Download Advances in Artificial Immune Systems During

Dipankar Dasgupta
University of Memphis, USA
Advances
in Artificial
Immune Systems
© DIGITALVISION
40
uring the last decade, the field of Artificial Immune System (AIS) is progressing
slowly and steadily as a branch of Computational Intelligence (CI) as shown in
Figure 1.There has been increasing interest in the development of computational models inspired by several immunological principles. In particular, some
are building models mimicking the mechanisms in the biological immune system (BIS) to
better understand its natural processes and simulate its dynamical behavior in the presence
of antigens/pathogens. Most of the AIS models, however, emphasize designing artifacts–computational algorithms, techniques using simplified models of various
immunological processes and functionalities. Like other biologically-inspired techniques, such as artificial neural networks, genetic algorithms, and cellular automata,
AISs also try to extract ideas from the BIS in order to develop computational
tools for solving science and engineering problems. Although still relatively young, the Artificial Immune System (AIS) is emerging as an
active and attractive field involving models, techniques and
applications of greater diversity.
D
IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE | NOVEMBER 2006
1556-603X/06/$20.00©2006IEEE
I. Immune System Metaphors
response, which has recognition functions and thus binds to
foreign antigens. But they have no meaning if they only bind
to antigens, as antibodies do not kill anything. By binding to
antigens, however, antibody molecules activate the serum
complement that can bind to the appropriate region of antibody molecules and initiate the classic pathway of complement activation. Finally, a pore-forming molecule-membrane
attacking complex (MAC) is formed through complement
activation, which punches holes in the cell surface of the foreign antigen and destroys the foreign antigen.
In the biological immune system, signal diffusion and dialogue are two kinds of communication schemes available. They
take a major role in sharing and passing information during
immune response. In immune diffusion, the message is passed
from one immuno-component to others without any feedback.
Another scheme is called immune dialogue, where the immune
system continuously exchanges molecular signals with its counterparts. Immune sensitivity is determined by context, where
self and foreign agents play upon each other. The body is under
constant challenge to respond along a continuum of behavior
and needs to adapt accordingly. Signaling is important in biological defense as it allows a cell to move a signal from the outside to the inside, and signaling results in changes to the cell,
allowing it to appropriately respond to a stimulus.
From an information-processing perspective, the immune
system is a remarkable parallel and distributed adaptive system
with (partial) decentralized control mechanism. It uses feature
extraction, signaling, learning, memory, and associative retrieval
to solve recognition and classification tasks. In particular, it learns
to recognize relevant patterns, remember patterns that have been
seen previously, and use combinatorics to construct pattern
detectors efficiently. Also, the overall behavior of the system is
an emergent property of many local interactions. These remarkable information-processing abilities of the immune system provide several important aspects in the field of computation.
The biological immune system is a complex adaptive system
that has evolved in vertebrates to protect them from invading
pathogens. To accomplish its tasks, the immune system has
evolved sophisticated pattern recognition and response mechanisms following various differential pathways, i.e. depending
on the type of enemy, the way it enters the body and the damage it causes, the immune system uses various response mechanisms either to destroy the invader or to neutralize its effects.
In medical science, historically, the term immunity refers to
the condition in which an organism can resist disease, more
specifically infectious disease. However, a broader definition of
immunity is a reaction to foreign (or dangerous) substances.
Cells and molecules responsible for immunity constitute the
biological immune system, and the collective coordinated
response of such cells and molecules in the presence of
pathogens is known as the immune response. The biological
immune system can be envisioned as a multilayer protection
system, where each layer provides different types of defense
mechanisms for detection, recognition and responses. Thus,
three main layers include the anatomic barrier, innate immunity
(nonspecific) and adaptive (specific) immunity. Innate (non-specific)
immunity and adaptive (specific) immunity are inter-linked and
influence each other [28]. Once adaptive immunity recognizes
the presence of an invader, it triggers two types of responses
humoral immunity and cell-mediated (cellular) immunity, which
act in a sequential fashion. Innate immunity is directed against
any pathogen. If an invading pathogen escapes the innate
defenses, then the body can launch an adaptive or specific
response against a particular type of foreign agent.
Figure 2 presents an abstract outline of some immunological components and their functional relationships from computational perspectives. This illustration focuses on some BIS
terminologies that are used to design artificial immune systems. The antibodies are generated in the humoral immune
Computational
Intelligence
Biology-Inspired
Methods
... ...
Neural Networks
Evolutionary
Computation
Negative
Selection Algorithms
... ...
Artificial Immune
System (AIS)
Immune Network
Clonal Selection
... ...
Other Models
Danger Theory
FIGURE 1 Artificial Immune System (AIS) as a branch of Computational Intelligence (CI).
NOVEMBER 2006 | IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE
41
Antigen
Exogenous
Antigen
Endogenous
Antigen
Target Cell
Antigen Processing and
Presentation
Macrophages
Phagocytosis
Antigen Presenting Cell
Antigen Processing and
Presentation
Monokines
T Helper Cell
Recognition and Activation
T Killer Cell
Endogenous Antigen Killing
Cytokines
B Cell
Antigen Processing and
Presentation
Opsonization
Complement
Exogenous Antigen Killing
Plasma Cell
Antibody Secretion
FIGURE 2 Shows different functional elements of the Biological Immune System (BIS) and their relationship.
II. Artificial Immune Systems
Artificial Immune Systems (AIS) emerged in the 1990s as a
new branch in Computational Intelligence (CI).A number
of AIS models exist, and they are used in pattern recognition, fault detection, computer security, and a variety of
other applications researchers are exploring in the field of
science and engineering [32], [49], [52]. Although the AIS
research has been gaining its momentum, the changes in the
fundamental methodologies have not been dramatic.
Among various mechanisms in the biological immune system that are explored as AISs, negative selection, immune
network model and clonal selection are still the most discussed models [4], [13], [30].
A. Immune Network Models
The immune Network theory had been proposed in the
mid-seventies [29]. The hypothesis was that the immune
system maintains an idiotypic network of interconnected B
cells for antigen recognition. These cells both stimulate and
suppress each other in certain ways that lead to the stabilization of the network. Two B cells are connected if the
affinities they share exceed a certain threshold, and the
strength of the connection is directly proportional to the
affinity they share.
