A secondary immune response based on co-evolutive populations of agents for anomaly detection and characterization
This work addresses anomaly detection in unknown environments, likely for cybersecurity or monitoring applications, but it appears incremental as it builds directly on an existing ABS model.
The researchers tackled anomaly detection by enhancing an existing Artificial Bioindicators System (ABS) model with elements from Artificial Immune Systems (AIS) to create R-ABS, which showed improved performance, particularly in faster detection times, when tested on the DARPA'98 dataset and an additional custom dataset.
The detection of anomalies in unknown environments is a problem that has been approached from different perspectives with variable results. Artificial Immune Systems (AIS) present particularly advantageous characteristics for the detection of such anomalies. This research is based on an existing detector model, named Artificial Bioindicators System (ABS) which identifies and solves its main weaknesses. An ABS based anomaly classifier model is presented, incorporating elements of the AIS. In this way, a new model (R-ABS) is developed which includes the advantageous capabilities of an ABS plus the reactive capabilities of an AIS to overcome its weaknesses and disadvantages. The RABS model was tested using the well-known DARPA'98 dataset, plus a dataset built to carry out a greater number of experiments. The performance of the RABS model was compared to the performance of the ABS model based on classical sensitivity and specificity metrics, plus a response time metric to illustrate the rapid response of R-ABS relative to ABS. The results showed a better performance of R-ABS, especially in terms of detection time.