory had been proposed in the mid-seventies [29]. The hypothesis was that the immune system maintains an idiotypic network of interconnected B cells for antigen recognition. These cells both stimulate and suppress each other in certain ways that lead to the stabilization of the network. Two B cells are connected if the affinities they share exceed a certain threshold, and the strength of the connection is directly proportional to the affinity they share. 42 IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE | NOVEMBER 2006 In artificial immune network (AIN) models, a B-cell population is made of two sub-populations: the initial population and the cloned population. The initial set is generated from a subset of raw training data to create the B-cell network. The remainders are used as antigen training items. Antigens are then selected randomly from the training set and presented to the areas of the B-cell network. If the binding is successful, then the B-cell is cloned and mutated [24]. The mutation yields a diverse set of antibodies that can be used in the classification procedure.Once a new B cell is created, an attempt is made to integrate it into the network at the closest B Cells. If the new B cell cannot be integrated, it is removed from the population. If no bind is successful, then a B-cell is generated using the antigen as a template and is then incorporated into the network. An updated version, called AINE [32] uses artificial recognition ball (ARB) to represent a number of similar B-cells (not a single B-cell). This resembles the idea of recognition ball in immunology, which refers to the region in the shape space of antigen that an antibody can recognize. It represents a single ndimensional data item that could be matched by Euclidean distance to an antigen or another ARB. A link between two B-cells is created if the affinity (distance) between two ARBs is below a network affinity threshold (NAT). The results show that the combination of normalizing the stimulation levels of ARBs in the network and the resource allocation mechanism leads to the biasing of AINE toward the strongest pattern in the data set to emerge [33]. B. Clonal Selection Principle The Clonal Selection Principle describes the basic features of an immune response to an antigenic stimulus. It establishes the idea that only those cells that recognize the antigen proliferate, thus being selected against those that do not. The main features of the Clonal Selection Theory are that: ❏ The new cells are copies of their parents (clone) subjected to a mutation mechanism with high rates (somatic hypermutation); ❏ Elimination of newly differentiated lymphocytes carrying self-reactive receptors; ❏ Proliferation and differentiation on contact of mature cells with antigens. The algorithm (CLONALG) is based on the clonal selection and affinity maturation principles [13]. It is similar to mutation-based evolutionary algorithms and has several interesting features: 1) population size dynamically adjustable, 2) exploitation and exploration of the search space, 3) location of multiple optima, 4) capability of maintaining local optima solutions, and 5) defined stopping criterion [12], [13]. A model combining the ideas of aiNet and AINE was also proposed [35]. This work emphasizes its self-organizing ability, i.e. the use of minimal number of control parameters. C. Negative Selection Algorithms One of the purposes of the immune system is to recognize all cells (or molecules) within the body and categorize those cells as self or non-self. The non-self cells are further categorized in order to induce an appropriate type of defensive mechanism. The immune system learns through evolution to distinguish between foreign antigens (e.g., bacteria, viruses, etc.) and the body’s own cells or molecules. The purpose of negative selection is to provide tolerance for self cells. It deals with the immune system’s ability to detect unknown antigens while not reacting to the self cells. During the generation of T-cells, receptors are made through a pseudo-random genetic rearrangement process. Then, they undergo a censoring process in the thymus, called the negative selection. There, Tcells that react against self-proteins are destroyed; thus, only those that do not bind to self-proteins are allowed to leave the thymus. These matured T-cells then circulate throughout the body to perform immunological functions and protect the body against foreign antigens. The negative selection algorithm Forrest et al. [30], is one of the computational models of self/nonself discrimination, first designed as a change detection method. It is one of the earliest AIS algorithms that were applied in various real-world applications. Since it was first conceived, it has attracted many AIS researchers and practitioners and has gone through some phenomenal evolution. In spite of evolution and diversification of this method, the main characteristics of a negative selection algorithm described by Forrest et al. [30] still persist. Figures 3 (a) and (b), similar to the original conception, describe the major steps in such an algorithm. In generation stage, the detectors are generated by some random process and censored by trying to match self samples. Those candidates that match are eliminated and the rest are kept as detectors. In the detection stage, the collection of detectors (or detector set) is used to check whether an incoming data