Artificial Immunity-based Intrusion Detection System

1
Artificial Immunity-based Intrusion Detection
System

• Associate Prof. Fang Xian-jin

Computer School of AUST
2
Background

• With the development of computer and network
  technology, information security is becoming very
  significant.
• Solution Data encryption, Authentication,
  Authorization and Access control, Digital
  Signature, Firewall, Intrusion Detection System,
  VPN, Anti-virus technology.

3
Background

• Firewall is the first line of security defense,
  but it cant prevent attack from intranet.
• IDS can provide real time detection and implement
  defense strategy, its main purpose is to deal
  with inner attack.

4
Intrusion Detection System

• What is the IDS?
• Input can be OS log, network data packet,
  application system log, firewall log, etc.

normal
Input
Intrusion Detection
Anomalous
5
Intrusion Detection System

• General study methodology in IDS
• Misuse detection
• It is a rule-based detection technology, namely,
  p-best. The related technology is pattern
  matching algorithm.
• Anomaly detection
• it is a activity-based detection technology.
  Firstly ,normal activity profile is created, and
  then comparing the deviation amplitude between
  input activity and normal activity profile.
• the following methods are used to study IDS
• Statistic method 1
• Data mining method 2
• Artificial Immunity System3
• Artificial neural network45
• Fuzzy expert system6
• P-best (product-based expert system tool-kit)
• All kinds of classification and clustering methods

6
Natural immune system computer security

• Important properties of natural immune systems
• Multilayered protection
• Highly distributed detector
• Effector
• Memory system
• Diversity of detection ability across individuals
• Inexact matching strategies
• Sensitivity to most new foreign patterns

7
To be continued!
8
References

• 1. Stephanie Forrest, Steven A. Hofmeyr, Anil
  Somayaji. A Sense of Self for Unix Processes.
• 2. Wenke Lee and Salvatore J. Stolfo, data
  mining approaches for intrusion detection, in
  proceeding of the 7th USENIX Security Symposium,
  1998.
• 3. Steven Andrew Hofmeyr, An Immunological
  Model of Distributed Detection and Its
  Application to Computer Security D, Department
  of computer science, University of new Mexico,
  Albuquerque, NM,1999.
• 4. Anup K Ghosh, James Wanken, Frank Charron.
  Detecting anomalous and unknown intrusion against
  programsC. In proceeding of the 1998 Annual
  Computer Security Applications Conference(ACSAC98
  ),1998.
• 5. ??, ??, ???. ?????????????J, ????????,
  2002.18(146).
• 6. ???, ???. ????????J. ????????, p49, Vol
  22, No 2, 2000.
• 7. Herve DEBAR, Monique Becker, Didier Siboni.
  A. Neural Network Component for an intrusion
  detection System. IEEE Symposium on Security and
  Privacy. Oakland, California IEEE Computer
  Society 1992256-266
• 8. C.R. Gent, C.P. Sheppard. Predicting time
  series by a fully corrected neural network
  trained by back propagation J. Computing and
  control Engineering Journal,199212(5)123127.
• 9. Anup K Ghosh, Aaron Schwartzbard, Michel
  Schatz, et al. Learning Program behavior profile
  for intrusion detection and network monitoring,
  Santa Clara, CA IEEE Computer society,1999912.
• 10. Cannady. Artificial Neural network for
  misuse detection C. In proceeding of the 1998
  National information system security
  conference(NISSC98), Arlington, VA,
  1998443-456.