Download T 2

INFORMATION SECURITY WITH FORMAL
IMMUNE NETWORKS
Alexander O. Tarakanov
Russian Academy of Sciences
St. Petersburg Institute for Informatics and Automation
14-line, 39, St.Petersburg, 199178, Russia
[email protected]
Abstract. We propose a biological approach to information security based on a
rigorous mathematical notion of formal immune network. According to our
previous developments, such networks possess all the main capabilities of
artificial intelligence system, and could be considered as an alternative to the
wide spread artificial neural networks or intelligent agents. We consider also
the main distinctions of our approach from the modern information security by
agent-based modeling and artificial immune systems.
1 Introduction
Nowadays the natural immune system is treated by specialists as “the second brain of
vertebrates'' [3]. In fact, the immune system possesses all the main features of
Artificial Intelligence (AI) systems: memory, ability to learn, to recognize and to
make decision how to treat any macromolecule (antigen) even if the latter has never
existed before on the Earth. Of especial interest for computer science is the
widespread theory of immune networks, formed by the interactions between specific
proteins (antibodies) of the immune system. The existence of such networks is
established now beyond all doubts, because their fragments and interactions have
been detected experimentally by molecular immunology. It is worth to note that
almost the similar networks under the name of molecular circuits have been even
proposed as a possible molecular basis of neuronal memory in the human brain [1].
Based on biological principles of immune system, there arises a new and rapidly
growing field of Artificial Immune Systems (AIS), offering powerful and robust
information processing capabilities for solving complex problems [4]. Like Artificial
Neural Networks (ANN), AIS can learn new information, recall previously learned
information, and perform pattern recognition in a highly decentralized fashion. AIS
have already been applied in several specific problems, including information
security, faults detection, vaccine design, control of robots, data mining, etc.
Among these applications, information security becomes increasingly important
for everyday life. The matter is that the growing scale of computer networks and
sophisticated software codes make them more and more vulnerable to alien intrusions,
such as computer viruses, non-authorized access, intentional corruption, etc. Such
intrusions could cause rather serious failures of computer-based information and
control systems. The example of the well-known Y2K problem shows how deeply
such failures could affect our society.
In the same time, currently used computer security systems show insufficient
speed, reliability, flexibility and modularity to satisfy the modern requirements [11].
That is why AIS seem to be the most perspective way to accept the challenge of
modern information security on the basis of the highly appropriate biological
prototype.
In fact, computer viruses could be inferenced from J.von Neumann's studies of
self-replicating mathematical automata in the 1940s. Although the idea of programs
that could infect computers dates to the 1970s, the analogy between information
security and biological processes was recognized in 1987, when the term "computer
virus" was introduced by Adelman [7]. The idea of using immunological principles in
information security started since 1994 when S.Forrest and her team have been
working on a research project with a long-term goal to build AIS for computers.
Nowadays several of such AIS are being under development, but all of them represent
a set of heuristic algorithms, using ideas from genetic algorithms, ANN, agent-based
modeling, etc.
However, there exists a strong need for a proper mathematical basis of AIS in
general, and, especially, of AIS designed for information security. The problem is
caused by very specific objects and interactions of immune networks, which differ
remarkably from any of genetic algorithm, cellular automata, ANN, or intelligent
agent. On the other hand, such mathematical basis could raise AIS up to the level of
the widely spread ANN, and even allow to speak about hardware implementation of
AIS in a new kind of computer – immunocomputer [15].
Thus, our paper is intended to fulfill the existing gap. Our general goal is a
rigorous mathematical basis of immune networks intended for information security
assurance. This goal can be accomplished by developing the novel mathematical
notion of formal immune network [15] and its application to the field of information
security. We consider also main distinctions of immune networks from modern
information security approaches by agent-based modeling and AIS.
2 Modern Information Security with AIS
Though there are many security-related products and technologies, yet there exist no
detection system that can catch all types of different violations in networked computer
systems and the potential threats and vulnerabilities remain intractable. An influx of
new approaches is needed to enhance security measures. Researches have been
exploring various AI-based approaches for intrusion detection. Among them agentbased modeling seems to become more and more promising, because Internet evolves
towards an open, free-market information economy of automated agents buying and
selling a rich variety of goods and services. Over time, agents will progress naturally
from being mere facilitators of electronic commerce transactions to being financial
decision-makers in their own right. Ultimately, inter-agent economic transactions may
become an inseparable and perhaps dominant portion of the world economy.
