Abstract
Network Intrusion Detection Systems (NIDS) monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDS’s rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to an intrusion detection problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aickelin, U., Bentley, P.J., Cayzer, S., Kim, J., McLeod, J.: Danger theory: The link between AIS and IDS? In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 147–155. Springer, Heidelberg (2003)
Germain, R.N.: An innately interesting decade of research in immunology. Nature Medicine 10(4), 1307–1320 (2004)
Janeway Jr., C.A.: Approaching the Asymptote? Evolution and Revolution in Immunology. Cold Spring Harb Symp. Quant. Biol. 54 (Pt 1), 1–13 (1989)
Greensmith, J., Aickelin, U., Cayzer, S.: Introducing dendritic cells as a novel immune-inspired algorithm for anomaly detection. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 153–167. Springer, Heidelberg (2005)
Matzinger, P.: Tolerance, danger and the extended family. Annual Reviews in Immunology 12, 991–1045 (1994)
Ning, P., Xu, D.: Hypothesizing and Reasoning about Attacks Missed by Intrusion Detection Systems. ACM Transactions on Information and System Security 7(4), 591–627 (2004)
Ning, P., Xu, D., Healey, C.G., Amant, R.S.: Building Attack Scenarios through Integration of Complementary Alert Methods. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium (2004)
Wang, L., Liu, A., Jajoda, S.: An Efficient Unified Approach to Correlating Hypothesising, and Predicting Intrusion Alerts. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679. Springer, Heidelberg (2005)
Twycross, J., Aickelin, U.: Towards a conceptual framework for innate immunity. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 112–125. Springer, Heidelberg (2005)
Twycross, J., Aickelin, U.: libtissue - implementing innate immunity. In: Proceedings of the Congress on Evolution Computation (2006)
Washington University FTP Server, http://www.wu-ftpd.org/
Mathias, K., Whitley, D.: Transforming the Search Space with Gray Coding. In: IEEE Conf. on Evolutionary Computation, vol. 1, pp. 513–518 (1994)
Balthrop, J., Esponda, F., Forrest, S., Glickman, M.: Coverage and Generalization in an Artificial Immune System. In: Genetic and Evolutionary Computation Conference (GECCO) (2002)
Tedesco, G.: Firestorm Network Intrusion Detection System, http://www.scara-manga.co.uk/firestorm/
Roesch, M.: Snort Network Intrusion Detection System, http://www.snort.org/
Berkeley Labs Internet Traffic Archive Data Set: LBNL-FTP-PKT, http://www-nrg.ee.lbl.gov/LBNL-FTP-PKT.html
Yegneswaran, V., Giffin, J.T., Barford, P., Jha, S.: An Architecture for Generating Semantics-Aware Signatures. In: Proceedings of USENIX Security Conference (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tedesco, G., Twycross, J., Aickelin, U. (2006). Integrating Innate and Adaptive Immunity for Intrusion Detection. In: Bersini, H., Carneiro, J. (eds) Artificial Immune Systems. ICARIS 2006. Lecture Notes in Computer Science, vol 4163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11823940_15
Download citation
DOI: https://doi.org/10.1007/11823940_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37749-8
Online ISBN: 978-3-540-37751-1
eBook Packages: Computer ScienceComputer Science (R0)