instance is self or non-self. If it matches any detector, then it is claimed as non-self or anomaly. This description is limited to some extent, but conveys the essential idea. Like any other Computational Intelligence technique, different negative selection algorithms are characterized by particular representation schemes, matching rules and detector generation processes: ❏ Data and detector representation • Binary (or string) representation • Real-valued representation; detectors as hypersphere, or hyper-rectangle • Hybrid representation ❏ Generate/elimination mechanism • Random generation + censoring • Genetic algorithm • Greedy algorithm or other deterministic algorithm Detector Set Self Samples Random Candidate No Match? Yes Add to Detector Set Discard Data Item to Be Checked No Match? Yes Normal (Self) Abnormal (Nonself) FIGURE 3 The basic concept of the Negative Selection (NS) Algorithm. NOVEMBER 2006 | IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE 43 ❏ Matching rule ❏ Algorithm of generating detectors • rcb (r-contiguous bits), r-chunk, Hamming distance and variations (like R&T distance), edit distance • statistical correlation, landscape matching • Euclidean distance-based for real-valued representation Two important aspects of a negative selection algorithm are: 1) The target concept of the algorithm is the complement of a self set. 2) The goal is to discriminate between self and non-self patterns, but only samples from one class are available (oneclass learning). The performance of each NS algorithm differs based on a number of factors, such as ❏ Number of detectors • Affecting the efficiency of generation and detection ❏ Detector coverage • Affecting the accuracy of detection • Linked to efficiency and quality of detector set ❏ Applicable scenario • Large amount of self (normal) samples • Rare or no abnormal samples ❏ another possible usage: “negative database” ❏ When it is not appropriate; for example, the number of self samples is small and sparse. Some limitations of the (binary) string representation in NS algorithms are ❏ Binary matching rules are not able to capture the semantics of some complex self/non-self spaces. ❏ It is not easy to extract meaningful domain knowledge. ❏ In some cases, a large number of detectors are needed to guarantee better coverage (detection rate). ❏ It is difficult to integrate the NS algorithm with other immune algorithms. ❏ Crisp boundary of self and non-self may be hard to define. TABLE 1 A timeline of recent AIS developments. REFERENCE MODEL OR TECHNIQUE DESCRIPTION ASPECTS OF THE BIS MODELED HUNT ET AL., 1999 [24] A MACHINE-LEARNING SYSTEM (JISYS) BASED ON IMMUNE NETWORKS AG-AB BINDING. IMMUNE NETWORK. DASGUPTA, 1999 [7] AN ARCHITECTURE FOR AN AGENTBASED INTRUSION/ANOMALY DETECTION AND RESPONSE SYSTEM COMBINES IMMUNE SYSTEM IDEAS AND GENETIC ALGORITHMS TO INTERPRET CHEMICAL SPECTRA A MULTI-AGENT COMPUTATIONAL IMMUNE SYSTEM (CDIS) FOR INTRUSION DETECTION DISTRIBUTED CONTROL. SELF/NON-SELF DISCRIMINATION. AG-AB BINDING. SELF/NON-SELF DISCRIMINATION. AG-AB BINDING. A FORMAL MODEL OF THE IMMUNE SYSTEM. A RESOURCE LIMITED ARTIFICIAL IMMUNE SYSTEM RAINE FOR DATA ANALYSIS THAT EXTENDS THE WORK OF COOKE AND HUNT [8]. A SYSTEM BASED ON CLONAL SELECTION AND AFFINITY MATURATION (CLONALG). AN IMMUNE NETWORK LEARNING ALGORITHM (AINET). DASGUPTA, 1999 [8] WILLIAMS, 1999 [9] TARAKANOV, 2000 [10] TIMMIS, 2000 [11] DE CASTRO, 2000 [12] DE CASTRO, 2001 [13] HOFMEYR [25] AN ARCHITECTURE FOR AN ARTIFICIAL IMMUNE SYSTEM (LISYS). BRADLEY, 2000 [1] A MACHINE FAULT TOLERANCE MECHANISM BASED ON IMMUNE SYSTEM IDEAS (IMMUNOTRONICS). A SIMULATED ANNEALING ALGORITHM BASED ON THE IMMUNE SYSTEMS (SAND) APPLIED TO NEURAL NETWORK INITIALIZATION. ARCHITECTURE TO BUILD CHIPS THAT IMPLEMENT THE IMMUNE SYSTEM MODEL. DE CASTRO, 2001 [2] TARAKANOV [3] TYPE OF REPRESENTATION USED APPLICATIONS MIXED NUMERICAL, CATEGORICAL AND STRING DATA. JAVA OBJECTS (APPLETS) FRAUD DETECTION. LEARNING. BINARY STRINGS CHEMICAL SPECTRUM RECOGNITION. SELF/NON-SELF DISCRIMINATION. STRINGS FROM A FINITE ALPHABET. COMPUTER SECURITY AG-AB BINDING. REAL-VALUED VECTORS. BIS MODELING. AG-AB BINDING, IMMUNE NETWORK. REAL-VALUED VECTORS. DATA ANALYSIS, CLUSTERING. AG-AB BINDING. CLONAL SELECTION. AFFINITY MATURATION. AG-AB BINDING, CLONAL SELECTION, AFFINITY MATURATION, IMMUNE NETWORK. AG-AB BINDING. SELF/NON-SELF DISCRIMINATION, AFFINITY MATURATION. SELF/NON-SELF DISCRIMINATION. BINARY AND INTEGER STRINGS. PATTERN MATCHING, OPTIMIZATION. REAL-VALUED VECTORS. DATA ANALYSIS, CLUSTERING. BINARY STRINGS. COMPUTER SECURITY. BINARY STRINGS. HARDWARE FAULT DETECTION AND TOLERANCE. INITIALIZATION OF FEED-FORWARD NEURAL NETWORK WEIGHTS. PATTERN MATCHING. AG-AB BINDING, IMMUNE DIVERSITY. REAL-VALUED VECTORS. AG-AB BINDING, IMMUNE NETWORK. REAL-VALUED VECTORS (INTERNALLY REPRESENTED AS BITS). COMPUTER SECURITY (CONTINUES) 44 IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE | NOVEMBER 2006 In real-valued representation, the detectors are represented by hyper-shapes in n-dimensional space. The algorithms use geometrical spaces and use heuristics to distribute detectors in the non-self space. Some limitations of the real-valued representation in NS algorithms are ❏ The issue of holes in some geometrical shapes, and may need multi-shaped detectors ❏ Curse of dimensionality ❏ The estimation of coverage ❏ The selection of distance measure In recent years, there has been an