Thus, in the agent-based systems, humans delegate some of their decision-making
processes to programs that are in some sense intelligent, mobile, or both. "Intelligent"
agents have reasoning capabilities, e.g., rule-based inferencing, probabilistic decision
analysis, and/or learning. For example, an agent-based model of information security
system is proposed in [8] based on ontology (a network with a sense of existence)
where agents solve, jointly, the entire multitude of tasks of information security. The
model introduces intelligent meta-agents that solve management and coordination of
decisions of the subordinate security agents.
Such approach to information security, as well as any other, has its strength and
weaknesses in real world applications. The matter is that the intent of information
security system is to provide the least amount of impact to the network performance.
But securing of a network by filling it with complicated intelligent agents and
ontology hardly corresponds to the intent. Moreover, any intelligent coordinating
center, such as meta-agent, becomes the most vulnerable object of the network itself.
Fortunately, we have the natural immune system, which solves the similar
problems, but in the way that is radically different from those of traditional
information security. The immune system involves many unreliable, short-lived, and
imperfect components (mainly B- and T-cells), which circulate at various primary and
secondary lymphoid organs of the body. There is no central organ or "meta-agent" that
controls the functions of the immune system. The system is autonomous and selfregulatory by nature. It is not "correct", because it sometimes makes mistakes.
However, in spite of these mistakes, it functions well enough to help keep most us
alive for many years, even though we encounter potentially deadly parasites, bacteria,
and viruses every day.
Up to date, related works on the field of immune-based information security are
concentrated on isolated ideas and mechanisms of the immune system (e.g. negative
selection algorithm [7]). But now there is a larger vision in terms of a set of
organizing principles and possible architectures for implementation.
For example, the work [5] focuses on the investigating of immunological principles
in designing a multi-agent system for intrusion/anomaly detection and response in
networked computers. In this approach, the immunity-based agents roam around the
machines (nodes or routers), and monitor the situation in the network (i.e. look for
changes such as malfunctions, faults, abnormalities, misuse, intrusions, etc.).
The types of agents and the scope of each agent type are considered to be similar in
function and purpose as that of immune cells: monitoring agents (correspond to Bcells), communicator agents (correspond to proteins secreted from T-cells to stimulate
B-cells and antibodies), decision/action agents (correspond to helper-, killer-, and
suppressor cells). The immune agents can simultaneously monitor networked
computer's activities at different levels (such as user level, system level, process level
and packet level) in order to determine intrusions and anomalies. They can mutually
recognize each other's activities, learn and adapt to their environment dynamically,
and detect both known and unknown intrusions.
The above example shows how fruitful it could be to translate the structure of the
human immune system into information security. However, several biological
solutions could not be directly applicable to our computers because of the serious
differences in basic elements and mode of functioning. We also have a risk to
overlook non-biological solutions that are more appropriate. So the success of the
analogy will be ultimately based on our ability to identify the correct level of
abstraction, preserving what is essential from an information security perspective and
discarding what is not.
Therefore, we propose another level of abstraction where the core consists in a
proper mathematical basis of immune networks. Our approach is somewhat analogous
to the proper mathematical basis of neural networks, abstracted from the features of
their biological prototype and leading to the wide spreading of the ANN [19].
3 Mathematical Basis of Information Security
Immunologists traditionally describe the problem solved by the immune system as the
problem of distinguishing "self" from dangerous "other" (or "nonself") and
eliminating other [3]. Self is taken to be the internal cells and molecules of the body,
and nonself is any foreign material, particularly bacteria, parasites, and viruses, as
well as degenerated self-cells. Distinguishing between self and nonself in natural
immune systems is difficult for several reasons. But the main reason is that the
components of the body are constructed from the same basic building blocks as
nonself, particularly proteins. Proteins are important constituent of all cells, and the
immune system processes them in various ways, including the processing in
fragments called peptides, which are short sequences of amino acids.
