1 / 65

An Introduction to Artificial Immune Systems

An Introduction to Artificial Immune Systems. ES2001 Cambridge. December 2001. Dr. Jonathan Timmis Computing Laboratory University of Kent at Canterbury CT2 7NF. UK. J.Timmis@ukc.ac.uk http:/www.cs.ukc.ac.uk/people/staff/jt6. Overview of Tutorial. What are we going to do?: First Half:

mgriffith
Télécharger la présentation

An Introduction to Artificial Immune Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Introduction to Artificial Immune Systems ES2001 Cambridge. December 2001. Dr. Jonathan Timmis Computing Laboratory University of Kent at Canterbury CT2 7NF. UK. J.Timmis@ukc.ac.uk http:/www.cs.ukc.ac.uk/people/staff/jt6

  2. Overview of Tutorial • What are we going to do?: • First Half: • Describe what is an AIS • Why bother with the immune system? • Be familiar with relevant immunology • Second Half: • Appreciation of were AIS are used • Be familiar with the building blocks of AIS • Resources

  3. Immune metaphors Other areas Idea! Idea ‘ Artificial Immune Systems Immune System

  4. Why the Immune System? • Recognition • Anomaly detection • Noise tolerance • Robustness • Feature extraction • Diversity • Reinforcement learning • Memory • Distributed • Multi-layered • Adaptive

  5. Artificial Immune Systems • AIS are computational systems inspired by theoretical immunology and observed immune functions, principles and models, which are applied to complex problem domains (de Castro & Timmis, 2001)

  6. Some History • Developed from the field of theoretical immunology in the mid 1980’s. • Suggested we ‘might look’ at the IS • 1990 – Bersini first use of immune algos to solve problems • Forrest et al – Computer Security mid 1990’s • Hunt et al, mid 1990’s – Machine learning

  7. Scope of AIS • Fault and anomaly detection • Data Mining (machine learning, Pattern recognition) • Agent based systems • Scheduling • Autonomous control • Optimisation • Robotics • Security of information systems

  8. Part I – Basic Immunology

  9. Role of the Immune System • Protect our bodies from infection • Primary immune response • Launch a response to invading pathogens • Secondary immune response • Remember past encounters • Faster response the second time around

  10. How does it work?

  11. Where is it?

  12. Multiple layers of the immune system

  13. Immune Pattern Recognition • The immune recognition is based on the complementarity between the binding region of the receptor and a portion of the antigen called epitope. • Antibodies present a single type of receptor, antigens might present several epitopes. • This means that different antibodies can recognize a single antigen

  14. Antibodies Antibody Molecule Antibody Production

  15. Clonal Selection

  16. Main Properties of Clonal Selection (Burnet, 1978) • Elimination of self antigens • Proliferation and differentiation on contact of mature lymphocytes with antigen • Restriction of one pattern to one differentiated cell and retention of that pattern by clonal descendants; • Generation of new random genetic changes, subsequently expressed as diverse antibody patterns by a form of accelerated somatic mutation

  17. T-cells • Regulation of other cells • Active in the immune response • Helper T-cells • Killer T-cells

  18. Reinforcement Learning and Immune Memory • Repeated exposure to an antigen throughout a lifetime • Primary, secondary immune responses • Remembers encounters • No need to start from scratch • Memory cells • Associative memory

  19. Learning (2)

  20. Immune Network Theory • Idiotypic network (Jerne, 1974) • B cells co-stimulate each other • Treat each other a bit like antigens • Creates an immunological memory

  21. Immune Network Theory(2)

  22. Shape Space Formalism • Repertoire of the immune system is complete (Perelson, 1989) • Extensive regions of complementarity • Some threshold of recognition V ´ V e e V e e ´ ´ ´ ´ V e e ´ ´

  23. Self/Non-Self Recognition • Immune system needs to be able to differentiate between self and non-self cells • Antigenic encounters may result in cell death, therefore • Some kind of positive selection • Some element of negative selection

  24. Summary so far …. • Immune system has some remarkable properties • Pattern recognition • Learning • Memory • So, is it useful?

  25. Some questions for you !

  26. Part II –Artificial Immune Systems

  27. This Section • General Framework for describing and constructing AIS • A short review of where AIS are used today • Can not cover them all, far too many • I am not an expert in all areas (earn more money if I was) • Where are AIS headed?

  28. What do want from a Framework? • In a computational world we work with representations and processes. Therefore, we need: • To be able to describe immune system components • Be able to describe their interactions • Quite high level abstractions • Capture general purpose processes that can be applied to various areas

  29. AIS Framework • De Castro & Timmis, 2002 • Immune Representations • Immune Algorithms • Guidelines for developing AIS

  30. Representation – Shape Space • Describe the general shape of a molecule • Describe interactions between molecules • Degree of binding between molecules • Complement threshold

  31. Representation • Vectors Ab = Ab1, Ab2, ..., AbL Ag = Ag1, Ag2, ..., AgL • Real-valued shape-space • Integer shape-space • Hamming shape-space • Symbolic shape-space

  32. Define their Interaction • Define the term Affinity • Affinity is related to distance • Euclidian • Other distance measures such as Hamming, Manhattan etc. etc. • Affinity Threshold

  33. Basic Immune Models and Algorithms • Bone Marrow Models • Negative Selection Algorithms • Clonal Selection Algorithm • Somatic Hypermutation • Immune Network Models