42
IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE | NOVEMBER 2006
In artificial immune network (AIN) models, a B-cell population is made of two sub-populations: the initial population
and the cloned population. The initial set is generated from a
subset of raw training data to create the B-cell network. The
remainders are used as antigen training items. Antigens are
then selected randomly from the training set and presented to
the areas of the B-cell network. If the binding is successful,
then the B-cell is cloned and mutated [24]. The mutation
yields a diverse set of antibodies that can be used in the classification procedure.Once a new B cell is created, an attempt is
made to integrate it into the network at the closest B Cells. If
the new B cell cannot be integrated, it is removed from the
population. If no bind is successful, then a B-cell is generated
using the antigen as a template and is then incorporated into
the network.
An updated version, called AINE [32] uses artificial recognition ball (ARB) to represent a number of similar B-cells (not
a single B-cell). This resembles the idea of recognition ball in
immunology, which refers to the region in the shape space of
antigen that an antibody can recognize. It represents a single ndimensional data item that could be matched by Euclidean distance to an antigen or another ARB. A link between two
B-cells is created if the affinity (distance) between two ARBs is
below a network affinity threshold (NAT). The results show
that the combination of normalizing the stimulation levels of
ARBs in the network and the resource allocation mechanism
leads to the biasing of AINE toward the strongest pattern in
the data set to emerge [33].
B. Clonal Selection Principle
The Clonal Selection Principle describes the basic features of
an immune response to an antigenic stimulus. It establishes the
idea that only those cells that recognize the antigen proliferate,
thus being selected against those that do not. The main features of the Clonal Selection Theory are that:
❏ The new cells are copies of their parents (clone) subjected
to a mutation mechanism with high rates (somatic hypermutation);
❏ Elimination of newly differentiated lymphocytes carrying
self-reactive receptors;
❏ Proliferation and differentiation on contact of mature cells
with antigens.
The algorithm (CLONALG) is based on the clonal selection and affinity maturation principles [13]. It is similar to
mutation-based evolutionary algorithms and has several interesting features: 1) population size dynamically adjustable, 2)
exploitation and exploration of the search space, 3) location of
multiple optima, 4) capability of maintaining local optima
solutions, and 5) defined stopping criterion [12], [13]. A model
combining the ideas of aiNet and AINE was also proposed
[35]. This work emphasizes its self-organizing ability, i.e. the
use of minimal number of control parameters.
C. Negative Selection Algorithms
One of the purposes of the immune system is to recognize all
cells (or molecules) within the body and categorize those cells
as self or non-self. The non-self cells are further categorized in
order to induce an appropriate type of defensive mechanism.
The immune system learns through evolution to distinguish
between foreign antigens (e.g., bacteria, viruses, etc.) and the
body’s own cells or molecules. The purpose of negative selection is to provide tolerance for self cells. It deals with the
immune system’s ability to detect unknown antigens while not
reacting to the self cells. During the generation of T-cells,
receptors are made through a pseudo-random genetic
rearrangement process. Then, they undergo a censoring
process in the thymus, called the negative selection. There, Tcells that react against self-proteins are destroyed; thus, only
those that do not bind to self-proteins are allowed to leave the
thymus. These matured T-cells then circulate throughout the
body to perform immunological functions and protect the
body against foreign antigens.
The negative selection algorithm Forrest et al. [30], is one
of the computational models of self/nonself discrimination,
first designed as a change detection method. It is one of the
earliest AIS algorithms that were applied in various real-world
applications. Since it was first conceived, it has attracted many
AIS researchers and practitioners and has gone through some
phenomenal evolution. In spite of evolution and diversification
of this method, the main characteristics of a negative selection
algorithm described by Forrest et al. [30] still persist. Figures 3
(a) and (b), similar to the original conception, describe the
major steps in such an algorithm. In generation stage, the
detectors are generated by some random process and censored
by trying to match self samples. Those candidates that match
are eliminated and the rest are kept as detectors. In the detection stage, the collection of detectors (or detector set) is used
to check whether an incoming data instance is self or non-self.
If it matches any detector, then it is claimed as non-self or
anomaly. This description is limited to some extent, but conveys the essential idea.
Like any other Computational Intelligence technique, different negative selection algorithms are characterized by particular representation schemes, matching rules and detector
generation processes:
❏ Data and detector representation
• Binary (or string) representation
• Real-valued representation; detectors as hypersphere, or
hyper-rectangle
• Hybrid representation
❏ Generate/elimination mechanism
• Random generation + censoring
• Genetic algorithm
• Greedy algorithm or other deterministic algorithm
Detector Set
Self Samples
Random
Candidate
No
Match?
Yes
Add to
Detector Set
Discard
Data Item
to Be Checked
No
Match?
Yes
Normal (Self)
Abnormal
(Nonself)
FIGURE 3 The basic concept of the Negative Selection (NS) Algorithm.
NOVEMBER 2006 | IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE
43
❏ Matching rule
❏ Algorithm of generating detectors
• rcb (r-contiguous bits), r-chunk, Hamming distance and
variations (like R&T distance), edit distance
• statistical correlation, landscape matching
• Euclidean distance-based for real-valued representation
Two important aspects of a negative selection algorithm
are:
1) The target concept of the algorithm is the complement of a
self set.
2) The goal is to discriminate between self and non-self patterns, but only samples from one class are available (oneclass learning).
The performance of each NS algorithm differs based on a
number of factors, such as
❏ Number of detectors
• Affecting the efficiency of generation and detection
❏ Detector coverage
• Affecting the accuracy of detection
• Linked to efficiency and quality of detector set
❏ Applicable scenario
• Large amount of self (normal) samples
• Rare or no abnormal samples
❏ another possible usage: “negative database”
❏ When it is not appropriate; for example, the number of self
samples is small and sparse.
Some limitations of the (binary) string representation in NS
algorithms are
❏ Binary matching rules are not able to capture the semantics
of some complex self/non-self spaces.
❏ It is not easy to extract meaningful domain knowledge.
❏ In some cases, a large number of detectors are needed to
guarantee better coverage (detection rate).
❏ It is difficult to integrate the NS algorithm with other
immune algorithms.
❏ Crisp boundary of self and non-self may be hard to define.
TABLE 1 A timeline of recent AIS developments.
REFERENCE
MODEL OR TECHNIQUE
DESCRIPTION
ASPECTS OF THE BIS
MODELED
HUNT ET AL.,
1999 [24]
A MACHINE-LEARNING SYSTEM (JISYS)
BASED ON IMMUNE NETWORKS
AG-AB BINDING. IMMUNE
NETWORK.