The problem of protecting computer systems from malicious intrusions can
similarly be viewed as the problem of distinguishing self from nonself. In this case
nonself might be an unauthorized user, foreign code in the form of a computer virus
or worm, unanticipated code in the form of a Trojan horse, or corrupted data, etc. In
principle, information security could be completely specified based on the abstract
representation of self and nonself as sets of bit strings, at that designated even as
"proteins" and "peptides"[7].
For example, "protein" could be a sequence of viral bytes in a legitimate program,
or a "signature" of computer virus. To preserve generality, in [9] it has been proposed
to represent both the protected system (self) and infectious agents (nonself) as
dynamically changing sets of bit strings, because in cells of the body the profile of
expressed proteins (self) changes over time. In [7] "peptide" for a computer system is
defined in terms of short sequences of system calls executed by privileged processes
in a networked operating system. Preliminary experiments on a limited testbed of
intrusions and other anomalous behavior show that short sequences of system calls
(currently sequences of length 6) provide a compact signature for self that
distinguishes normal from abnormal behavior. By this analogy proteins can be
thought of as "the running code" of the body while peptides serve as indicators of its
behavior [7].
More generally, from the viewpoint of computer science we can consider that
natural proteins (and peptides) realize main functions of information processing and
information security in the whole living Nature. In fact, namely the proteins recognize
and execute programs (instructions) represented in the form of genetic code. Being
the neuromediators and the receptors of neurons proteins control the electrical activity
of the brain. Proteins also can be considered as the main components of the immune
system: receptors of B-cells and T-cells, antibodies and messengers (factors,
limphokynes). Apparently, proteins should play the key role both for immune and
intellectual processes.
In spite of exceptional complexity of proteins' behavior there exist convincing
evidence for the following principles:
 function of any protein depends on its spatial conformation;
 this conformation, in its own turn, is determined by the linear sequence (word) of
amino acid’s code of given protein.
Based on the above postulates a mathematical notion of formal protein, or formal
peptide (FP), has been introduced in [14]. This notion abstracts a biophysical
principle of the free energy dependence over the space conformation of protein's
chain. According to [15], the model of FP demonstrates such important features of
protein, as a self-organized reaching of stable state (self-assembly, or folding), and its
dependence from the number and the order (non-commutativity) of the links.
The main condition for a protein to function is its binding with another protein (or
molecule). Such binding is highly specific (selective), because it depends like "key
and lock" on the existence of highly adjusted local shapes of interacting proteins. The
proposed model also permits to determine in a natural way the free energy of
interaction between FPs as a binding energy. As a result of interaction, a binding
(recognizing) of FPs occurs, if binding energy is lower than some threshold;
otherwise FPs do not bind.
As a result of binding, protein can change its spatial shape (the so-called allosteric
effect). Furthermore, by this effect protein can receive an ability to bind with such
molecule (antigen, antibody, messenger, transmitter, etc.), which it couldn't bind
before. Thus, new proteins are able to become involved in such process of subsequent
binding, forming networks of binding (or molecular circuits). Based on this fact we
have introduced the notion of (formal) network of binding, which implies any
subsequence of binding between FPs with allosteric effects.
For the modeling properties of immune networks we have supplied the networks of
binding with the models of reproduction and death of cells. For this purpose we have
introduced a notion of formal B-cell and defined a formal immune network (FIN) as a
network of bindings, which includes B-cells [15]. Unlike cellular automata or
artificial neural networks, with fixed elements and connections, FIN's elements (Bcells and FPs) are allowed to displace and to bind freely with each other.
Namely, formal B-cell is a 4-tuple
B = < P, Ip, Is, Im > ,
which includes formal protein P as a cell receptor, receptor state indicator Ip, cell
state indicator Is, and mutation indicator Im. A behavior of the B-cell is defined by
the following conditions:
1. B-cell can be only in the states Is = {0, 1, 2};
2. State Is = 0 corresponds to death when B-cell is destroyed;
3. State Is = 1 corresponds to recognition when B-cell possesses the abilities of its
receptor P;
4. Is = 2 corresponds to reproduction when B-cell is divided to the two copies with
the cell states Is = 1 and the receptor states determined by the Im;
5. Transition from the state Ir=1 to the state Ir=2 occurs only as a result of binding
between FPs.