interesting debate among immunologists about the classical self/non-self distinction and the importance of detection and recognition processes [40], [41]. An issue that has been addressed is that autoimmunity is a normal finding in healthy individuals. A main problem with self and non-self discrimination is the determination of the frontier between self and non-self. In Danger Theory, the immune response is determined by the presence or absence of alarm signals; some danger signals such as tissue damage trigger a myriad of immune reactions and responses, and APCs are activated by endogenous cellular alarm signals from distressed or injured cells. Table 1 shows a chronological list of some AIS models and techniques that are found in the literature. The tables include a short description of each model or technique, use of specific immunological mechanisms, type of representations, and the intended applications. III. AIS Applications Artificial Immune Systems (AIS) are being used in many applications such as anomaly detection [37], [59], pattern recognition [36], data mining [38], computer security [6], [7], [25], [63], [65], adaptive control [39] and fault detection [1], [60]. Two applications of AIS are considered as representative and illustrate how artificial immune systems are used in the solution of real-world problems. TABLE 1 (Continued)... REFERENCE NASRAOUI, 2002 [27] HART, 2002 [4] COELLO, 2002 [5] KIM, 2002 [6] NASRAOUI, 2002, 2003 [14] ,[25] TYPE OF REPRESENTATION USED MODEL OR TECHNIQUE DESCRIPTION ASPECTS OF THE BIS MODELED AN IMMUNE NETWORK BASED ALGORITHM THAT USES FUZZY THEORY TO MODEL THE AG-AB MATCHING. A SYSTEM TO CLUSTER NON-STATIONARY DATA (SOSDM) THAT COMBINES IDEAS FROM BIS AND SPARSE DISTRIBUTED MEMORIES. AN APPROACH TO HANDLE CONSTRAINTS IN GA-BASED OPTIMIZATION. AN ALGORITHM TO PERFORM DYNAMIC LEARNING ON CHANGING ENVIRONMENTS. A SCALABLE ARTIFICIAL IMMUNE SYSTEM MODEL FOR DYNAMIC UNSUPERVISED LEARNING BASED ON IMMUNE NETWORK THEORY. AG-AB BINDING, IMMUNE NETWORK. REAL-VALUED VECTORS. CLUSTERING, WEB DATA MINING AG-AB BINDING, IMMUNE MEMORY. BINARY STRINGS. ASSOCIATIVE MEMORY, CLUSTERING. AG-AB BINDING, GENE LIBRARIES. BINARY STRINGS OPTIMIZATION. AG-AB BINDING, CLONAL SELECTION, SELF/NON -SELF DISCRIMINATION. AG-AB BINDING, IMMUNE NETWORK. BINARY STRINGS. DYNAMIC LEARNING. REAL-VALUED VECTORS. CLUSTERING. DYNAMIC LEARNING. ANOMALY DETECTION, PATTERN RECOGNITION APPLICATIONS DASGUPTA ET AL., 2003 [26] MULTI-LEVEL IMMUNE LEARNING ALGORITHM (MILA) COMBINES SEVERAL IMMUNOLOGICAL FEATURES. NEGATIVE SELECTION, CLONAL SELECTION, APC IQBAL ET AL., 2004 [15] ARTIFICIAL APC MODEL DANGER THEORY DIFFERENT REPRESENTATIONS AND MATCHING RULES, REPERTOIRE OPTIMIZATION STRING STEPNEY ET AL., 2004 [16] JI ET AL., 2005 [17] GALEANO ET AL., 2005 [19] ANDREWS ET AL., 2005 [20] CONCEPTUAL DEVELOPMENT ENTIRE IMMUNE SYSTEM GENERAL DANGER SUSCEPTIBLE DATA CODONS FRAMEWORK COVERAGE ESTIMATION NEGATIVE SELECTION REAL-VALUED VECTOR GENERAL NETWORK MODEL IMMUNE NETWORK REAL VALUE REVIEW NO SELF/NON-SELF DISCRIMINATION NEW IMMUNE THEORIES GENERAL STIBOR ET AL., 2005 [21]; JI ET AL., 2006 [18] AICKELIN ET AL., 2002 [22], 2006 [23] APPLICABILITY ISSUES OF NSA SELF/NON-SELF DISCRIMINATION CONCEPTUAL (CELLULAR AUTOMATA, UMLSTATECHART ET AL. REAL-VALUED VECTOR ANOMALY DETECTION DANGER THEORY INNATE IMMUNITY STRING REPRESENTATION NETWORK SECURITY NOVEMBER 2006 | IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE 45 In order to apply an immune model to solve a particular problem from a specific domain, one should select the immune algorithm according to the type of problem that is being solved. Then, identify the elements involved in the problem and how they can be modeled as entities in the particular immune model. To model such entities, a representation for each one of these elements should be chosen, specifically a string representation: integer, real-valued vector representation or a hybrid representation. Subsequently, appropriate affinity (distance) measure to determine corresponding matching rules should be defined; then, to select the immune algorithm that will be used to generate a set of suitable entities providing a good solution to the problem at hand. Figure 4 shows the necessary steps to solve a problem using an immune model. A. Application in Computer Security The role of the immune system may be considered analogous to that of computer security systems [7], [50]–[52]. Host-based intrusion detection methods [53]–[55] construct a database that catalogues the normal behavior during time in terms of the system calls made, etc. As this record builds up, the database may be monitored for any system call not found in the normal behavior database. The authors argue that while simplistic, this approach is not computationally expensive and can be easily used in real time. It also has the advantage of being platform and software independent. An alternative method is the network-based intrusion detection approach. This tackles the issue of protecting networks of computers rather than an individual computer. This is achieved in a similar way in monitoring network services, traffic and user behavior and attempts to detect misuse or intrusion by observing departures from normal behavior. Work in [53], [56], [57] laid foundations for a possible architecture and the general requirements for an immunity-based intrusion detection system. They used the metaphor of the innate