DASGUPTA, 1999
[7]
AN ARCHITECTURE FOR AN AGENTBASED INTRUSION/ANOMALY
DETECTION AND RESPONSE SYSTEM
COMBINES IMMUNE SYSTEM IDEAS AND
GENETIC ALGORITHMS TO INTERPRET
CHEMICAL SPECTRA
A MULTI-AGENT COMPUTATIONAL
IMMUNE SYSTEM (CDIS) FOR
INTRUSION DETECTION
DISTRIBUTED CONTROL.
SELF/NON-SELF
DISCRIMINATION.
AG-AB BINDING.
SELF/NON-SELF
DISCRIMINATION.
AG-AB BINDING.
A FORMAL MODEL OF THE IMMUNE
SYSTEM.
A RESOURCE LIMITED ARTIFICIAL
IMMUNE SYSTEM RAINE FOR DATA
ANALYSIS THAT EXTENDS THE WORK
OF COOKE AND HUNT [8].
A SYSTEM BASED ON CLONAL
SELECTION AND AFFINITY
MATURATION (CLONALG).
AN IMMUNE NETWORK LEARNING
ALGORITHM (AINET).
DASGUPTA, 1999
[8]
WILLIAMS, 1999
[9]
TARAKANOV, 2000
[10]
TIMMIS, 2000
[11]
DE CASTRO, 2000
[12]
DE CASTRO, 2001
[13]
HOFMEYR [25]
AN ARCHITECTURE FOR AN ARTIFICIAL
IMMUNE SYSTEM (LISYS).
BRADLEY, 2000
[1]
A MACHINE FAULT TOLERANCE
MECHANISM BASED ON IMMUNE
SYSTEM IDEAS (IMMUNOTRONICS).
A SIMULATED ANNEALING ALGORITHM
BASED ON THE IMMUNE SYSTEMS
(SAND) APPLIED TO NEURAL
NETWORK INITIALIZATION.
ARCHITECTURE TO BUILD CHIPS THAT
IMPLEMENT THE IMMUNE SYSTEM
MODEL.
DE CASTRO, 2001
[2]
TARAKANOV [3]
TYPE OF
REPRESENTATION
USED
APPLICATIONS
MIXED NUMERICAL,
CATEGORICAL AND
STRING DATA.
JAVA OBJECTS
(APPLETS)
FRAUD DETECTION.
LEARNING.
BINARY STRINGS
CHEMICAL SPECTRUM
RECOGNITION.
SELF/NON-SELF
DISCRIMINATION.
STRINGS FROM A
FINITE ALPHABET.
COMPUTER SECURITY
AG-AB BINDING.
REAL-VALUED VECTORS.
BIS MODELING.
AG-AB BINDING, IMMUNE
NETWORK.
REAL-VALUED VECTORS.
DATA ANALYSIS,
CLUSTERING.
AG-AB BINDING. CLONAL
SELECTION. AFFINITY
MATURATION.
AG-AB BINDING, CLONAL
SELECTION, AFFINITY
MATURATION, IMMUNE
NETWORK.
AG-AB BINDING.
SELF/NON-SELF
DISCRIMINATION,
AFFINITY MATURATION.
SELF/NON-SELF
DISCRIMINATION.
BINARY AND INTEGER
STRINGS.
PATTERN MATCHING,
OPTIMIZATION.
REAL-VALUED VECTORS.
DATA ANALYSIS,
CLUSTERING.
BINARY STRINGS.
COMPUTER
SECURITY.
BINARY STRINGS.
HARDWARE FAULT
DETECTION AND
TOLERANCE.
INITIALIZATION OF
FEED-FORWARD
NEURAL NETWORK
WEIGHTS.
PATTERN MATCHING.
AG-AB BINDING, IMMUNE
DIVERSITY.
REAL-VALUED VECTORS.
AG-AB BINDING, IMMUNE
NETWORK.
REAL-VALUED VECTORS
(INTERNALLY
REPRESENTED AS BITS).
COMPUTER SECURITY
(CONTINUES)
44
IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE | NOVEMBER 2006
In real-valued representation, the detectors are represented
by hyper-shapes in n-dimensional space. The algorithms use
geometrical spaces and use heuristics to distribute detectors in
the non-self space.
Some limitations of the real-valued representation in NS
algorithms are
❏ The issue of holes in some geometrical shapes, and may
need multi-shaped detectors
❏ Curse of dimensionality
❏ The estimation of coverage
❏ The selection of distance measure
In recent years, there has been an interesting debate among
immunologists about the classical self/non-self distinction and
the importance of detection and recognition processes [40], [41].
An issue that has been addressed is that autoimmunity is a normal finding in healthy individuals. A main problem with self and
non-self discrimination is the determination of the frontier
between self and non-self. In Danger Theory, the immune
response is determined by the presence or absence of alarm signals; some danger signals such as tissue damage trigger a myriad
of immune reactions and responses, and APCs are activated by
endogenous cellular alarm signals from distressed or injured cells.
Table 1 shows a chronological list of some AIS models and
techniques that are found in the literature. The tables include a
short description of each model or technique, use of specific
immunological mechanisms, type of representations, and the
intended applications.
III. AIS Applications
Artificial Immune Systems (AIS) are being used in many applications such as anomaly detection [37], [59], pattern recognition [36], data mining [38], computer security [6], [7], [25],
[63], [65], adaptive control [39] and fault detection [1], [60].
Two applications of AIS are considered as representative and
illustrate how artificial immune systems are used in the solution
of real-world problems.
TABLE 1 (Continued)...
REFERENCE
NASRAOUI, 2002
[27]
HART, 2002 [4]
COELLO, 2002 [5]
KIM, 2002 [6]
NASRAOUI, 2002,
2003 [14] ,[25]
TYPE OF
REPRESENTATION
USED
MODEL OR TECHNIQUE
DESCRIPTION
ASPECTS OF THE BIS
MODELED
AN IMMUNE NETWORK BASED
ALGORITHM THAT USES FUZZY
THEORY TO MODEL THE AG-AB
MATCHING.
A SYSTEM TO CLUSTER NON-STATIONARY
DATA (SOSDM) THAT COMBINES
IDEAS FROM BIS AND SPARSE
DISTRIBUTED MEMORIES.