For example, consider the simplest variant of FIN - an one-dimensional integervalued network 1DN(n, nh), which is defined by the following conditions:
1. Ip = {0, 1,..., n-1} for every B-cell. Accordingly, designate the states of receptors
as P(0), P(1), ... , P(n-1), and cell states as B(0), B(1), ... , B(n-1);
2. An integer-valued threshold of binding nh is given;
3. Energy of interaction between FPs is defined by the formula
w(P(i), P(j)) = min { (i-j)mod(n), (j-i)mod(n) } .
4. B-cells form one-dimensional sequence (population) without gaps, with beginning
(left) and ending (right);
5. If cell B(j) reproduces, then one of its copy remains on the former place, and the
other copy is added to the end of the population;
6. If cell B(j) dies, then the other cells shift to the left and fill the gap.
We have introduced and studied two kinds of 1DN: the so-called AB-networks and
BB-networks.
AB-network AB(n, nh) is defined as such 1DN, which possesses, apart from Bcells, also free FPs (antigens) of the n sorts: A(0), A(1), ... , A(n-1), with the
following rules of displacement and interaction:
1. Population of antigens is displaced over the population of B-cells so, that to every
B-cell no more than one antigen is corresponding.
2. Interaction is allowed only for the B-cell and the antigen over it.
3. B-cell dies, if there is no antigen over it, or if w > nh .
4. If w = 0 , then B-cell makes two precise copies of itself (without mutations).
5. If 0 < w  nh , then B-cell makes two copies of its nearest sorts (with mutations).
6. The interaction brings no influence on the antigen.
7. Interactions are realized consequently from left to right.
8. When the end of population is achieved, interactions continue from the beginning.
The following result has been proved for such networks:
Theorem 1.
If all antigens in a AB(n, nh) network are of the same sort, and at least one B-cell
binds an antigen, then after a finite number of steps, for every antigen a matching Bcell will correspond.
This result affirms, that even the simplest variant of FIN shows the mechanisms,
by which FPs (antigens) control reproduction and death of B-cells. Besides, we have
determined the conditions of arising and supporting of formal immune response,
which implies the B-cells' intention for acceptation of antigen's sort [15].
We have studied also a case, when several sorts of B-cell are generated and stored
by interactions between B-cells themselves, in the absence of any antigen. For this
purpose we have defined a notion of BB-network BB(n, nh), as 1DN with population
of B-cells satisfying to the following rules:
1. Interactions are allowed only between the neighboring B-cells with the numbers
2k-1, 2k , where k = 1,2, ... , is a number of the pair of B-cells;
2. If the last B-cell in population is odd (without pair) then it dies;
3. If w > nh , then the second B-cell in the pair dies and its place remains free;
4. If 0 < w  nh , then the second B-cell in the pair reproduces with mutations, where
the first copy remains at the former place, and the second copy is delayed;
5. After all pairs of the population have interacted once, B-cells are shifted to the left
for filling gaps remaining from the died cells;
6. Then the delayed copies are added to the end of the population in the increasing
order of their numbers.
Theorem 2.
For any initial population of any BB(n, nh) network only one of the three regimes is
possible: 1) death of all B-cells, 2) unlimited reproduction of B-cells, and 3) cyclic
reproduction of the initial population (formal immune memory).
Theorem 3.
For any n there exists such threshold nh that at least one cyclic regime is possible in
BB(n, nh) network.
In fact, there exists a number of cyclic regimes with several periods and
dimensions of populations, including those, where the number of B-cells changes
from population to population. Namely such regimes of FIN represent a mathematical
model of self-maintaining immune memory, where several sorts of B-cell are
generated and stored by interactions between B-cells themselves, in the absence of
any external antigen [17].
The obtained results show that even the simplest variants of FIN demonstrate such
important effects, as:
 immune response under the control of antigen;
 immune memory and generation of a new immune repertoire in the absence of
outer antigen by means of the cyclic regimes of FIN.