immune system, which resides on the user’s PC and applies virus-checking heuristics to .COM and .EXE files. If an unknown virus is detected, then a sample is captured that Solution Immune Algorithms Affinity Measures Representation Immune Entities Application Domain FIGURE 4 Implementation steps in solving a problem using an AIS. 46 IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE | NOVEMBER 2006 contains information about the virus and is sent to a central processing system for further examination. This is analogous to how the innate immune system works, as the first line of defense. The signature extraction mechanism is akin to clonal selection where large numbers of possible code signatures are produced randomly and each one checked against the potential virus until a positive match is found. Negative Selection algorithm has been applied to the problem of network intrusion detection [34], [55]–[58]. Each computer runs a broadcaster, which broadcasts the source and destination of each TCP SYN packet it sees to other computers running LISYS, and a detection node, which processes the information from the broadcasters. Each detection node receives data from broadcasters and mails an administrator if it detects a novel TCP connection. A detection node has an array of detectors that as a group determine whether a packet is anomalous. In ARTIS [66], the architecture uses distributed detection strategy wherein each detection node uses a different representation: it filters incoming strings through a randomly generated permutation mask. This technique of having a different representation for each detection node is equivalent to multiple detector shapes (hence, changing the shape of the detectors), while keeping the “shape” of the self set constant. Balthrop et al. [63] used a simpler version of LISYS [58] and developed a system that monitors network traffic and is deployed on individual hosts. A detector set is distributed to each of the hosts in the network, and TCP connections, based on triplets, are monitored using these detectors. Diversity is created through each host independently reacting to self and non-self. The system uses a negative selection algorithm to mature 49-bit binary detectors, which are tested against connections collected during a training period. The matured detectors are then deployed on a live network. The matching function used is r-contiguous and the detectors are improved through affinity maturation. Spam messages (or junk e-mail) fill electronic mailboxes throughout the world. An extended examination of the spam-detecting artificial immune system is undertaken here [61]. An adaptive spam solution is implemented, which will be able to adapt to both slow and rapid changes. The spam immune system distinguishes between a self of legitimate e-mail (non-spam) and a non-self of spam. The central part of the system is its detectors and lymphocytes. Detectors are regular expressions made by randomly recombining information from a set of libraries. These regular expressions match patterns in the entire message. Digital lymphocyte consists of an antibody and two associated weights—the cumulated weighted number of spams matched and the messages matched. The gene library contains partial patterns used to build the full patterns used in lymphocytes. Three libraries were tested—heuristic, which emerged as the most accurate for classification, the Bayesian token library and English word libraries that performed significantly worse. In [51] the authors, specifically relating to computer security discuss virus detection and process anomaly detection, describe several different approaches. In UNIX processes, changes in behavior were detected through short range correlation of process system calls, especially for root processes. Viruses were detected through change detection on files, as also through the use of decoys or honeypots, which use signature-based approach and monitor decoy programs and build signatures based on their changes. The system is host-based, looking specifically at privileged processes, and runs on a system that is connected to the network. The system collects information in a training period, which is used to define self. This information is in the form of root user ‘sendmail’ command sequences, which is used to construct a database of normal commands. These commands are examined and compared with entries in this database. A command-matching algorithm is implemented wherein new traffic is compared with the defined behavior in the database. Intrusions are detected whenever the level of mismatches with entries in the database rises above a predefined level. An automated detection and response system for identifying malicious self-propagating code and stopping its spread has been the goal in [65]. Numerous mechanisms were implemented, which were inspired from the differentiation states of T-cells that can be grouped into particular status subsets that can be used to classify the types of Tcells. From these classifications, the various roles of diverse T-cell types can be seen. Design of a new AIS model, CARDINAL (Cooperative Automated worm Response and Detection ImmuNe ALgorithm), is described, which has the potential to operate as a cooperative automated worm detection and response system. In particular, three key properties of T-cells have been identified: T-cell proliferation to optimize the number of peer hosts polled, T-cell