  34. Bone Marrow Models • Gene libraries are used to create antibodies from the bone marrow • Antibody production through a random concatenation from gene libraries • Simple or complex libraries

  35. Negative Selection Algorithms • Forrest 1994: Idea taken from the negative selection of T-cells in the thymus • Applied initially to computer security • Split into two parts: • Censoring • Monitoring

  36. Negative Selection Algorithm • Each copy of the algorithm is unique, so that each protected location is provided with a unique set of detectors • Detection is probabilistic, as a consequence of using different sets of detectors to protect each entity • A robust system should detect any foreign activity rather than looking for specific known patterns of intrusion. • No prior knowledge of anomaly (non-self) is required • The size of the detector set does not necessarily increase with the number of strings being protected • The detection probability increases exponentially with the number of independent detection algorithms • There is an exponential cost to generate detectors with relation to the number of strings being protected (self). • Solution to the above in D’haeseleer et al. (1996)

  37. Clonal Selection Algorithm • de Castro & von Zuben, 2001 Randomly initialise a population (P) For each pattern in Ag Determine affinity to each P’ Select n highest affinity from P Clone and mutate prop. to affinity with Ag Add new mutants to P endFor Select highest affinity P to form part of M Replace n number of random new ones Until stopping criteria

  38. Immune Network Models • Timmis & Neal, 2000 • Used immune network theory as a basis, proposed the AINE algorithm Initialize AIN For each antigen Present antigen to each ARB in the AIN Calculate ARB stimulation level Allocate B cells to ARBs, based on stimulation level Remove weakest ARBs (ones that do not hold any B cells) If termination condition met exit else Clone and mutate remaining ARBs Integrate new ARBs into AIN

  39. Immune Network Models • De Castro & Von Zuben (2000c) • aiNET, based in similar principles At each iteration step do For each antigen do Determine affinity to all network cells Select n highest affinity network cells Clone these n selected cells Increase the affinity of the cells to antigen by reducing the distance between them (greedy search) Calculate improved affinity of these n cells Re-select a number of improved cells and place into matrix M Remove cells from M whose affinity is below a set threshold Calculate cell-cell affinity within the network Remove cells from network whose affinity is below a certain threshold Concatenate original network and M to form new network Determine whole network inter-cell affinities and remove all those below the set threshold Replace r% of worst individuals by novel randomly generated ones Test stopping criterion

  40. Somatic Hypermutation • Mutation rate in proportion to affinity • Very controlled mutation in the natural immune system • Trade-off between the normalized antibody affinity D* and its mutation rate ,

  41. Part III - Applications

  42. Anomaly Detection • The normal behavior of a system is often characterized by a series of observations over time. • The problem of detecting novelties, or anomalies, can be viewed as finding deviations of a characteristic property in the system. • For computer scientists, the identification of computational viruses and network intrusions is considered one of the most important anomaly detection tasks

  43. Virus Detection • Protect the computer from unwanted viruses • Initial work by Kephart 1994 • More of a computer immune system

  44. Virus Detection (2) • Okamoto & Ishida (1999a,b) proposed a distributed approach • Detected viruses by matching self-information • first few bytes of the head of a file • the file size and path, etc. • against the current host files. • Viruses were neutralized by overwriting the self-information on the infected files • Recovering was attained by copying the same file from other uninfected hosts through the computer network

  45. Immune System Computational System Pathogens (antigens) Computer viruses B-, T-cells and antibodies Detectors Proteins Strings Antibody/antigen binding Pattern matching Virus Detection (3) • Other key works include: • A distributed self adaptive architecture for a computer virus immune system (Lamont, 200) • Use a set of co-operating agents to detect non-self patterns

  46. Security • Somayaji et al. (1997) outlined mappings between IS and computer systems • A security systems need • Confidentiality • Integrity • Availability • Accountability • Correctness

  47. Immune System Network Environment Static Data Self Uncorrupted data Non-self Any change to self Active Processes on Single Host Cell Active process in a computer Multicellular organism Computer running multiple processes Population of organisms Set of networked computers Skin and innate immunity Security mechanisms, like passwords, groups, file permissions, etc. Adaptive immunity Lymphocyte process able to query other processes to seek for abnormal behaviors Autoimmune response False alarm Self Normal behavior Non-self Abnormal behavior Network of Mutually Trusting Computers Organ in an animal Each computer in a network environment IS to Security Systems

  48. Network Security • Hofmeyr & Forrest (1999, 2000): developing an artificial immune system that is distributed, robust, dynamic, diverse and adaptive, with applications to computer network security. • Kim & Bentley (2001). Hybrid approach of clonal selection and negative selection.

  49. External host Randomly created Host ip: 20.20.15.7 010011100010.....001101 sensitivity port: 22 Detector level set Immature Datapath triple (20.20.15.7, 31.14.22.87, ftp) match during No Internal tolerization secondary host representation Exceed Mature & ip: 31.14.22.87 Naive activation port: 2000 threshold Match during Don’t Match tolerization exceed Detector Activated activation threshold 0100111010101000110......101010010 No Co stimulation co stimulation Activation flag Last activated matches Broadcast LAN state Death Memory {immature, naive, memory} Forrests Model AIS for computer network security. (a) Architecture. (b) Life cycle of a detector.

  50. Novelty Detection • Image Segmentation : McCoy & Devarajan (1997) • Detecting road contours in aerial images • Used a negative selection algorithm

More Related