Abstract
Computer networks are highly dynamic environments in which the meaning of normal and anomalous behaviours can drift considerably throughout time. Behaviour-based Network Intrusion Detection System (NIDS) have thus to cope with the temporal normality drift intrinsic on computer networks, by tuning adaptively its level of response, in order to be able to distinguish harmful from harmless network traffic flows. In this paper we put forward the intrinsic Tunable Activation Threshold (TAT) theory ability to adaptively tolerate normal drifting network traffic flows. This is embodied on the TAT-NIDS, a TAT-based Artificial Immune System (AIS) we have developed for network intrusion detection. We describe the generic AIS framework we have developed to assemble TAT-NIDS and present the results obtained thus far on processing real network traffic data sets. We also compare the performance obtained by TAT-NIDS with the well known and widely deployed signature-based snort network intrusion detection system. © 2011 Springer-Verlag.

Abstract
In this paper we propose and analyse methods for expanding state-of-the-art performance on text classification. We put forward an ensemble-based structure that includes Support Vector Machines (SVM) and Artificial Immune Systems (AIS). The underpinning idea is that SVM-like approaches can be enhanced with A IS approaches which can capture dynamics in models. While having radically different genesis, and probably because of that, SVM and AIS can cooperate in a committee setting, using a heterogeneous ensemble to improve overall performance, including a confidence on each system classification as the differentiating factor. Results on the well-known Reuters-21578 benchmark are presented, showing promising classification performance gains, resulting in a classification that improves upon all baseline contributors of the ensemble committee.

Abstract
One emergent, widely used metaphor and rich source of inspiration for computer security has been the vertebrate Immune System (IS). This is mainly due to its intrinsic nature of having to constantly protect the body against harm inflicted by external (non-self) harmful entities. The bridge between metaphor and the reality of new practical systems for anomaly detection is cemented by recent biological advancements and new proposed theories on the dynamics of immune cells by the field of theoretical immunology. In this paper we present a work in progress research on the deployment of an immune-inspired architecture, based on Grossman's Tunable Activation Threshold (TAT) hypothesis, for temporal anomaly detection, where there is a strict temporal ordering on the data, such as network intrusion detection. We start by briefly describing the overall architecture. Then, we present some preliminary results obtained in a Production network. Finally, we conclude by presenting the main lines of research we intend to pursue in the near future.

Abstract
The detection of anomalies in computer environments, like network intrusion detection, computer virus or spam classification, is usually based on some form of pattern search on a database of "signatures " for known anomalies. Although very successful and widely deployed, these approaches are only able to cope with anomalous events that have already been seen. To cope with these weaknesses, the "behaviour" based systems has been deployed. Although conceptually more appealing, they have still an impractical high rate of false alarms. The vertebrate Immune System is an emergent and appealing metaphor for new ideas on anomaly detection, being already adopted some algorithms and theoretical theories in particular fields, such as network intrusion detection. In this paper we present a temporal anomaly detection architecture based on the Grossman's Tunable Activation Threshold (TAT) hypothesis. The basic idea is that the repertoire of immune cells is constantly tuned according to the cells temporal interactions with the environment and yet retains responsiveness to an open-ended set of abnormal events. We describe some preliminary work on the development of an anomaly detection algorithm derived from TAT and present the results obtained thus far using some synthetic data-sets.

Abstract
One of the advantages of logic programming is the fact that it offers several sources of implicit parallelism. One particularly interesting form of And-Parallelism is Independent And-Parallelism (IAP). Most work on the implementation of IAP is based on Hermenegildo's RAP-WAM. Unfortunately there are some drawbacks associated with the classical approaches based on the use of parcalls and markers. One first observation is that the introduction of parcall frames significantly slows down sequential execution. Moreover, it may result in fine-grained parallel work. We found these problems to be particularly significant in the context of the implementation of combined AND/OR systems. In this paper we take a fresh look at this issue. Our goal is to start from a standard sequential Prolog implementation and try to discover the minimal number of changes that would be required for an efficient implementation of IAP. The key ideas in our design are to (i) to always take advantage of analogy between or-parallelism and IAP; (ii) to avoid creating new structures by adapting preexistingx WAM data-structures wherever possible; and (iii) to avoid major changes to the compiler. The authors would like to acknowledge and thank the contribution and support from Fernando Silva. The work has also benefitted from discussions with Luis Fernando Castro, Ines de Castro Dutra, Kish Shen, Gopal Gupta, and Enrico Pontelli. Our work has been partly supported by Fundaçã da Ciencia e Tecnologia and JNICT under the projects Melodia (JNICT/PBIC/C/TIT/2495/95) and Dolphin (PRAXIS/2/2.l/TIT/1577/95). © 2000 Published by Elsevier B.V.

Abstract
One important problem in the design of novel logic programming systems is the support of several forms of implicit parallelism. A new binding model, the Sparse Binding Array (SBA), has been proposed for the efficient and simplified integration of Independent-And, Determinate-And and Or-parallelism. In this paper we report on the use of this model for pure Or-parallelism. The work discusses the major implementation issues in supporting this binding model for pure Or-parallelism. We show that an implementation based on this Binding model is more efficient then the original Aurora using tbe traditional Binding Array model [16]. Moreover, we explain how the notion of a variable level can be used to reduce overheads of the Orparallel system. Our results in supporting pure or-parallelism show that the approach is very promissing for combined paralell systems.