differentiation to assess attack severity and certainty, and Tcell modulation and interaction to balance local and peer information. The T-cell algorithm worked in unison with the novel danger-theory inspired system [62]. Danger theory model appears to be useful in cyber security, as not all abnormal events (non-self) represent attacks, rather a small percentage of such events are of real concern. Some simple observations can be used to trigger a chain of defensive actions, but the challenge is clearly to define what constitutes suitable danger signals. B. Application in Fault Detection The field of fault diagnosis needs to accurately predict or recover from faults occurring in plants, machines like refrigeration systems, communications like telephone systems and transportations like Aircrafts. In [45], the approach is to use the ‘Learning Vector Quantization’ (LVQ) to determine a correlation between two sensors from their outputs when they work properly. Each sensor is equated to a B-cell in an immune network, and sensors test one another’s outputs to see whether they are normal using the extracted correlations. Here, reliability of the sensor is used in lieu of the similarity to neighbors. In the field of fault diagnosis, there has also been some interest in creating distributed diagnostic systems. Initial work in [46] proposed a parallel-distributed diagnostic algorithm. However, the authors likened their algorithm to that of an immune network, due to its distributed operation, and the systems emergent co-operative behavior between sensors. This work was then continued [47] and active diagnostic mechanism [48] was included. Active diagnosis The biological immune system can be envisioned as a multilayer protection system, where each layer provides different types of defense mechanisms for detection, recognition and responses. continually monitors for consistency between the current states of the system with respect to the normal state. Each sensor can be equated with a B-cell, connected via the immune network with each sensor maintaining a time-variant record of sensory reliability, thus creating a dynamic system. This work differs from the above in the way in which the reliability of each sensor is calculated. In an interesting work [60] involving Aircraft Fault detection, experiments were performed with datasets collected through simulated failure conditions using NASA Ames C-17 flight simulator. Three sets of in-flight sensory information— namely, body-axes roll rate, pitch rate and yaw rate—were considered to detect five different simulated faults: one for Engine, two for the Tails and two for the Wings. A real-valued negative selection algorithm, called MILD, was utilized to detect a broad spectrum of known as well as unforeseen faults. Once the fault was detected and identified, a direct adaptive control system utilized the detection information to stabilize the aircraft by utilizing available resources. The MILD software tool implements an immunity-based technique for anomaly and fault detection where a small number of specialized detectors (as signatures of known failure conditions) and a set of generalized detectors for unknown (or possible) fault conditions are. Once the fault is detected and identified, an adaptive control system would use this detection information to stabilize the aircraft by utilizing available resources (control surfaces). Experiments were performed with datasets collected under normal and various simulated failure conditions using a piloted motionbased NASA simulation facility. An Article on MILD project is available at NASA Web site. Figure 5 illustrates the performance of the detection system when tested with “full tail failure” data, where this type of fault is manifested in pitch error rate (starting at the 1200th time step). The graph also shows the number of detectors NOVEMBER 2006 | IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE 47 activated (lower bar chart), as significant deviations in data patterns appear. The bar chart shows the arrangement of the detectors with increased radius. MILD - a Fault Detection Tool Based on the Negative Selection Algorithm Inspired by the Human Immune System. MILD v1.0 Detector Generation Anomaly Detection EXIT Immunity-based Fault Detection System MILD: Fault Detection MILD v1.o Detection Result 1.5 1 Detection Information System Input ALERT SIGNAL C:\Documents and Settings\FIT Load Testing Data Roll Pitch Yaw Load Detectors C:\Documents and Settings\FIT 0.5 Detectors created on: 0 20-Aug-2004 22:49:11 −0.5 −1 0 Total Number Of Detectors: 200 400 600 Min. Radius: 800 1000 1200 0.17 1400 1600 1800 Max. Radius: Isolation Result Type of Activated Detectors: 3 Overlapping: 1 0.56 Detection Window 0 E 50 100 Sensitivity(threshold): 0 Detector_Distribution_Plot 50 % 100 Detector Distribution Plot 30 Number of Times Activated Window Size: 103 2000 25 1 20 Detect 0.8 Restart 0.6 15 0.4 10 0.2 5 0 1 Detector Generation EXIT 1 0 0 0.5 20 60 40 80 Ordered Detector Index 100 0.5 0 0 FIGURE 5 Illustrates the performance of the detection system when tested with “full tail failure” data, where this type of fault is manifested in pitch error rate (starting at the 1200th time step). The graph also shows the number of detectors activated (lower bar chart), as significant deviations in data patterns appear. The bar chart shows the arrangement of the detectors with increased radius. TABLE 2 