AN APPROACH TO HANDLE
CONSTRAINTS IN GA-BASED
OPTIMIZATION.
AN ALGORITHM TO PERFORM DYNAMIC
LEARNING ON CHANGING
ENVIRONMENTS.
A SCALABLE ARTIFICIAL IMMUNE SYSTEM
MODEL FOR DYNAMIC UNSUPERVISED
LEARNING BASED ON IMMUNE
NETWORK THEORY.
AG-AB BINDING, IMMUNE
NETWORK.
REAL-VALUED VECTORS.
CLUSTERING, WEB
DATA MINING
AG-AB BINDING, IMMUNE
MEMORY.
BINARY STRINGS.
ASSOCIATIVE
MEMORY,
CLUSTERING.
AG-AB BINDING, GENE
LIBRARIES.
BINARY STRINGS
OPTIMIZATION.
AG-AB BINDING, CLONAL
SELECTION, SELF/NON
-SELF DISCRIMINATION.
AG-AB BINDING, IMMUNE
NETWORK.
BINARY STRINGS.
DYNAMIC LEARNING.
REAL-VALUED VECTORS.
CLUSTERING.
DYNAMIC
LEARNING.
ANOMALY
DETECTION,
PATTERN
RECOGNITION
APPLICATIONS
DASGUPTA ET AL.,
2003 [26]
MULTI-LEVEL IMMUNE LEARNING
ALGORITHM (MILA) COMBINES
SEVERAL IMMUNOLOGICAL FEATURES.
NEGATIVE SELECTION,
CLONAL SELECTION,
APC
IQBAL ET AL.,
2004 [15]
ARTIFICIAL APC MODEL
DANGER THEORY
DIFFERENT
REPRESENTATIONS
AND MATCHING
RULES, REPERTOIRE
OPTIMIZATION
STRING
STEPNEY ET AL.,
2004 [16]
JI ET AL., 2005
[17]
GALEANO ET AL.,
2005 [19]
ANDREWS ET AL.,
2005 [20]
CONCEPTUAL DEVELOPMENT
ENTIRE IMMUNE SYSTEM
GENERAL
DANGER
SUSCEPTIBLE DATA
CODONS
FRAMEWORK
COVERAGE ESTIMATION
NEGATIVE SELECTION
REAL-VALUED VECTOR
GENERAL
NETWORK MODEL
IMMUNE NETWORK
REAL VALUE
REVIEW
NO SELF/NON-SELF DISCRIMINATION
NEW IMMUNE THEORIES
GENERAL
STIBOR ET AL.,
2005 [21]; JI
ET AL., 2006 [18]
AICKELIN ET AL.,
2002 [22], 2006
[23]
APPLICABILITY ISSUES OF NSA
SELF/NON-SELF
DISCRIMINATION
CONCEPTUAL (CELLULAR
AUTOMATA,
UMLSTATECHART ET AL.
REAL-VALUED VECTOR
ANOMALY DETECTION
DANGER THEORY
INNATE IMMUNITY
STRING REPRESENTATION
NETWORK SECURITY
NOVEMBER 2006 | IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE
45
In order to apply an immune model to solve a particular
problem from a specific domain, one should select the immune
algorithm according to the type of problem that is being solved.
Then, identify the elements involved in the problem and how
they can be modeled as entities in the particular immune
model. To model such entities, a representation for each one of
these elements should be chosen, specifically a string representation: integer, real-valued vector representation or a hybrid representation. Subsequently, appropriate affinity (distance)
measure to determine corresponding matching rules should be
defined; then, to select the immune algorithm that will be used
to generate a set of suitable entities providing a good solution to
the problem at hand. Figure 4 shows the necessary steps to
solve a problem using an immune model.
A. Application in Computer Security
The role of the immune system may be considered analogous to that of computer security systems [7], [50]–[52].
Host-based intrusion detection methods [53]–[55] construct
a database that catalogues the normal behavior during time
in terms of the system calls made, etc. As this record builds
up, the database may be monitored for any system call not
found in the normal behavior database. The authors argue
that while simplistic, this approach is not computationally
expensive and can be easily used in real time. It also has the
advantage of being platform and software independent. An
alternative method is the network-based intrusion detection
approach. This tackles the issue of protecting networks of
computers rather than an individual computer. This is
achieved in a similar way in monitoring network services,
traffic and user behavior and attempts to detect misuse or
intrusion by observing departures from normal behavior.
Work in [53], [56], [57] laid foundations for a possible architecture and the general requirements for an immunity-based
intrusion detection system. They used the metaphor of the
innate immune system, which resides on the user’s PC and
applies virus-checking heuristics to .COM and .EXE files. If
an unknown virus is detected, then a sample is captured that
Solution
Immune Algorithms
Affinity Measures
Representation
Immune Entities
Application Domain
FIGURE 4 Implementation steps in solving a problem using an AIS.
46
IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE | NOVEMBER 2006
contains information about the virus and is sent to a central
processing system for further examination. This is analogous
to how the innate immune system works, as the first line of
defense. The signature extraction mechanism is akin to clonal selection where large numbers of possible code signatures
are produced randomly and each one checked against the
potential virus until a positive match is found. Negative
Selection algorithm has been applied to the problem of network intrusion detection [34], [55]–[58]. Each computer
runs a broadcaster, which broadcasts the source and destination of each TCP SYN packet it sees to other computers
running LISYS, and a detection node, which processes the
information from the broadcasters. Each detection node
receives data from broadcasters and mails an administrator if
it detects a novel TCP connection. A detection node has an
array of detectors that as a group determine whether a packet is anomalous. In ARTIS [66], the architecture uses distributed detection strategy wherein each detection node uses
a different representation: it filters incoming strings through
a randomly generated permutation mask. This technique of
having a different representation for each detection node is
equivalent to multiple detector shapes (hence, changing the
shape of the detectors), while keeping the “shape” of the self
set constant.
Balthrop et al. [63] used a simpler version of LISYS [58]
and developed a system that monitors network traffic and is
deployed on individual hosts. A detector set is distributed to
each of the hosts in the network, and TCP connections, based
on triplets, are monitored using these detectors. Diversity is
created through each host independently reacting to self and
non-self. The system uses a negative selection algorithm to
mature 49-bit binary detectors, which are tested against connections collected during a training period. The matured
detectors are then deployed on a live network. The matching
function used is r-contiguous and the detectors are improved
through affinity maturation.