We have introduced also a notion of formal T-cell, which synthesizes FP of the
definite type when all receptors of the T-cell become bound by FPs. It has been
shown also in [15], that a special set of such T-cells, called T-FIN, is equivalent to an
inference engine for problem solving and decisions making.
In general, according to biological prototypes, the principal difference between the
mathematical models of immune networks and the models of neural networks is
determined by functions of their basic elements. If artificial neuron is considered as a
summation with a threshold, then FP as the basic element of FIN ensures selfassembly (folding) of its stable states, as well as a free binding with any other
element, as a function of their reciprocal states. Namely on the base of such
interaction between FPs we have developed the mathematical concept of FIN.
Theorems 1-3 demonstrate rigorously, that even the simplest variants of FIN possess
the intrinsic properties of immune memory and immune response.
4 Information Security with FIN
Consider an arbitrary column vector X = [ x1 ... xn ]T where upper case "T" is a symbol
of transposing and components x1,..., xn are real values and/or integers. Let such
vector represent a set of information security indicators. For example, it can be a bit
string of a legitimate program, a signature of computer virus, a coded sequence of
system calls, statistics of current activity of the network, etc. Consider a space {X} of
such indicators, partitioned to k subspaces (classes) {X} 1,...,{X}k . For example, k =
2, where {X}1 is normal behavior and {X}2 is "infection". Then, having a concrete
vector X, the task consists in determining it's class c = {X} c where c=1,...,k . Thus the
problem is reduced to the well-known pattern recognition.
The main feature of the FIN approach to pattern recognition consists in treating an
arbitrary pattern as a way of setting the binding energy between FPs [14]. The idea
follows from the principles of associative recognition of antigen by proteins
(antibodies and cells' receptors) of the natural immune system [3].
A mathematical basis of the approach was considered in a rather detailed way in
our previous works [10, 15]. It is based essentially on the properties of Singular Value
Decomposition (SVD) of an arbitrary matrix over the field of real numbers.
According to the approach the task of pattern recognition is solved as follows.
4.1 Supervised Learning
4.1.1 Folding vectors to matrices
Fold vector X of dimension n1 to a matrix A of dimension ni nj=n. It has been
shown strictly in [10], that such folding increases the specificity of recognition.
4.1.2 Learning
Form matrices A1,...,Ak for all classes 1,...,k , and compute singular vectors of the
matrices by the SVD:
{X1,Y1} – for A1 , ... , {Xk,Yk} – for Ak .
4.1.3 Recognition
Compute k values of binding energy for every input pattern A:
w1 = – X1TAY1 , ... , wk = – XkTAYk .
Determine the class to be found by the minimal value of the energy:
c : w c  min {w1 ,..., w k } .
c
4.2 Unsupervised Learning
Consider the matrix A = [ X1 ... Xm ] of dimension nm formed by m input vectors.
Compute the SVD of this matrix:
 w11 
 w21 
T
T


A  s1 ... Y1  s 2  ...  Y2  ... ,
 w1 
 w2 
 n
 n
(1)
where s1, s2 are the first two singular values, and Y1, Y2 are right singular vectors.
According to [10], there exists a rigorous correspondence between vectors and FPs.
Thus, consider two FPs: {FP1, FP2} as antibodies, which correspond to the vectors
Y1, Y2 . Consider also n FPs: {FP1,..., FPn}, which correspond to the strings of the
matrix A . Then every string Ai , which represents the values of the indicator number
i: i = 1, ... , n , is mapped to the two values {w1i, w2i} of binding energy between FPi
and antibodies :
w1i = w(FP1, FPi), w2i = w(FP2, FPi).
Therefore, every vector with n components can be represented and viewed as a
point in two-dimensional space of binding energies {w1, w2}. This plane could be
treated also as a shape space of FIN, according to [6]. Such representation of initial
data allows to classify vectors in a rigorous and visual way.
The results obtained in [10, 15] show, that this approach to pattern recognition is
rather effective. It is able to give fine classification and sharply focus attention on the
most dangerous situations. It is worth to note also, that the approach was successfully
used for processing indicators of the natural infections. Namely, it has allowed to
detect nontrivial similarities in the dynamics of infectional morbidity and to predict a
risk of the plague epizooty.
