Abstract:

Natural immune system (NIS) provides a rich source of inspiration for computer security in the age of the Internet. The artificial immune system (AIS) is one of the promising techniques that seek to capture some aspects of the natural immune system. Meanwhile, the self-organizing map technique (SOM) performed the best, among some unsupervised learning techniques, for clustering of input data. For this reason, the paper presents a comparative anomaly detection test for both techniques, based on unsupervised learning and evolutionary computation. The international DARPA data set is used to train and test the feasibility of the two techniques. Experimental results show that AIS records a good detection rate comparable to that of SOM (95%:97%). However, AIS outperforms SOM with its low false alarm rate (1%:4%). Moreover, the anomaly detection function generated by the AIS technique is relatively smoother. This represents a clear advantage as it is stable and less sensitive to changes on threshold.