Spam messages (or junk e-mail) fill electronic mailboxes
throughout the world. An extended examination of the
spam-detecting artificial immune system is undertaken here
[61]. An adaptive spam solution is implemented, which
will be able to adapt to both slow and rapid changes. The
spam immune system distinguishes between a self of legitimate e-mail (non-spam) and a non-self of spam. The central part of the system is its detectors and lymphocytes.
Detectors are regular expressions made by randomly
recombining information from a set of libraries. These regular expressions match patterns in the entire message. Digital lymphocyte consists of an antibody and two associated
weights—the cumulated weighted number of spams
matched and the messages matched. The gene library contains partial patterns used to build the full patterns used in
lymphocytes. Three libraries were tested—heuristic, which
emerged as the most accurate for classification, the
Bayesian token library and English word libraries that performed significantly worse.
In [51] the authors, specifically relating to computer
security discuss virus detection and process anomaly detection, describe several different approaches. In UNIX
processes, changes in behavior were detected through short
range correlation of process system calls, especially for root
processes. Viruses were detected through change detection
on files, as also through the use of decoys or honeypots,
which use signature-based approach and monitor decoy
programs and build signatures based on their changes. The
system is host-based, looking specifically at privileged
processes, and runs on a system that is connected to the
network. The system collects information in a training
period, which is used to define self. This information is in
the form of root user ‘sendmail’ command sequences,
which is used to construct a database of normal commands.
These commands are examined and compared with entries
in this database. A command-matching algorithm is implemented wherein new traffic is compared with the defined
behavior in the database. Intrusions are detected whenever
the level of mismatches with entries in the database rises
above a predefined level.
An automated detection and response system for identifying malicious self-propagating code and stopping its
spread has been the goal in [65]. Numerous mechanisms
were implemented, which were inspired from the differentiation states of T-cells that can be grouped into particular
status subsets that can be used to classify the types of Tcells. From these classifications, the various roles of diverse
T-cell types can be seen. Design of a new AIS model,
CARDINAL (Cooperative Automated worm Response and
Detection ImmuNe ALgorithm), is described, which has
the potential to operate as a cooperative automated worm
detection and response system. In particular, three key
properties of T-cells have been identified: T-cell proliferation to optimize the number of peer hosts polled, T-cell
differentiation to assess attack severity and certainty, and Tcell modulation and interaction to balance local and peer
information. The T-cell algorithm worked in unison with
the novel danger-theory inspired system [62]. Danger theory model appears to be useful in cyber security, as not all
abnormal events (non-self) represent attacks, rather a small
percentage of such events are of real concern. Some simple
observations can be used to trigger a chain of defensive
actions, but the challenge is clearly to define what constitutes suitable danger signals.
B. Application in Fault Detection
The field of fault diagnosis needs to accurately predict or
recover from faults occurring in plants, machines like refrigeration systems, communications like telephone systems and
transportations like Aircrafts. In [45], the approach is to use
the ‘Learning Vector Quantization’ (LVQ) to determine a
correlation between two sensors from their outputs when
they work properly. Each sensor is equated to a B-cell in an
immune network, and sensors test one another’s outputs to
see whether they are normal using the extracted correlations.
Here, reliability of the sensor is used in lieu of the similarity
to neighbors. In the field of fault diagnosis, there has also
been some interest in creating distributed diagnostic systems.
Initial work in [46] proposed a parallel-distributed diagnostic
algorithm. However, the authors likened their algorithm to
that of an immune network, due to its distributed operation,
and the systems emergent co-operative behavior between
sensors. This work was then continued [47] and active diagnostic mechanism [48] was included. Active diagnosis
The biological immune system can be
envisioned as a multilayer protection
system, where each layer provides
different types of defense mechanisms
for detection, recognition and responses.
continually monitors for consistency between the current
states of the system with respect to the normal state. Each
sensor can be equated with a B-cell, connected via the
immune network with each sensor maintaining a time-variant record of sensory reliability, thus creating a dynamic system. This work differs from the above in the way in which
the reliability of each sensor is calculated.
In an interesting work [60] involving Aircraft Fault detection, experiments were performed with datasets collected
through simulated failure conditions using NASA Ames C-17
flight simulator. Three sets of in-flight sensory information—
namely, body-axes roll rate, pitch rate and yaw rate—were
considered to detect five different simulated faults: one for
Engine, two for the Tails and two for the Wings. A real-valued negative selection algorithm, called MILD, was utilized to
detect a broad spectrum of known as well as unforeseen faults.
Once the fault was detected and identified, a direct adaptive
control system utilized the detection information to stabilize
the aircraft by utilizing available resources.
The MILD software tool implements an immunity-based
technique for anomaly and fault detection where a small
number of specialized detectors (as signatures of known failure conditions) and a set of generalized detectors for
unknown (or possible) fault conditions are. Once the fault is
detected and identified, an adaptive control system would
use this detection information to stabilize the aircraft by utilizing available resources (control surfaces). Experiments
were performed with datasets collected under normal and
various simulated failure conditions using a piloted motionbased NASA simulation facility. An Article on MILD project is available at NASA Web site.
Figure 5 illustrates the performance of the detection system
when tested with “full tail failure” data, where this type of
fault is manifested in pitch error rate (starting at the 1200th
time step). The graph also shows the number of detectors
NOVEMBER 2006 | IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE
47
activated (lower bar chart), as significant deviations in data
patterns appear. The bar chart shows the arrangement of the
detectors with increased radius.
MILD - a Fault
Detection Tool
Based on the
Negative Selection
Algorithm Inspired
by the Human
Immune System.
MILD v1.0
Detector Generation
Anomaly Detection
EXIT
Immunity-based
Fault Detection
System
MILD: Fault Detection
MILD v1.o
Detection
Result
1.5
1
Detection
Information
System Input
ALERT
SIGNAL
C:\Documents and Settings\FIT
Load Testing Data
Roll
Pitch
Yaw
Load Detectors
C:\Documents and Settings\FIT
0.5
Detectors created on:
0
20-Aug-2004 22:49:11
−0.5
−1 0
Total Number
Of Detectors:
200
400
600
Min. Radius:
800
1000
1200
0.17
1400
1600
1800
Max. Radius:
Isolation
Result
Type of
Activated Detectors:
3
Overlapping:
1
0.56
Detection Window
0
E
50
100
Sensitivity(threshold):
0
Detector_Distribution_Plot
50 %
100
Detector Distribution Plot
30
Number of Times Activated
Window Size:
103
2000
25
1
20
Detect
0.8
Restart
0.6
15
0.4
10
0.2
5
0
1
Detector Generation
EXIT
1
0
0
0.5
20
60
40
80
Ordered Detector Index
100
0.5
0 0
FIGURE 5 Illustrates the performance of the detection system when
tested with “full tail failure” data, where this type of fault is manifested in pitch error rate (starting at the 1200th time step). The graph
also shows the number of detectors activated (lower bar chart), as
significant deviations in data patterns appear. The bar chart shows
the arrangement of the detectors with increased radius.
