Immune-Inspired Algorithm For Network Intrusion Detection
Ameur Bennaoui2007
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
The central challenge with computer security is determining the difference between normal and potentially harmful activity. A promising solution is emerging in the form of Artificial Immune Systems (AIS). These include the theories regarding how the immune system responds to pathogenic material. This paper takes relatively new theory: the Danger theory and Dendritic cells, and explores the relevance of those to the application domain of security and evaluating on the Kdd’99 data.
Related papers
Immunological Approach for Intrusion Detection
L'un des défis centraux en sécurité informatique est de pouvoir déterminer la différence entre un comportement normal et un comportement potentiellement dangereux d'un système. Pendant des décennies, les développeurs ont protégé leurs systèmes en utilisant des méthodes classiques. Cependant, la croissance et la complexité des systèmes informatiques ou de réseaux à protéger nécessitent le développement d'outils de défense automatisés et adaptatifs. Des solutions prometteuses voient le jour avec l'informatique inspirée de la biologie, et, en particulier, l'approche immunologique. Dans cet article, nous proposons deux systèmes immunitaires artificiels pour la détection d'intrusion en utilisant la base de données KDD Cup'99. Le premier est basé sur la théorie du danger en utilisant l'algorithme des cellules dendritiques et le second est basé sur la sélection négative. Les résultats obtenus sont prometteurs. ABSTRACT. One of the central challenges with computer security is determining the difference between normal and potentially harmful behavior. For decades, developers have protected their systems using classical methods. However, the growth and complexity of computer systems or networks to protect require the development of automated and adaptive defensive tools. Promising solutions are emerging with biological inspired computing, and in particular, the immunological approach. In this paper, we propose two artificial immune systems for intrusion detection using the KDD Cup'99 database. The first one is based on the danger theory using the dendritic cells algorithm and the second is based on negative selection. The obtained results are promising.
The Dendritic Cell Algorithm for Intrusion Detection
As one of the solutions to intrusion detection problems, Artificial Immune Systems (AIS) have shown their advantages. Unlike genetic algorithms, there is no one archetypal AIS, instead there are four major paradigms. Among them, the Dendritic Cell Algorithm (DCA) has produced promising results in various applications. The aim of this chapter is to demonstrate the potential for the DCA as a suitable candidate for intrusion detection problems. We review some of the commonly used AIS paradigms for intrusion detection problems and demonstrate the advantages of one particular algorithm, the DCA. In order to clearly describe the algorithm, the background to its development and a formal definition are given. In addition, improvements to the original DCA are presented and their implications are discussed, including previous work done on an online analysis component with segmentation and ongoing work on automated data preprocessing. Based on preliminary results, both improvements appear to be promising for online anomaly-based intrusion detection.
Immune System Approaches to Intrusion Detection
2007
The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we review the algorithms used, the development of the systems and the outcome of their implementation. We provide an introduction and analysis of the key developments within this field, in addition to making suggestions for future research.
Immune System Approaches to Intrusion Detectiona Review
Natural computing, 2007
Sensing danger: Innate immunology for intrusion detection
Information Security Technical Report, 2007
The immune system provides an ideal metaphor for anomaly detection in general and computer security in particular. Based on this idea, artificial immune systems have been used for a number of years for intrusion detection, unfortunately so far with little success. However, these previous systems were largely based on immunological theory from the 1970s and 1980s and over the last decade our understanding of immunological processes has vastly improved. In this paper we present two new immune inspired algorithms based on the latest immunological discoveries, such as the behaviour of Dendritic Cells. The resultant algorithms are applied to real world intrusion problems and show encouraging results. Overall, we believe there is a bright future for these next generation artificial immune algorithms.
Intrusion Detection and Prevention: Immunologically Inspired Approaches
Computer security can be viewed as a process of discrimination between authorized actions, legitimate users, etc, and intrusions such as viruses, trojans, etc. The immune system of the human body has been performing such an action for a much longer time and it is very likely that it has developed a set of techniques and mechanisms that are, in comparison, a great deal better than the ones used in the current computer security systems. And it certainly has, as in the opposite case, the human race would be extinguished by now. The immune system of the human body is a collection of mechanisms and techniques that offer an overall defense for the organism in a both distributed and localized manner. These are specific and non specific mechanisms. The specific ones offer a level of defense against one single type of threat, whereas the non specific ones have a more wide range. This is much like the defense mechanism in the information security world such as specific ones, through virus sig...
