In this post I’m going to have a go at describing to you some of the basics of my research. The project I’m currently involved in and the focus of my own research for the past decade is in the development of techniques which we call “Artificial Immune Systems”. These are a set of computer methods, algorithms, which solve a type of computational problem and the way in which the algorithm works is “copied” from a natural system which solves the same type of problem. In my case, I’m studying the cells of the human immune system which detect and eliminate infections to try and build their computer counterpart to combat computer infections.
Nature has provided engineers with interesting and effective solutions to many problems. The shape of bird wings is similar to that of an aerofoil on a plane, even though plane wings don’t flap! The way in which natural evolution works in terms of “survival of the fittest”, producing animals best suited to their environment, has been copied into something called a “genetic algorithm” which has been used to provide optimal solutions to a massive range of problems, including optimising car designs. This process is nicely explored in the book by Peter J. Bentley . And of course, in the quest for scientists to recreate the thinking capabilities and consciousness displayed by the human brain, techniques terms Neural Networks have been pioneered, which are a type of Machine Learning inspired by a model of how we think that the neurones in our brain work. These are used to detect patterns in data, and people have used them to try and predict the stock market and even to predict the weather. Artificial Immune Systems are a related field to evolutionary and neural computing, but are based on the natural computation achieved by the human immune system.
I’m by no means the first person to use this technique, and we have a community of scientists worldwide who work on developing and applying these artificial immune systems to a wide range of problems. The term was coined in the mid 1990’s by the pioneer of our field, Professor Stephanie Forrest who created a technique termed ‘Negative Selection’. In this work, Forrest and her team looked at the way in which the human body ‘trains’ its immune system to recognise proteins which come from pathogens and to be tolerant to proteins which belong to the body. This rather clever biological mechanism was transformed into a computer program, which could tell if the network services on a computer network were “normal” or “anomalous”. This technique worked well in principle and on networks with small amounts of traffic, but started to struggle on larger networks. And, unfortunately, like when your house alarm triggers but there is no robbery in progress, these systems often coughed up alerts saying that the network was under attack when there had simply been a change in the network, or a users behaviour changed through installing a new program, or went on vacation.
When I started working on AIS in 2003, new ideas brought in from contemporary immunology were gaining traction. In particular, and idea called the “Danger Theory” was in vogue. This contrasted the negative selection work by stating that an immune system (either artificial or human) only mounts a full response if it also experiences damage in addition to finding foreign entities. Danger signals are released as a result of damage, acting as a secondary mechanism to make sure that a full response was necessary. This theory was put to work in artificial immune systems within a project called the “Danger Project”, for which I was the computer science PhD student (you can find the old project description here).
As a result of the Danger Project work, we were able to create a computer algorithm which performs fast detection of anomalies by monitoring the ‘health’ of a network and performing context aware intrusion detection. This algorithm was the focus of my PhD and is called the “Dendritic Cell Algorithm”. This system is based on a model of a particular type of cell called a Dendritic Cell, which is the cell responsible for processing danger signals. We applied this algorithm to port scan detection, insider attack detection, botnet infection detection and many more security applications. Others have applied it to more standard machine learning datasets and related fault tolerance applications.
Artificial immune systems are difficult to define as they are not based on a single mechanism, like that found in evolutionary algorithms. The human immune system is vast, and from the perspective of some immunologists, involves the input from every cell in the body. As a result, there is a wide variety of different immune algorithms, inspired by different cells, which solve different problems. This is great because it means that they are fantastic to study as there is so much variety. The down side of this is that they are hard to characterise or to simply explain as there is no single “immune algorithm” which can be neatly packaged or presented. As the field celebrates 20 years of existence, I wonder what is next for these algorithms. I hope the work I’m doing currently will contribute to the future of this fascinating line of study.