COMPUTATIONAL PROBLEM TYPICAL APPLICATIONS SELF/NON-SELF RECOGNITION ANOMALY OR CHANGE DETECTION - COMPUTER SECURITY - FAULT DETECTION IMMUNE NETWORK THEORY AND IMMUNE MEMORY LEARNING (SUPERVISED UNSUPERVISED) - CLASSIFICATION - CLUSTERING - DATA ANALYSIS - STREAM DATAMINING CLONAL SELECTION SEARCH, OPTIMIZATION - FUNCTION OPTIMIZATION MOBILITY, DISTRIBUTED DISTRIBUTED PROCESSING - AGENT ARCHITECTURES - DECENTRALIZED ROBOT CONTROL INNATE IMMUNITY DANGER THEORY - NETWORK SECURITY BIS ASPECT 48 IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE | NOVEMBER 2006 IV. Conclusions The biological immune system (BIS) is a subject of great research interest because of its powerful information processing capabilities; in particular, understanding the distributed nature of its memory, self-tolerance and decentralized control mechanisms from an informational perspective, and building computational models believed to better solve many science and engineering problems. In the recent development of the AIS field, existing models are being studied extensively, and new ideas from immunology are explored, such as danger theory. This survey found that NS algorithms are widely used compared to other AIS approaches. In a recent survey on AIS by Garrett [42], he concluded that negative selection algorithms have a distinct process compared with other algorithms and may be most suitable for certain applications. On the other hand, Freitas et al. [43] pointed out that negative selection algorithms are not appropriate to be used as a general classification method because they are a one-class approach.However, Gonzalez [67] demonstrated that NS algorithm can be used to generate samples for the underrepresented class (a class with a few samples). Stibor et al. raised several possibilities that negative selection algorithms in general or certain specific models may not be appropriate [44], but the real weakness of the method, which likely may exist, was not satisfactorily identified. Both the relatively popular usage of this method in diverse applications and the doubt about its value justify a thorough review on this approach in order to avoid existing and potential misconceptions and to facilitate its development or evolution. Table 2 summarizes the mostly studied models of AIS. Despite many successes of AIS techniques, there remain some open issues. Most importantly, the uniqueness and usability of each model needs to be determined; as the field is relatively new, most of the existing works have been exploratory, and these algorithms do not scale well. Among others, the following are some aspects that have to be addressed in order to make the AIS a real-world problem solving technique: ❏ Improvement in the efficiency of the algorithms. ❏ Enhancement of the representation. ❏ Introduction of other immune mechanisms. ❏ Development of unified architecture that can integrate several AIS models. References [1] D. Bradley and A. Tyrrell, “Immunotronics: Hardware fault tolerance inspired by the immune system,” in Proceedings of the 3rd International conference on Evoluable Systems (ICES2000), vol. 1801. Springer-Verlag, Inc., pp.11–20, 2000. [2] L.N. de Castro and F.J. Von Zuben, “An immunological approach to initialize feedforward neural network weights,” in International Conference on Artificial Neural Networks and Genetic Algorithms (ICANNGA ‘01), pp. 126–129, 2001. [3] A. Tarakanov and D. Dasgupta, “An immunochip architecture and its emulation,” in 2002 NASA/DoD Conference on Evolvable Hardware, Alexandria, VA, USA, pp. 261–265, 2002. [4] E. Hart and P. Ross, “Exploiting the analogy between immunology and sparse distributed memories: A system for clustering non-stationary data,” in Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS), pp. 49–58, Sept. 2002. [5] C.A. Coello and N.C. Cores, “A parallel implementation of the artificial immune system to handle constraints in genetic algorithms: Preliminary results,” in Proceedings of the 2002 Congress on Evolutionary Computation (CEC 2002), Honolulu, p. 819824, 2002. [6] J. Kim and P. Bentley, “Toward an artificial immune system for network intrusion detection: An investigation of dynamic clonal selection,” in Proceedings of the 2002 Congress on Evolutionary Computation (CEC 2002), Honolulu, Hawaii, pp. 1244–1252, 2002. [7] D. Dasgupta, “Immune-based intrusion detection system: A general framework,” in Proceedings of the 22nd National Information Systems Security Conference (NISSC), 1999. [8] D. Dasgupta, Y. Cao, and C. Yang, “An immunogenetic approach to spectra recognition,” in Proceedings of Genetic and Evolutionary Computational Conference (GECCO 1999), vol. 1. Orlando, Florida, USA: Morgan Kaufmann, pp. 149–155, July 13–17, 1999. [9] P.D. Williams, K.P. Anchor, J.L. Bebo, G.H. Gunsh, and G.D. Lamont, “Cdis: Towards a computer immune system for detecting network intrusions” Lecture notes in Computer Science, vol. 2212, pp. 117–133, 2001. [10] A. Tarakanov and D. Dasgupta, “A formal model of an artificial immune system,” BioSystem, vol. 55, pp. 151–158, 2000. [11] J.I. Timmis, “Artificial immune systems: A novel data analysis technique inspired by the immune network theory,” Ph.D. dissertation, University of Wales, Aberystwyth, UK, 2000. [12] L.N. de Castro and F.J. Von Zuben (2000a). “The clonal selection algorithm with engineering applications,” in Proceedings of GECCO 2000, pp. 36–39, 2000. [13] L.N. de Castro and F.J.V. Zuben, “aiNet: