ABSTRACT
A major difficulty for anomaly detection lies in discovering boundaries between normal and anomalous behavior, due to the deficiency of abnormal samples in the training phase. In this paper, a novel coevolutionary algorithm which attempts to simulate territory establishment in ecology is conceived to tackle anomaly detection problems. Two species in normal and abnormal behavior pattern space coevolve competitively and cooperatively. Competition prevents individuals in one species from invading the other's territory; cooperation aims to achieve complete pattern coverage by adjusting the evolutionary environment according to the pressure coming from neighbors. In a sense, we extend the definition of cooperative coevolution from "coupled fitness" to "interaction of the evolutionary environment". This coevolutionary algorithm, enhanced with features like niching inside of species, global and local fitness, and fuzzy sets, tries to balance overfitting and overgeneralization. This provides an accurate boundary definition. Experimental results on transactional data from a real financial institution show that this coevolutionary algorithm is more effective than the evolutionary algorithm in evolving normal or abnormal behavior patterns only.
- E. S. Adams. Territory size and shape in fire ants: a model based on neighborhood interactions. Ecology, 79(4):1125--1134, June 1998.]]Google ScholarCross Ref
- S. Balachandran, D. Dasgupta, F. Nino, and D. Garrett. A general framework for evolving multi-shaped detectors in negative selection. In IEEE Symposium Series on Computational Intelligence, Honolulu, Hawaii, April 2007.]]Google Scholar
- P. Collet, E. Lutton, and F. Raynal. Polar IFS + parisian genetic programming = e.cient IFS inverse problem solving. Genetic Programming and Evolvable Machines, 1:339--361, 2000.]] Google ScholarDigital Library
- D. Dasgupta and F. Gonzalez. An immunity-based technique to characterize intrusions in computer networks. IEEE Transactions on Evolutionary Computation, 6(3):281--291, June 2002.]] Google ScholarDigital Library
- E. Dunn, G. Olague, and E. Lutton. Automated photogrammetric network design using the parisian approach. In Applications on Evolutionary Computing, pages 356--365. Springer Berlin / Heidelberg, 2005.]] Google ScholarDigital Library
- S. Forrest, B. Javornik, R. E. Smith, and A. S. Perelson. Using genetic algorithms to explore pattern recognition in the immune system. Evolutionary Computation, 1(3):191--211, 1993.]]Google ScholarDigital Library
- S. Forrest, B. Javornik, R. E. Smith, and A. S. Perelson. Using genetic algorithms to explore pattern recognition in the immune system. Evolutionary Computation, 1(3):191--211, 1993.]]Google ScholarDigital Library
- S. Forrest, B. Javornik, R. E. Smith, and A. S. Perelson. Using genetic algorithms to explore pattern recognition in the immune system. Evolutionary Computation, 1(3):191--211, 1993.]]Google ScholarDigital Library
- F. Gonzalez, J. Gomez, M. Kaniganti, and D. Dasgupta. An evolutionary approach to generate fuzzy anomaly signatures. In Proceedings of the Fourth Annual IEEE Information Assurance Workshop, pages 251--259. West point, NY, 2003.]]Google ScholarCross Ref
- F. A. Gonzalez and D. Dasgupta. Anomaly detection using real-valued negative selection. Genetic Programming and Evolvable Machines, 4(4):383--403, December 2003.]] Google ScholarDigital Library
- X. Hang and H. Dai. Applying both positive and negative selection to supervised learning for anomaly detection. In Genetic and Evolutionary Computation Conference (GECOO '05), 2005.]] Google ScholarDigital Library
- S. A. Hofmeyr. An immunological model of distributed detection and its application to computer security. PhD thesis, The University of New Mexico, 1999.]] Google ScholarDigital Library
- Z. Ji. A boundary-aware negative selection algorithm. In Proceedings of the 9th IASTED International Conference on Artificial Intelligence and Soft Computing (ASC 2005), Benidorm, Spain, 2005.]]Google Scholar
- Z. Ji and D. Dasgupta. Real-valued negative selection using variable-sized detectors. In Genetic and Evolutionary Computation Conference (GECCO '04), Seattle, Washington, 26-30 June 2004.]]Google Scholar
- Z. Ji and D. Dasgupta. Real-valued negative selection using variable-sized detectors. In Genetic and Evolutionary Computation Conference (GECCO '04), Seattle, Washington, 26-30 June 2004.]]Google Scholar
- J. Kim and P. J. Bentley. Evaluating negative selection in an artificial immune system for network intrusion detection. In Genetic and Evolutionary Computation Conference (GECCO '01), 2001.]]Google Scholar
- J. R. Krebs and N. B. Davies. An Introduction to Behavioural Ecology. Sinauer Associates Inc., 1981.]]Google Scholar
- M. Ostaszewski, F. Seredynski, and P. Bouvry. Immune anomaly detection enhanced with evolutionary paradigms. In Genetic And Evolutionary Computation Conference (GECCO '06), pages 119 -- 126, Seattle, WA., US, 8-12 July 2006.]] Google ScholarDigital Library
- M. Ostaszewski, F. Seredynski, and P. Bouvry. Coevolutionary-based mechanisms for network anomaly detection. Journal of Mathematical Modelling and Algorithms, 6:411--431, 2007.]]Google ScholarCross Ref
- S. T. Powers and J. He. Evolving discrete-valued anomaly detectors for a network intrusion detection system using negative selection. In The 6th Annual Workshop on Computational Intelligence (UKCI '06), pages 41--48, 2006.]]Google Scholar
- J. M. Shapiro, G. B. Lamont, and G. L. Peterson. An evolutionary algorithm to generate hyper-ellipsoid detectors for negative selection. In Genetic and evolutionary computation Conference (GECCO '05), pages 337--344, Washington DC, USA, 2005.]] Google ScholarDigital Library
- M. Toneguzzi. Theft, fraud cost retailers $8 million a day. Ottawa Citizen, March 2 2007. Newspaper.]]Google Scholar
Index Terms
- Combatting financial fraud: a coevolutionary anomaly detection approach
Recommendations
Ecological theory provides insights about evolutionary computation
GECCO '18: Proceedings of the Genetic and Evolutionary Computation Conference CompanionPromoting diversity in an evolving population is important for Evolutionary Computation (EC) because it reduces premature convergence on suboptimal fitness peaks while still encouraging both exploration and exploitation [3]. However, some types of ...
Parisian camera placement for vision metrology
Special issue: Evolutionary computer vision and image understandingThis paper presents a novel camera network design methodology based on the Parisian evolutionary computation approach. This methodology proposes to partition the original problem into a set of homogeneous elements, whose individual contribution to the ...
A mixed strategy multi-objective coevolutionary algorithm based on single-point mutation and particle swarm optimization
RSKT'12: Proceedings of the 7th international conference on Rough Sets and Knowledge TechnologyThe particle swarm optimization algorithm has been used for solving multi-objective optimization problems in last decade. This algorithm has a capacity of fast convergence; however its exploratory capability needs to be enriched. An alternative method ...
Comments