TABLE 2
COMPUTATIONAL
PROBLEM
TYPICAL
APPLICATIONS
SELF/NON-SELF
RECOGNITION
ANOMALY OR
CHANGE
DETECTION
- COMPUTER
SECURITY
- FAULT DETECTION
IMMUNE NETWORK
THEORY AND
IMMUNE MEMORY
LEARNING
(SUPERVISED
UNSUPERVISED)
- CLASSIFICATION
- CLUSTERING
- DATA ANALYSIS
- STREAM DATAMINING
CLONAL SELECTION
SEARCH,
OPTIMIZATION
- FUNCTION
OPTIMIZATION
MOBILITY,
DISTRIBUTED
DISTRIBUTED
PROCESSING
- AGENT
ARCHITECTURES
- DECENTRALIZED
ROBOT CONTROL
INNATE IMMUNITY
DANGER THEORY
- NETWORK SECURITY
BIS ASPECT
48
IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE | NOVEMBER 2006
IV. Conclusions
The biological immune system (BIS) is a subject of great
research interest because of its powerful information processing capabilities; in particular, understanding the distributed
nature of its memory, self-tolerance and decentralized control
mechanisms from an informational perspective, and building
computational models believed to better solve many science
and engineering problems. In the recent development of the
AIS field, existing models are being studied extensively, and
new ideas from immunology are explored, such as danger
theory. This survey found that NS algorithms are widely used
compared to other AIS approaches. In a recent survey on AIS
by Garrett [42], he concluded that negative selection algorithms have a distinct process compared with other algorithms
and may be most suitable for certain applications. On the
other hand, Freitas et al. [43] pointed out that negative selection algorithms are not appropriate to be used as a general
classification method because they are a one-class
approach.However, Gonzalez [67] demonstrated that NS
algorithm can be used to generate samples for the underrepresented class (a class with a few samples). Stibor et al. raised
several possibilities that negative selection algorithms in general or certain specific models may not be appropriate [44], but
the real weakness of the method, which likely may exist, was
not satisfactorily identified. Both the relatively popular usage
of this method in diverse applications and the doubt about its
value justify a thorough review on this approach in order to
avoid existing and potential misconceptions and to facilitate its
development or evolution. Table 2 summarizes the mostly
studied models of AIS.
Despite many successes of AIS techniques, there remain
some open issues. Most importantly, the uniqueness and
usability of each model needs to be determined; as the field is
relatively new, most of the existing works have been
exploratory, and these algorithms do not scale well. Among
others, the following are some aspects that have to be
addressed in order to make the AIS a real-world problem solving technique:
❏ Improvement in the efficiency of the algorithms.
❏ Enhancement of the representation.
❏ Introduction of other immune mechanisms.
❏ Development of unified architecture that can integrate several AIS models.
References
[1] D. Bradley and A. Tyrrell, “Immunotronics: Hardware fault tolerance inspired by the
immune system,” in Proceedings of the 3rd International conference on Evoluable Systems
(ICES2000), vol. 1801. Springer-Verlag, Inc., pp.11–20, 2000.
[2] L.N. de Castro and F.J. Von Zuben, “An immunological approach to initialize feedforward
neural network weights,” in International Conference on Artificial Neural Networks and Genetic
Algorithms (ICANNGA ‘01), pp. 126–129, 2001.
[3] A. Tarakanov and D. Dasgupta, “An immunochip architecture and its emulation,” in 2002
NASA/DoD Conference on Evolvable Hardware, Alexandria, VA, USA, pp. 261–265, 2002.
[4] E. Hart and P. Ross, “Exploiting the analogy between immunology and sparse distributed
memories: A system for clustering non-stationary data,” in Proceedings of the 1st International
Conference on Artificial Immune Systems (ICARIS), pp. 49–58, Sept. 2002.
[5] C.A. Coello and N.C. Cores, “A parallel implementation of the artificial immune system to
handle constraints in genetic algorithms: Preliminary results,” in Proceedings of the 2002 Congress
on Evolutionary Computation (CEC 2002), Honolulu, p. 819824, 2002.
[6] J. Kim and P. Bentley, “Toward an artificial immune system for network intrusion detection: An investigation of dynamic clonal selection,” in Proceedings of the 2002 Congress on Evolutionary Computation (CEC 2002), Honolulu, Hawaii, pp. 1244–1252, 2002.
[7] D. Dasgupta, “Immune-based intrusion detection system: A general framework,” in Proceedings of the 22nd National Information Systems Security Conference (NISSC), 1999.
[8] D. Dasgupta, Y. Cao, and C. Yang, “An immunogenetic approach to spectra recognition,”
in Proceedings of Genetic and Evolutionary Computational Conference (GECCO 1999), vol. 1.
Orlando, Florida, USA: Morgan Kaufmann, pp. 149–155, July 13–17, 1999.
[9] P.D. Williams, K.P. Anchor, J.L. Bebo, G.H. Gunsh, and G.D. Lamont, “Cdis: Towards a
computer immune system for detecting network intrusions” Lecture notes in Computer Science,
vol. 2212, pp. 117–133, 2001.
[10] A. Tarakanov and D. Dasgupta, “A formal model of an artificial immune system,” BioSystem, vol. 55, pp. 151–158, 2000.
[11] J.I. Timmis, “Artificial immune systems: A novel data analysis technique inspired by the
immune network theory,” Ph.D. dissertation, University of Wales, Aberystwyth, UK, 2000.
[12] L.N. de Castro and F.J. Von Zuben (2000a). “The clonal selection algorithm with engineering applications,” in Proceedings of GECCO 2000, pp. 36–39, 2000.
