Abstract
In this paper, we discuss the design and engineering of a biologically-inspired, host-based intrusion detection system to protect computer networks. To this end, we have implemented an Artificial Immune System (AIS) that mimics the behavior of the biological adaptive immune system. The proposed AIS, consists of a number of running artificial white blood cells, which search, recognize, store and deny anomalous requests on individual hosts. The model monitors the system through analysing the set of parameters to provide a general information on its state — ill or not. When some parameters are discovered to have anomalous values, then the artificial immune system takes a proper action. To prove the effectiveness of the suggested model, an exhaustive test on the AIS is conducted, using a server running Apache, Mysql and OpenSSH, and results are reported. Four types of attacks were tested: remote buffer overflow, Distributed Denial of Service (DDOS), port scanning, and dictionary-attack. The test proved that our definition of self/non-self system components is quite effective in protecting host-based systems.
Chapter PDF
References
. D’haeseleer, P., Forrest, S., Helman, P.: An immunological approach to change detection: algorithms, analysis and implication. In: Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy, (1996)
. Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff T.: A sense of self for UNIX processes. In: Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, (1996)
Forrest, S., Hofmeyr, S., Somayaji, A.: Computer immunology. In: Communication of ACM 40(10),88-96 (1997)
. Dasgupta, D.: Advances in Artificial Immune Systems. In: IEEE Computational Intelligence Magazine, (November 2006)
Hofmeyr, S., Somayaji, A., Forrest, S.: Intrusion Detection using Sequences of System Calls. In: Journal of Computer Security 6(3), 151-180 (1998)
. Dasgupta, D.: Immune-based intrusion detection system: A general framework. In: Proceedings of the 22nd National Information Systems Security Conference, (1999)
Tarakanov, A.O., Skormin, V.A., Sokolova, S.P.: Immunocomputing: Principles and Applications. Springer-Verlag, New York (2003)
. Forrest, S., Glickman, M. R.: Revisiting LISYS: Parameters and Normal behavior. In: Proceedings of the 2002 Congress on Evolutionary Computation, (2002)
. Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: Alternative data models 1999. In: IEEE Symposium on security and Privacy, (1999)
Hofmeyr, S., Forrest, S.: Architecture for an artificial immune system. In: Evolutionary Computation, 8(4), 443-473 (2000)
. Hofmeyr, S.: An immunological model of distributed detection and its application to computer security. In: PhD thesis, University of New Mexico, (1999)
. Balthrop, J., Forrest, S., Glickman, M.: Revisiting lisys: Parameters and normal behavior. In: Proceedings of the Congress on Evolutionary Computation, (2002)
. Pagnoni, A., Visconti, A.: An Innate Immune System for the Protection of Computer Networks. In: Proceedings of the 4th International Symposium on Information and Communication Technologies, (2005)
. Aickelin, U., Cayzer, S.: The Danger Theory and Its Application to Artificial Immune Systems. In: Proceedings of 1st International Conference on Artificial Immune Systems, (2002)
. Aickelin, U., Bentley, P., Cayzer, S., Kim, J., McLeod, J.: Danger Theory: The Link between AIS and IDS? LCNS 2787, (2003).
Anderson, C., Matzinger, P.: Danger: the view from the bottom of the cliff. In: Seminars in Immunology, 12(3), 231-238 (2000)
. Kim, J., Bentley, P.: The human Immune system and Network Intrusion Detection. In: Proceedings of 7th European Congress on Intelligent techniquesSoft Computing, (1999)
. Gonzalez, F., Dasgupta, D.: An Immunogenetic Technique to Detect Anomalies in Network Traffic. In: Proceedings of the International Conference Genetic and Evolutionary Computation (GECCO), (2002)
. Gentoo linux, available at http://www.gentoo.org/
. Apache JMeter, available at http://jakarta.apache.org/jmeter/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 International Federation for Information Processing
About this paper
Cite this paper
Visconti, A., Fusi, N., Tahayori, H. (2008). Intrusion Detection via Artificial Immune System: a Performance-based Approach. In: Hinchey, M., Pagnoni, A., Rammig, F.J., Schmeck, H. (eds) Biologically-Inspired Collaborative Computing. BICC 2008. IFIP – The International Federation for Information Processing, vol 268. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-09655-1_12
Download citation
DOI: https://doi.org/10.1007/978-0-387-09655-1_12
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-09654-4
Online ISBN: 978-0-387-09655-1
eBook Packages: Computer ScienceComputer Science (R0)