Detecting danger: Applying a novel immunological concept to intrusion detection systems
Arxiv preprint arXiv:1002.0696, 2010
An artificial immune based intrusion detection model for computer and telecommunication systems
Parallel Computing, 2004
Recent years have seen a growing interest in computational methods based upon natural phenomena with biologically inspired techniques, such as cellular automata, immune human systems, neural networks, DNA and molecular computing. Some of these techniques are classified under the realm of a general paradigm, called bio-computing. In this paper, we propose a security system for fraud detection of intruders and improper use of both computer system and mobile telecommunication operations. Our technique is based upon data analysis inspired by the natural immune human system. We show how immune metaphors can be used efficiently to tackle this challenging problem. We also describe how our scheme extracts salient features of the immune human system and maps them within a software package designed to identify security violations of a computer system and unusual activities according to the usage log files. Our results indicate that our system shows a significant size reduction of the logs file (i.e., registration of each log activity), and thereby the size of the report maintained by the computer system manager. This might help the system manager to monitor and observe unusual activities on the machine hosts more efficiently, as they happen, and can * Corresponding author. E-mail addresses: [email protected] (A. Boukerche), [email protected] (K.R.L. Juc a), [email protected] (J.B. Sobral), [email protected] (M.S.M.A. Notare). Parallel Computing 30 (2004) 629-646
Design and Implementation of an Intrusion Prevention System Inspired Immune Systems
Int. J. Netw. Secur., 2017
In view of the recent advances of communication and information technology along with the growing need for online networking, computer security has become a challenge to almost all the studies that have been carried out in this research axis. So far, various tools and mechanisms have been developed in order to guarantee a safety level up to the requirements of modern life. Among these, intrusion detection and prevention systems (IDPS) tend to locate activities or abnormal behaviors suspect to be detrimental to the correct operation of the system. In this respect, this work targets the design and the realization of an IDPS inspired from natural immune systems. The immune systems have aroused the interest of researchers in the intrusion detection field, taking into account the similarities of NIS (Natural Immune System) and IDPS objectives. Within the Framework of this work, we conceived an IDPS inspired from natural immune system and implemented by using a directed approach. A platfo...
MAPPING HUMAN IMMUNE SYSTEM to NETWORK INTRUSION DETECTION SYSTEM
2012
Abstract: This paper describes the difference between the human immune system and network intrusion detection systems. The paper begins by briefly introducing existing intrusion detection systems (IDS’s).An overview of the human immune system is presented and its salient features that can contribute to the design of competent network-based IDS’s are analyzed. The analysis shows that the actions of the human immune system satisfy all the identified design goals. Consequently, the paper concludes that the design of a novel network-based IDS based on the human immune system is promising for future network-based IDS’s.
Related papers
An intrusion detection system using ideas from the immune system
… . CEC2004. Congress on, 2004
This paper proposes an intrusion detection framework and presents a prototype for an intrusion detection system based on it. This framework takes architectural inspiration from the human immune system and brings desirable features to intrusion detection systems, such as automated intrusion recovery, attack signature extraction, and potential to improve behavior-based detection. These features are enabled through intrusion evidence detection. The prototype, called ADENOIDS, is designed to deal with application attacks, extracting signature for remote buffer overflow attacks. The framework and ADENOIDS are described and experimental results are presented.
Towards an Artificial Immune System for Network Intrusion Detection
2002
This paper describes the research towards the use of an artificial immune system (AIS) for network intrusion detection. Specifically, we focus on one significant component of a complete AIS, static clonal selection with a negative selection operator, describing this system in detail. Three different data sets from the UCI repository for machine learning are used in the experiments. Two important factors, the detector sample size and the antigen sample size, are investigated in order to generate an appropriate mixture of general and specific detectors for learning non-self antigen patterns. The results of series of experiments suggest how to choose appropriate detector and antigen sample sizes. These ideal sizes allow the AIS to achieve a good non-self antigen detection rate with a very low rate of self antigen detection. We conclude that the embedded negative selection operator plays an important role in the AIS by helping it to maintain a low false positive detection rate.
Intrusion Detection System using Artificial Immune Systems: A Case Study
International journal of advanced research in computer science and software engineering, 2018
Networks are working at their apical efficiency and are increasing in size by every second; emergence of various threats becomes hindrance in the growth and privacy of the users. The network is vulnerable to security breaches, due to malicious nodes. Intrusion detection systems aim at removing this vulnerability. In this paper, intrusion detection mechanisms for large-scale dynamic networks are investigated. Artificial immune system is a concept that works to protect a network the way immune systems of vertebrates work in nature. This paper also illustrates this artificial immune system, the integration of bio-inspired algorithms, and its functionality with the computer networks.
AN IMMUNE AGENTS SYSTEM FOR NETWORK INTRUSIONS DETECTION
With the development growing of network technology, computer networks became increasingly wide and opened. This evolution gave birth to new techniques allowing accessibility of networks and information systems with an aim of facilitating the transactions. Consequently, these techniques gave also birth to new forms of threats. In this article, we present the utility to use a system of intrusion detection through a presentation of these characteristics. Using as inspiration the immune biological system, we propose a model of artificial immune system which is integrated in the behavior of distributed agents on the network in order to ensure a good detection of intrusions. We also present the internal structure of the immune agents and their capacity to distinguish between self and not self. The agents are able to achieve simultaneous treatments, are able to auto-adaptable to environment evolution and have also the property of distributed coordination.