[13] L.N. de Castro and F.J.V. Zuben, “aiNet: An artificial immune network for data analysis,”
in Data Mining: A Heuristic Approach, H.A. Abbass, R.A. Sarker, and C.S. Newton, Eds.
Idea Group Publishing, USA, pp. 231–259, March 2001.
[14] O. Nasraoui, F. Gonzalez, C. Cardona, C. Rojas, and D. Dasgupta, “A scalable artificial
immune system model for dynamic unsupervised learning,” in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2003), ser. LNCS 2723. Chicago, IL: Springer, pp.
219–230, July 2003.
[15] A. Iqbal and M.A. Maarof, “Towards danger theory based artificial APC model: Novel
metaphor for danger susceptible data codons,” in Proceedings of Third International Conference on
Artificial Immune Systems (ICARIS 2004), pp. 161–174, 2004.
[16] S. Stepney, R.E. Smith, and J. Timmis, et al., “Towards a conceptual framework for artificial immune systems,” in Proceedings of Third International Conference on Artificial Immune Systems
(ICARIS 2004), pp. 53–64, 2004.
[17] Z. Ji and D. Dasgupta, “Real-valued negative selection algorithm with variable-sized
detectors,” in LNCS 3102, Proceedings of GECCO, pp. 287–298, 2004.
[18] Z. Ji and D. Dasgupta, “Applicability issues of the real-valued negative selection algorithms,” in Genetic and Evolutionary Computation Conference (GECCO), pp. 111–118, July 8–12,
2006.
[19] J.C. Galeano, A. Veloza-Suan, and F.A. Gonzalez, “A comparative analysis of artificial
immune network models,” in GECCO 2005: Proceedings of the 2005 conference on Genetic and
evolutionary computation, Washington DC, USA: ACM 320 Press, vol. 1, pp. 361–368, June
25–29, 2005.
[20] P.S. Andrews and J. Timmis, “Inspiration for the next generation of artificial immune systems,” in ICARIS, pp. 126–138, 2005.
[21] T. Stibor, J. Timmis, and C. Eckert, “A comparative study of real-valued negative selection to statistical anomaly detection techniques,” in ICARIS, pp. 262–275, 2005.
[22] U. Aickelin and S. Cayzer, “The Danger Theory and Its Application to Artificial Immune
Systems,” In the Proceedings of 1st International Conference on Artificial Immune Systems (ICARIS),
University of Kent at Canterbury, UK, Sept. 9–11, 2002.
[23] J. Twycross and U. Aickelin, “Libtissue-Implementing Innate Immunity, In the Proceedings
of IEEE World Congress on Computational Intelligence, Vancouver, Canada, July 17–21, 2006.
[24] J. Hunt, J. Timmis, D. Cooke, M. Neal, and C. King, “Jisys: The development of an
Artificial Immune System for real world applications,” Applications of Artificial Immune Systems,
D. Dasgupta Ed., Pub. Springer-Verlag, ISBN 3-540-64390-7, pp. 157–186, 1999.
[25] S.A. Hofmeyr and S. Forrest, Architecture for an artificial immune system, Evolutionary Computation, vol. 8, no. 4, pp. 443–473, 2000.
[26] D. Dasgupta, S. Yu, and N.S. Majumdar, “MILA—multilevel immune learning
algorithm,” In Proceedings of the Genetic and Evolutionary Computation Conference (GECCO
2003), LNCS 2723, pp. 183–194, Chicago, IL, Springer, July 12–16, 2003.
[27] O. Nasraoui, F. Gonzalez, and D. Dasgupta, “The fuzzy ais: Motivations, basic concepts,
and applications to clustering and web profiling,” In IEEE International Conference on Fuzzy
Systems, pp. 711–717, Hawaii, May 12–17, 2002.
[28] A.K. Abbas and A.H. Lichtman, “Cellular and Molecular Immunology,” Saunders, 2000.
[29] N.K. Jerne, Towards a network theory of the immune system. Ann. Immunol. (Inst.
Pasteur), 125C, pp. 373–389, 1974.
[30] S. Forrest, A.S. Perelson, L. Allen, and R. Cherukuri, “Self-Nonself Discrimination in a
Computer,” In Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, Los
Alamitos, CA: IEEE Computer Society Press, 1994.
[31] J. Timmis, M. Neal, and J. Hunt, “Data analysis with artificial immune systems and cluster
analysis and kohonen networks: Some comparisons,” In Proc. of IEEE Int. Conf. Systems and
Man and Cybernetics, pp. 922–927, Tokyo, Japan. 1999.
[32] J. Timmis, M. Neal, and J. Hunt, “An Artificial Immune System for Data Analysis,” In
the Proceedings of the International Workshop on Intelligent Processing in Cells and Tissues (IPCAT),
1999.
[33] T. Knight and J. Timmis, “Assessing the performance of the resource limited artificial
immune system AINE,” Technical Report 3-01, Canterbury, Kent. CT2 7NF, May 2001.
[34] F. Gonzalez and D. Dasgupta, “An Immunogenetic Technique to Detect Anomalies in
Network Traffic,” In the Proceedings of the International Conference Genetic and Evolutionary Computation (GECCO), New York, July 9–13, 2002.
[35] Wierzchon & Kuzelewska, “Stable Clusters Formation in an Artificial Immune System,”
In 1st International Conference on Artificial Immune Systems (ICARIS), University of Kent at
Canterbury, UK, Sept. 9th–11th, 2002.
[36] Y. Cao and D. Dasgupta, “An Immunogenetic Approach in Chemical Spectrum Recognition,” Chapter 36 in the edited volume Advances in Evolutionary Computing (Ghosh &
Tsutsui, eds.), Springer-Verlag, Inc. Jan. 2003.
[37] D. Dasgupta and S. Forrest, “Novelty Detection in Time Series Data using Ideas from
Immunology,” In ISCA 5th International Conference on Intelligent Systems, Reno, Nevada, June
19–21, 1996.
[38] J. Timmis, M. Neal, and T. Knight, “AINE: Machine Learning Inspired by the Immune
System,” Published in IEEE Transactions on Evolutionary Computation, June 2002.
[39] K. Krishnakumar and J. Neidhoefer, Immunized Adaptive Critic for an Autonomous Aircraft Control Application, Chapter 20 in the book entitled Artificial Immune Systems and
Their Applications, Publisher: Springer-Verlag, Inc., pp. 221–240, Jan. 1999.
