Home > Published Issues > 2012 > Volume 3, No. 3, August 2012 >

Artificial Immune Network Clustering Approach for Anomaly Intrusion Detection

Murad Abdo Rassam1 and Mohd. Aizaini Maarof2
1. Universiti Teknologi Malaysia, Faculty of Computer Science and Information Systems, 81310, Skudai, Johor, Malaysia
2. Universiti Teknologi Malaysia, Faculty of Computer Science and Information Systems, 81310, Skudai, Johor, Malaysia.

Abstract—Many Intrusion Detection approaches (IDS) have been developed in the literature. Signature based approaches for anomaly detection need to be updated with the latest signatures of unknown attacks and hence being impractical. Anomaly based approaches on the other hand, suffer from high false alarms as well as low detection rates and need labeled dataset to construct the detection profile. In fact this kind of labeled dataset cannot be obtained easily. In this paper, we investigate the application of bio-inspired clustering approach, named Artificial Immune Network, for clustering attacks for intrusion detection systems. To reduce the dimension of the DARPA KDD Cup 1999 dataset, Rough Set method was applied to get the most significant features of the dataset. Then the Artificial Immune Network clustering algorithm, aiNet, has been applied on the reduced dataset. The results show that detection rate was enhanced when most significant features were used instead of the whole features. In addition, it shows that, Artificial Immune Network is robust in detecting novel attacks.

Index Terms—IDS, Feature Reduction, Artificial Immune Network, Clustering

Cite: Murad Abdo Rassam and Mohd. Aizaini Maarof, "Artificial Immune Network Clustering approach for Anomaly Intrusion Detection," Journal of Advances in Information Technology, Vol. 3, No. 3, pp. 147-154, August, 2012.doi:10.4304/jait.3.3.147-154