An artificial immune network for data analysis,” in Data Mining: A Heuristic Approach, H.A. Abbass, R.A. Sarker, and C.S. Newton, Eds. Idea Group Publishing, USA, pp. 231–259, March 2001. [14] O. Nasraoui, F. Gonzalez, C. Cardona, C. Rojas, and D. Dasgupta, “A scalable artificial immune system model for dynamic unsupervised learning,” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2003), ser. LNCS 2723. Chicago, IL: Springer, pp. 219–230, July 2003. [15] A. Iqbal and M.A. Maarof, “Towards danger theory based artificial APC model: Novel metaphor for danger susceptible data codons,” in Proceedings of Third International Conference on Artificial Immune Systems (ICARIS 2004), pp. 161–174, 2004. [16] S. Stepney, R.E. Smith, and J. Timmis, et al., “Towards a conceptual framework for artificial immune systems,” in Proceedings of Third International Conference on Artificial Immune Systems (ICARIS 2004), pp. 53–64, 2004. [17] Z. Ji and D. Dasgupta, “Real-valued negative selection algorithm with variable-sized detectors,” in LNCS 3102, Proceedings of GECCO, pp. 287–298, 2004. [18] Z. Ji and D. Dasgupta, “Applicability issues of the real-valued negative selection algorithms,” in Genetic and Evolutionary Computation Conference (GECCO), pp. 111–118, July 8–12, 2006. [19] J.C. Galeano, A. Veloza-Suan, and F.A. Gonzalez, “A comparative analysis of artificial immune network models,” in GECCO 2005: Proceedings of the 2005 conference on Genetic and evolutionary computation, Washington DC, USA: ACM 320 Press, vol. 1, pp. 361–368, June 25–29, 2005. [20] P.S. Andrews and J. Timmis, “Inspiration for the next generation of artificial immune systems,” in ICARIS, pp. 126–138, 2005. [21] T. Stibor, J. Timmis, and C. Eckert, “A comparative study of real-valued negative selection to statistical anomaly detection techniques,” in ICARIS, pp. 262–275, 2005. [22] U. Aickelin and S. Cayzer, “The Danger Theory and Its Application to Artificial Immune Systems,” In the Proceedings of 1st International Conference on Artificial Immune Systems (ICARIS), University of Kent at Canterbury, UK, Sept. 9–11, 2002. [23] J. Twycross and U. Aickelin, “Libtissue-Implementing Innate Immunity, In the Proceedings of IEEE World Congress on Computational Intelligence, Vancouver, Canada, July 17–21, 2006. [24] J. Hunt, J. Timmis, D. Cooke, M. Neal, and C. King, “Jisys: The development of an Artificial Immune System for real world applications,” Applications of Artificial Immune Systems, D. Dasgupta Ed., Pub. Springer-Verlag, ISBN 3-540-64390-7, pp. 157–186, 1999. [25] S.A. Hofmeyr and S. Forrest, Architecture for an artificial immune system, Evolutionary Computation, vol. 8, no. 4, pp. 443–473, 2000. [26] D. Dasgupta, S. Yu, and N.S. Majumdar, “MILA—multilevel immune learning algorithm,” In Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2003), LNCS 2723, pp. 183–194, Chicago, IL, Springer, July 12–16, 2003. [27] O. Nasraoui, F. Gonzalez, and D. Dasgupta, “The fuzzy ais: Motivations, basic concepts, and applications to clustering and web profiling,” In IEEE International Conference on Fuzzy Systems, pp. 711–717, Hawaii, May 12–17, 2002. [28] A.K. Abbas and A.H. Lichtman, “Cellular and Molecular Immunology,” Saunders, 2000. [29] N.K. Jerne, Towards a network theory of the immune system. Ann. Immunol. (Inst. Pasteur), 125C, pp. 373–389, 1974. [30] S. Forrest, A.S. Perelson, L. Allen, and R. Cherukuri, “Self-Nonself Discrimination in a Computer,” In Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA: IEEE Computer Society Press, 1994. [31] J. Timmis, M. Neal, and J. Hunt, “Data analysis with artificial immune systems and cluster analysis and kohonen networks: Some comparisons,” In Proc. of IEEE Int. Conf. Systems and Man and Cybernetics, pp. 922–927, Tokyo, Japan. 1999. [32] J. Timmis, M. Neal, and J. Hunt, “An Artificial Immune System for Data Analysis,” In the Proceedings of the International Workshop on Intelligent Processing in Cells and Tissues (IPCAT), 1999. [33] T. Knight and J. Timmis, “Assessing the performance of the resource limited artificial immune system AINE,” Technical Report 3-01, Canterbury, Kent. CT2 7NF, May 2001. [34] F. Gonzalez and D. Dasgupta, “An Immunogenetic Technique to Detect Anomalies in Network Traffic,” In the Proceedings of the International Conference Genetic and Evolutionary Computation (GECCO), New York, July 9–13, 2002. [35] Wierzchon & Kuzelewska, “Stable Clusters Formation in an Artificial Immune System,” In 1st International Conference on Artificial Immune Systems (ICARIS), University of Kent at Canterbury, UK, Sept. 9th–11th, 2002. [36] Y. Cao and D. Dasgupta, “An Immunogenetic Approach in Chemical Spectrum Recognition,” Chapter 36 in the edited volume Advances in Evolutionary Computing (Ghosh & Tsutsui, eds.), Springer-Verlag, Inc. Jan. 2003. [37] D. Dasgupta and S. Forrest, “Novelty Detection in Time Series Data using Ideas from Immunology,” In ISCA 5th International Conference on Intelligent Systems, Reno, Nevada, June 19–21, 1996. [38] J. Timmis, M. Neal, and T. Knight, “AINE: Machine Learning Inspired by the Immune System,” Published in IEEE Transactions on Evolutionary Computation, June 2002. [39] K. Krishnakumar and J. Neidhoefer, Immunized Adaptive Critic for an Autonomous Aircraft Control Application, Chapter 20 in the book entitled Artificial Immune Systems and Their Applications, Publisher: Springer-Verlag, Inc., pp. 221–240, Jan. 1999. [40] P, Matzinger, “The