Open AccessThis article is
- freely available
An Immunity-Based Anomaly Detection System with Sensor Agents
Department of Information Network and Communication, Kanagawa Institute of Technology/1030, Shimo-ogino, Atsugi, Kanagawa 243-0292, Japan
Department of Knowledge-Based Information Engineering, Toyohashi University of Technology/1-1, Tempaku, Toyohashi, Aichi 441-8580, Japan
* Author to whom correspondence should be addressed.
Received: 30 June 2009; in revised form: 5 November 2009 / Accepted: 9 November 2009 / Published: 18 November 2009
Abstract: This paper proposes an immunity-based anomaly detection system with sensor agents based on the specificity and diversity of the immune system. Each agent is specialized to react to the behavior of a specific user. Multiple diverse agents decide whether the behavior is normal or abnormal. Conventional systems have used only a single sensor to detect anomalies, while the immunity-based system makes use of multiple sensors, which leads to improvements in detection accuracy. In addition, we propose an evaluation framework for the anomaly detection system, which is capable of evaluating the differences in detection accuracy between internal and external anomalies. This paper focuses on anomaly detection in user’s command sequences on UNIX-like systems. In experiments, the immunity-based system outperformed some of the best conventional systems.
Keywords: immunity-based system; anomaly detection; intrusion detection; sensor agent; hidden Markov model; receiver operating characteristics
Citations to this Article
Cite This Article
MDPI and ACS Style
Okamoto, T.; Ishida, Y. An Immunity-Based Anomaly Detection System with Sensor Agents. Sensors 2009, 9, 9175-9195.
Okamoto T, Ishida Y. An Immunity-Based Anomaly Detection System with Sensor Agents. Sensors. 2009; 9(11):9175-9195.
Okamoto, Takeshi; Ishida, Yoshiteru. 2009. "An Immunity-Based Anomaly Detection System with Sensor Agents." Sensors 9, no. 11: 9175-9195.