According to [9], information security is supposed to address five issues:
confidentiality, integrity, availability, accountability, and correctness. In the immune
system, however, there is really only one important issue, survival, which can be
thought as a combination of integrity and availability. Likewise, the immune system
is not concerned with protecting secrets, privacy, or other issues of confidentiality.
This is probably the most important limitation of the analogy, and one that we should
keep in mind when thinking about how to apply our knowledge of immunology to
problems of computer security.
Nevertheless, being a mathematical abstraction, FIN could be also applied to the
other issues of information security. Consider, for example, data hiding and
encryption.
According to [2], data hiding, a form of steganography, embeds data into digital
media for the purpose of identification, annotation and copyright. It represents a class
of processes used to embed data, such as copyright information, into various forms of
media such as image, audio, or text with a minimum amount of perceivable
degradation to the "host" signal; i.e., the embedded data should be invisible and
inaudible to a human observer. Note that data hiding, while similar to compression, is
distinct from encryption. Its goal is not to restrict or regulate access to the host signal,
but rather to ensure that embedded data remain inviolate and recoverable.
Let an arbitrary matrix A represent the initial data array. It could be an image, a
folded audio signal, etc. Consider the SVD of the matrix in the form (1). Let us add to
this sum a FP in the form sr+1Wr+1YTr+1 , where r is a rank of the matrix, WTr+1Wr+1 =
YTr+1Yr+1 = 1, sr > sr+1 , and sr is a minimal singular value of the matrix. According to
the mathematical properties of SVD, such FP only slightly disturbs the matrix.
Although such disturbance is invisible or inaudible to a human observer, the presence
of the "hidden" FP can be surely detected in the shape space of FIN. So FIN functions
like the natural immune system, which verifies identity by the presence of peptides, or
protein fragments.
Consider now data encryption. In modern cryptography, the secret of keeping
encrypted information is based upon a widely known algorithm and a string of
numbers that is kept secret called a key. The key is used as a parameter to the
algorithm to encrypt and decrypt the data. Decryption with the key is simple, but
without the key is very difficult and in some cases nearly impossible. Therefore the
"fundamental rule of cryptography" is that both sides of the message transfer know
the method of encryption used [13].
As an example of encryption, consider a BB(n,nh) network from the previous
section. According to Theorem 3, such network possesses a cyclic regime for any n .
Specifically, in the network BB(10,2) for any sort i = 0, ... , 9 of B-cells the following
populations repeating with the period 4 :
(i+2) (i) (i-2) (i) .
For example,
1979  187800  1770991  17980  1979  … .
Consider now the numbers {10, 2} as a key, which define the network BB(10,2).
Then the string 1979 could encrypt the string 1770991. Knowing the key, the data
could be decrypted, say, as the string of the maximal length, generated by the network
BB(10,2) from the given string 1979. Although the example seems rather simple, it
shows the principal possibility of using FIN in cryptography.
5 Conclusion
The developing of the FIN theory has already appeared to be useful in solving a
number of important real world tasks, including detection dangerous ballistic
situations in near-Earth space, complex evaluation of ecological and medical
indicators in Russia, and prediction danger by space-time dynamics of the plague
infection in Central Asia [10, 15, 18]. In addition, FIN could be successfully applied
for synchronization of events in computer networks [15] and even for online virtual
clothing in Internet [16].
The obtained results show, that FIN is rather powerful, robust and flexible
approach to pattern recognition, problem solving, and modeling of natural systems
dynamics. Thus, FIN could be effectively applied also for information security
assurance. An advantage of FIN in this field could be seen as a sharp and surely
focusing attention on the most dangerous situations, especially in the cases that are
beyond the power of traditional statistics or AI (e.g. see [18]).
Therefore, we should like to highlight three features, which determine perspectives
of FIN approach to information security:
 highly appropriate biological prototype of immune networks;
 rigorous mathematical basis of FIN;
 possibility of hardware implementation of FIN by special immune chips.