Intrusion Prevention System Inspired Immune Systems
Indonesian Journal of Electrical Engineering and Computer Science, 2016
In view of new communication and information technologies that appeared with the emergence of networks and Internet, the computer security became a major challenge, and works in this research axis are increasingly numerous. Various tools and mechanisms are developed in order to guarantee a safety level up to the requirements of modern life. Among them, intrusion detection and prevention systems (IDPS) intended to locate activities or abnormal behaviors suspect to be detrimental to the correct operation of the system. The purpose of this work is the design and the realization of an IDPS inspired from natural immune systems. The study of biological systems to get inspired from them for the resolution of computer science problems is an axis of the artificial intelligence field which gave rise to robust and effective methods by their natural function, the immune systems aroused the interest of researchers in the intrusion detection field, taking into account the similarities of natural immune system (NIS) and IDPS objectives. Within the framework of this work, we conceived an IDPS inspired from natural immune system and implemented by using a directed approach. A platform was developed and tests were carried out in order to assess our system performances.
The Artificial Immune Model for Network Intrusion Detection
7th European congress on intelligent techniques and …, 1999
An Artificial Immune System Approach to Preserving Security in Computer Networks
It is believed that many of the mechanisms present in the biological immune system are well suited for adoption to the field of computer intrusion detection, in the form of artificial immune systems. In this report mechanisms in the biological immune system are introduced, their parallels in artificial immune systems are presented, and how they may be applied to intrusion detection in a computer environment is discussed. An artificial immune system is designed, implemented and applied to detect intrusive behavior in real network data in a simulated network environment. The effect of costimulation and clonal proliferation combined with somatic hypermutation to perform affinity maturation of detectors in the artificial immune system is explored through experiments. An exact expression for the probability of a match between two randomly chosen strings using the r-contiguous matching rule is developed. The use of affinity maturation makes it possible to perform anomaly detection by using smaller sets of detectors with a high level of specificity while maintaining a high level of cover and diversity, which increases the number of true positives, while keeping a low level of false negatives.
Applications of artificial immune systems to computer security: A survey
Journal of information security and applications, 2017
For the last two decades, artificial immune systems have been studied in various fields of knowledge. They were shown to be particularly effective tools at detecting anomalous behavior in the security domain of computer systems. This article introduces the principles of artificial immune systems and surveys several works applying such systems to computer security problems. The works herein discussed are summarized and open issues are pointed out afterwards, elaborating on a novel applicability of these systems to cloud computing environments.
Immune System Based Intrusion Detection System (IS-IDS): A Proposed Model
IEEE Access, 2020
This paper explores the immunological model and implements it in the domain of intrusion detection on computer networks. The main objective of the paper is to monitor, log the network traffic and apply detection algorithms for detecting intrusions within the network. The proposed model mimics the natural Immune System (IS) by considering both of its layers, innate immune system and adaptive immune system respectively. The current work proposes Statistical Modeling based Anomaly Detection (SMAD) as the first layer of Intrusion Detection System (IDS). It works as the Innate Immune System (IIS) interface and captures the initial traffic of a network to find out the first-hand vulnerability. The second layer, Adaptive Immune-based Anomaly Detection (AIAD) has been considered for determining the features of the suspicious network packets for detection of anomaly. It imitates the adaptive immune system by taking into consideration the activation of the T-cells and the B-cells. It captures relevant features from header and payload portions for effective detection of intrusion. Experiments have been conducted on both the real-time network traffic and the standard datasets KDD99 and UNSW-NB15 for intrusion detection. The SMAD model yields as high as 96.04% true positive rate and around 97% true positive rate using real-time traffic and standard data sets. Highly suspicious traffic detected in the SMAD model is further tested for vulnerability in the AIAD model. Results show significant true positive rate, closer to almost 99% of accurately detecting the file-based and user-based anomalies for both the real-time traffic and standard data sets.
ARTIFICIAL IMMUNE SYSTEM BASED INTRUSION DETECTION SYSTEMS-A COMPREHENSIVE REVIEW
Intrusion Detection System (IDS) helps us to identify the abnormalities and attacks that can affect the confidentiality, integrity, and availability of the system or network. IDS has a close connection with the processes and mechanisms of Human Immune Systems(HIS) which helps to identify pathogens that can cause harmful diseases in human beings. So it is obvious that mechanisms inspired by HIS can be used in IDS also whose primary function is to detect malicious packets. Artificial immune systems(AIS) thus comes into effect mimicking the processes used by HIS to detect and avoid harmful pathogens. This paper gives a modest insight into intrusion detection techniques that are based on AIS.The works discussed here mainly concentrates on distributed agent based systems. The commonly used algorithms in AIS based IDS is collated and the limitations of existing work as well as future directions in this aspects are discussed.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.