Advertisement

Integrating Innate and Adaptive Immunity for Intrusion Detection

  • Gianni Tedesco
  • Jamie Twycross
  • Uwe Aickelin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4163)

Abstract

Network Intrusion Detection Systems (NIDS) monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDS’s rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to an intrusion detection problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.

Keywords

Intrusion Detection Innate Immunity Dendritic Cells 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aickelin, U., Bentley, P.J., Cayzer, S., Kim, J., McLeod, J.: Danger theory: The link between AIS and IDS? In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 147–155. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Germain, R.N.: An innately interesting decade of research in immunology. Nature Medicine 10(4), 1307–1320 (2004)CrossRefGoogle Scholar
  3. 3.
    Janeway Jr., C.A.: Approaching the Asymptote? Evolution and Revolution in Immunology. Cold Spring Harb Symp. Quant. Biol. 54 (Pt 1), 1–13 (1989)Google Scholar
  4. 4.
    Greensmith, J., Aickelin, U., Cayzer, S.: Introducing dendritic cells as a novel immune-inspired algorithm for anomaly detection. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 153–167. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Matzinger, P.: Tolerance, danger and the extended family. Annual Reviews in Immunology 12, 991–1045 (1994)CrossRefGoogle Scholar
  6. 6.
    Ning, P., Xu, D.: Hypothesizing and Reasoning about Attacks Missed by Intrusion Detection Systems. ACM Transactions on Information and System Security 7(4), 591–627 (2004)CrossRefGoogle Scholar
  7. 7.
    Ning, P., Xu, D., Healey, C.G., Amant, R.S.: Building Attack Scenarios through Integration of Complementary Alert Methods. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium (2004)Google Scholar
  8. 8.
    Wang, L., Liu, A., Jajoda, S.: An Efficient Unified Approach to Correlating Hypothesising, and Predicting Intrusion Alerts. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Twycross, J., Aickelin, U.: Towards a conceptual framework for innate immunity. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 112–125. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Twycross, J., Aickelin, U.: libtissue - implementing innate immunity. In: Proceedings of the Congress on Evolution Computation (2006)Google Scholar
  11. 11.
    Washington University FTP Server, http://www.wu-ftpd.org/
  12. 12.
    Mathias, K., Whitley, D.: Transforming the Search Space with Gray Coding. In: IEEE Conf. on Evolutionary Computation, vol. 1, pp. 513–518 (1994)Google Scholar
  13. 13.
    Balthrop, J., Esponda, F., Forrest, S., Glickman, M.: Coverage and Generalization in an Artificial Immune System. In: Genetic and Evolutionary Computation Conference (GECCO) (2002)Google Scholar
  14. 14.
    Tedesco, G.: Firestorm Network Intrusion Detection System, http://www.scara-manga.co.uk/firestorm/
  15. 15.
    Roesch, M.: Snort Network Intrusion Detection System, http://www.snort.org/
  16. 16.
    Berkeley Labs Internet Traffic Archive Data Set: LBNL-FTP-PKT, http://www-nrg.ee.lbl.gov/LBNL-FTP-PKT.html
  17. 17.
    Yegneswaran, V., Giffin, J.T., Barford, P., Jha, S.: An Architecture for Generating Semantics-Aware Signatures. In: Proceedings of USENIX Security Conference (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Gianni Tedesco
    • 1
  • Jamie Twycross
    • 1
  • Uwe Aickelin
    • 1
  1. 1.School of Computer Science & IT (ASAP)University of Nottingham

Personalised recommendations