It is worth to note, that the theory of FIN gives a mathematical basis for developing
special immune chips proposed to be called also as immunocomputers (IC). Besides,
the properties of the biological immune networks admit to hope, that IC would be able
to overcome the main deficiencies that block the wide application of neurocomputers
[19] in those fields, where a cost of a single error could be too high. An important
example of such field gives us information security. Thus, IC could raise the
information security issues to a new level of reliability, flexibility and operating
speed.
Acknowledgement
This work is supported by the EU in the frame of the project IST-2000-26016
"Immunocomputing".
References
1. Agnati, L.F.: Human brain in science and culture (in Italian). Casa Editrice Ambrociana,
Milano (1998)
2. Bender, W., Gruhl, D., Morimoto, N., Lu A.: Techniques for data hiding. IBM Systems J.
Vol. 35, 3-4 (1996) 313-336
3. Coutinho, A.: Immunology: the heritage of the past. Letters of the L.Pasteur Institute of Paris
(in French). 8 (1994) 26-29
4. Dasgupta, D. (ed.): Artificial immune systems and their applications. Springer-Verlag, Berlin
Heidelberg New York (1999)
5. Dasgupta, D.: Immunity based intrusion detection system: a general framework. In: Proc. of
the 22th National Information Security Conference. Arlington, Virginia, USA (1999)
6. DeBoer, R.J., Segel, L.A., Perelson, A.S.: Pattern formation in one and two-dimensional
shape space models of the immune system. J. Theoret. Biol. 155 (1992) 295-333
7. Forrest, S., Hofmeyer, S., Somayaji, A.: Computer immunology. Communication of the
ACM, Vol. 40, 10 (1997) 88-96
8. Gorodetsky, V.I., Kotenko, I.V., Popyack, L.J., Skormin, V.A.: Agent based model of
information security system: architecture and framework for behavoir coordination. In: Proc.
of the 1st Int. Workshop of Central and Eastern Europe on Multi-Agent Systems
(CEEMAS’99). St.Petersburg, Russia, (1999) 323-331
9. Hofmeyr, S., Forrest, S.: Immunity by design: an artificial immune system. In: Proc. of the
Genetic and Evolutionary Computation Conference (GECCO-99). (1999) 1289-1296
10. Kuznetsov, V.I., Milyaev, V.B., Tarakanov, A.O.: Mathematical basis of complex
ecological evaluation. St.Petersburg University Press (1999)
11. Scormin, V.A., Delgado-Frias, J.G.: Biological Approach to System Information Security
(BASIS), A White Paper. Air Force Research Lab., Rome, NY (2000)
12. Somayaji, A., Hofmeyr, S., Forrest, S.: Principles of a computer immune system. In: New
Security Paradigms Workshop, ACM (1998) 75-82
13. Tannenbaum, A.S.: Computer networks. 3rd edn. Prentice Hall (1996)
14. Tarakanov, A.O.: Mathematical models of biomolecular information processing: formal
peptide instead of formal neuron (in Russian). In: Problems of Informatization J. 1 (1998)
46-51
15. Tarakanov, A.: Formal peptide as a basic agent of immune networks: from natural
prototype to mathematical theory and applications. In: Proc. of the 1st Int. Workshop of
Central and Eastern Europe on Multi-Agent Systems (CEEMAS’99). St.Petersburg, Russia
(1999) 281-292
16. Tarakanov, A., Adamatzky, A.: Virtual clothing in hybrid cellular automata. (2000)
http://www.ias.uwe.ac.uk/~a-adamat/clothing/cloth_06.htm
17. Tarakanov, A., Dasgupta, D.: A formal model of an artificial immune system. In:
BioSystems J. Vol. 55, 1-3 (2000) 151-158
18. Tarakanov, A., Sokolova, S., Abramov, B., Aikimbayev, A.: Immunocomputing of the
natural plague foci. In: Proc. of Int. Genetic and Evolutionary Computation Conference
(GECCO-2000), Workshop on Artificial Immune Systems. Las Vegas, USA (2000) 38-39
19. Wasserman, P.: Neural computing. Theory and practice. Van Nostrand Reihold, New York
(1990)