Danger Model in Its Historical Context,” Scandinavian Journal of Immunology, vol. 54, pp. 4–9, 2001. [41] P. Matzinger Tolerance, “Danger and the Extended Family,” Annual Review of Immunology, vol. 12, pp. 991–1045, 1994. [42] S.M. Garrett, “How do we evaluate artificial immune systems?” Evolutionary Computation, vol. 13, no. 2, pp. 145–178, 2005. [43] A.A. Freitas and J. Timmis, “Revisiting the Foundations of Artificial Immune Systems: A Problem-oriented Perspective,” In the Proceeding of Second International Conference on Artificial Immune Systems (ICARIS), Napier University, Edinburgh, UK, September 1–3, 2003. [44] T, Stibor Philipp Mohr, Jonathan Timmis, and Claudia Eckert, “Is Negative Selection Appropriate for Anomaly Detection?” In the Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), Washington, D.C., June 25–29, 2005. [45] H. Bersini and F. Varela, “Hints for Adaptive Problem Solving Gleaned from Immune Network,” In Parallel Problem Solving from Nature, pp. 343–354, 1990. [46] M. Kayama, Y. Sugita, Y. Morooka, and S. Fukuodka, “Distributed diagnosis system combining the immune network and learning vector quantization,” Proc. of IEEE 21st International Conference on Industrial Electronics and Control and Instrumentation. Orlando, USA. pp. 1531–1536, 1995. [47] Y. Ishida, “Fully Distributed Diagnosis by PDP Learning Algorithm: Towards Immune Network PDP Model,” Proc. of International Joint Conference on Neural Networks, San Diego, pp. 777–782, 1990. [48] Y. Ishida, “Distributed and autonomous sensing based on immune network,” Proc. of Artificial Life and Robotics, Beppu. AAAI Press, pp. 214–217, 1996. [49] M. Neal, “Meta-Stable Memory in an Artificial Immune Network,” In the Proceedings of Second International Conference on Artificial Immune Systems (ICARIS), Napier University, Edinburgh, UK, Sept. 1–3, 2003. [50] P. D’haeseleer, S. Forrest, and P. Helman, “An immunological approach to change detection: Algorithms, analysis, and implications,” In Proc. of the 1996 IEEE Symposium on Computer Security and Privacy, IEEE Computer Society Press, Los Alamitos, CA, pp. 110–119, 1996. [51] S. Forrest, S.A. Hofmeyr, A. Somayaji, and T.A. Longstaff, “A sense of self for Unix processes,” In Proc. of 1996 IEEE Symposium on Computer Security and Privacy, 1996. [52] S. Forrest, S. Hofmeyr, and A. Somayaji, “Computer Immunology,” In Communications of the ACM, vol. 40, no. 10, pp. 88–96, 1997. [53] A. Somayaji, S. Hofmeyr, and S. Forrest, “Principles of a Computer Immune System,” 1997 New Security Paradigms Workshop, pp. 75–82, 1998. [54] S.A. Hofmeyr and S. Forrest, “Immunity by Design: An Artificial Immune System,” In Proc. of 1999 GECCO Conference, 1999. [55] S.A. Hofmeyr, A. Somayaji, and S. Forrest, “Intrusion Detection using Sequences of System Calls,” Journal of Computer Security, vol. 6, pp. 151–180, 1998. [56] C. Warrender, S. Forrest, and B. Pearlmutter, “Detecting intrusions using system calls: Alternative data models 1999,” IEEE Symposium on security and Privacy (1999). [57] J. Kim and P. Bentley, “The human Immune system and Network Intrusion Detection,” Proc. of 7th European Congress on Intelligent techniques—Soft Computing (EUFIT’99), Aachan. Germany, Sept. 13–19, 1999. [58] S. Forrest and M.R. Glickman, “Revisiting LISYS: Parameters and Normal behavior,” In the Proc. of the Special Track on Artificial Immune Systems, WCCI.-CEC. May 2002. [59] D. Dasgupta, “Using Immunological Principles in Anomaly Detection,” In Proc. of the Artificial Neural Networks in Engineering (ANNIE’96), St. Louis, USA, Nov. 10–13, 1996. [60] D. Dasgupta, K. KrishnaKumar, D. Wong, and M. Berry, “Negative Selection Algorithm for Aircraft Fault Detection.” In the Proceedings of the Third International Conference, ICARIS 2004 on Artificial Immune Systems, Catania, Sicily, Italy, Sept., 2004. [61] T. Oda and T. White, “Immunity from Spam: An Analysis of an Artificial Immune System for Junk Email Detection,” In the Proceedings of the Fourth International Conference, ICARIS 2005 on Artificial Immune Systems, Banff, Alberta, Canada, pp. 276–289, Aug. 2005. [62] U. Aicklen, P. Bentley, S. Cayzer, J. Kim, and J. McLeod, “Danger Theory: The link between ais and ids,” In the proceedings of the Third International Conference, ICARIS 2003 on Artificial Immune Systems, Edinburgh, UK, pp. 156–167, 2003. [63] J. Balthrop, S. Forrest, and M. Glickman, “Revisiting lisys: Parameters and normal behavior,” Proceedings of the Congress on Evolutionary Computation, pp. 1045–1050, 2002. [64] S. Hofmeyr, An immunological model of distributed detection and its application to computer security, PhD thesis, University of New Mexico, 1999. [65] J. Kim and W.O. Wilson, “Uwe Aickelin, and Julie McLeod,” Cooperative Automated Worm Response and Detection ImmuNe ALgorithm (CARDINAL) Inspired by T-cell Immunity and Tolerance. In the proceedings of the Fourth International Conference, ICARIS 2005 on Artificial Immune Systems, Banff, Alberta, Canada, pp. 168–181, Aug. 2005. [66] S.A. Hofmeyr and S. Forrest, “Architecture for an artificial immune system,” Evolutionary Computation, vol. 8, no. 4, pp. 443–473, 2000. [67] F. González, D. Dasgupta, and R. Kozma, “Combining negative selection and classification techniques for anomaly detection,” In Proceedings of the 2002 Congress on Evolutionary Computation CEC2002, pp. 705–710. NOVEMBER 2006 | IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE 49