[40] P, Matzinger, “The Danger Model in Its Historical Context,” Scandinavian Journal of
Immunology, vol. 54, pp. 4–9, 2001.
[41] P. Matzinger Tolerance, “Danger and the Extended Family,” Annual Review of
Immunology, vol. 12, pp. 991–1045, 1994.
[42] S.M. Garrett, “How do we evaluate artificial immune systems?” Evolutionary Computation,
vol. 13, no. 2, pp. 145–178, 2005.
[43] A.A. Freitas and J. Timmis, “Revisiting the Foundations of Artificial Immune Systems: A
Problem-oriented Perspective,” In the Proceeding of Second International Conference on Artificial
Immune Systems (ICARIS), Napier University, Edinburgh, UK, September 1–3, 2003.
[44] T, Stibor Philipp Mohr, Jonathan Timmis, and Claudia Eckert, “Is Negative Selection
Appropriate for Anomaly Detection?” In the Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), Washington, D.C., June 25–29, 2005.
[45] H. Bersini and F. Varela, “Hints for Adaptive Problem Solving Gleaned from Immune
Network,” In Parallel Problem Solving from Nature, pp. 343–354, 1990.
[46] M. Kayama, Y. Sugita, Y. Morooka, and S. Fukuodka, “Distributed diagnosis system
combining the immune network and learning vector quantization,” Proc. of IEEE 21st International Conference on Industrial Electronics and Control and Instrumentation. Orlando, USA.
pp. 1531–1536, 1995.
[47] Y. Ishida, “Fully Distributed Diagnosis by PDP Learning Algorithm: Towards Immune
Network PDP Model,” Proc. of International Joint Conference on Neural
Networks, San Diego, pp. 777–782, 1990.
[48] Y. Ishida, “Distributed and autonomous sensing based on immune network,” Proc. of Artificial Life and Robotics, Beppu. AAAI Press, pp. 214–217, 1996.
[49] M. Neal, “Meta-Stable Memory in an Artificial Immune Network,” In the Proceedings of
Second International Conference on Artificial Immune Systems (ICARIS), Napier University,
Edinburgh, UK, Sept. 1–3, 2003.
[50] P. D’haeseleer, S. Forrest, and P. Helman, “An immunological approach to change detection: Algorithms, analysis, and implications,” In Proc. of the 1996 IEEE Symposium on Computer
Security and Privacy, IEEE Computer Society Press, Los Alamitos, CA, pp. 110–119, 1996.
[51] S. Forrest, S.A. Hofmeyr, A. Somayaji, and T.A. Longstaff, “A sense of self for Unix
processes,” In Proc. of 1996 IEEE Symposium on Computer Security and Privacy, 1996.
[52] S. Forrest, S. Hofmeyr, and A. Somayaji, “Computer Immunology,” In Communications of
the ACM, vol. 40, no. 10, pp. 88–96, 1997.
[53] A. Somayaji, S. Hofmeyr, and S. Forrest, “Principles of a Computer Immune System,”
1997 New Security Paradigms Workshop, pp. 75–82, 1998.
[54] S.A. Hofmeyr and S. Forrest, “Immunity by Design: An Artificial Immune System,” In
Proc. of 1999 GECCO Conference, 1999.
[55] S.A. Hofmeyr, A. Somayaji, and S. Forrest, “Intrusion Detection using Sequences of
System Calls,” Journal of Computer Security, vol. 6, pp. 151–180, 1998.
[56] C. Warrender, S. Forrest, and B. Pearlmutter, “Detecting intrusions using system calls:
Alternative data models 1999,” IEEE Symposium on security and Privacy (1999).
[57] J. Kim and P. Bentley, “The human Immune system and Network Intrusion Detection,”
Proc. of 7th European Congress on Intelligent techniques—Soft Computing (EUFIT’99), Aachan.
Germany, Sept. 13–19, 1999.
[58] S. Forrest and M.R. Glickman, “Revisiting LISYS: Parameters and Normal behavior,” In
the Proc. of the Special Track on Artificial Immune Systems, WCCI.-CEC. May 2002.
[59] D. Dasgupta, “Using Immunological Principles in Anomaly Detection,” In Proc. of the
Artificial Neural Networks in Engineering (ANNIE’96), St. Louis, USA, Nov. 10–13, 1996.
[60] D. Dasgupta, K. KrishnaKumar, D. Wong, and M. Berry, “Negative Selection Algorithm
for Aircraft Fault Detection.” In the Proceedings of the Third International Conference, ICARIS
2004 on Artificial Immune Systems, Catania, Sicily, Italy, Sept., 2004.
[61] T. Oda and T. White, “Immunity from Spam: An Analysis of an Artificial Immune System for Junk Email Detection,” In the Proceedings of the Fourth International Conference, ICARIS
2005 on Artificial Immune Systems, Banff, Alberta, Canada, pp. 276–289, Aug. 2005.
[62] U. Aicklen, P. Bentley, S. Cayzer, J. Kim, and J. McLeod, “Danger Theory: The link
between ais and ids,” In the proceedings of the Third International Conference, ICARIS 2003 on
Artificial Immune Systems, Edinburgh, UK, pp. 156–167, 2003.
[63] J. Balthrop, S. Forrest, and M. Glickman, “Revisiting lisys: Parameters and normal behavior,” Proceedings of the Congress on Evolutionary Computation, pp. 1045–1050, 2002.
[64] S. Hofmeyr, An immunological model of distributed detection and its application to computer security, PhD thesis, University of New Mexico, 1999.
[65] J. Kim and W.O. Wilson, “Uwe Aickelin, and Julie McLeod,” Cooperative Automated Worm Response and Detection ImmuNe ALgorithm (CARDINAL) Inspired by
T-cell Immunity and Tolerance. In the proceedings of the Fourth International Conference,
ICARIS 2005 on Artificial Immune Systems, Banff, Alberta, Canada, pp. 168–181, Aug.
2005.
[66] S.A. Hofmeyr and S. Forrest, “Architecture for an artificial immune system,” Evolutionary
Computation, vol. 8, no. 4, pp. 443–473, 2000.
[67] F. González, D. Dasgupta, and R. Kozma, “Combining negative selection and classification techniques for anomaly detection,” In Proceedings of the 2002 Congress on Evolutionary Computation CEC2002, pp. 705–710.
NOVEMBER 2006 | IEEE COMPUTATIONAL INTELLIGENCE MAGAZINE
49