Distributed Network Intrusion Detection Systems: An Artificial Immune System Approach

Intrusion detection is the identification of unauthorized use, misuse, and abuse of computer system infrastructures by both system insiders and external intruders. Detecting intrusion in distributed network from outside network segment as well as from inside is a difficult problem. Network based Intrusion Detection System (NIDS) must analyze a large volume of data while not placing a significant added load on the monitoring systems and networks. This paper presents a framework for a distributed network intrusion detection system (dNIDS) based on the artificial immune system concept. In this framework, an adaptive immune mechanism through unsupervised machine learning methods is proposed to classify network traffic into either normal ("self") and suspicious profiles ("non-self") respectively. Experimentally, our approach distributes the NIDS among all connected network segments, allowing NIDS in each segment to identify potential threats individually and enabling the sharing of identified threat vectors between the communicating distributed NIDSs. Analysis of the technique for distribution of this information about threat vectors is presented.

[1]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[2]  Dipankar Dasgupta,et al.  Immunological Computation: Theory and Applications , 2008 .

[3]  Ajith Abraham,et al.  Distributed Intrusion Detection Systems: A Computational Intelligence Approach , 2008 .

[4]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[5]  Somesh Jha,et al.  Fusion and Filtering in Distributed Intrusion Detection Systems , 2004 .

[6]  S. P. Shantharajah,et al.  A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms , 2015 .

[7]  Julie Greensmith,et al.  Sensing Danger: Innate Immunology for Intrusion Detection , 2007, Inf. Secur. Tech. Rep..

[8]  Aref EshghiShargh Using Artificial Immune System on Implementation of Intrusion Detection Systems , 2009, 2009 Third UKSim European Symposium on Computer Modeling and Simulation.

[9]  Sureswaran Ramadass,et al.  Distributed Agent Based Model for Intrusion Detection System Based on Artificial Immune System , 2013 .

[10]  Reza Azmi,et al.  MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach , 2014, Eng. Appl. Artif. Intell..

[11]  Julie Greensmith,et al.  Greensmith, Julie and Aickelin, Uwe and Cayzer, Steve (2005) 'Introducing Dendritic Cells as a Novel Immune- Inspired Algorithm for Anomaly Detection'. In: ICARIS- , 2017 .

[12]  Idris Bharanidharan Shanmugam,et al.  Hybrid intelligent Intrusion Detection System , 2005 .

[13]  P. Matzinger Tolerance, danger, and the extended family. , 1994, Annual review of immunology.

[14]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[15]  Mohamed M. K. Elhaj,et al.  A multi-layer network defense system using artificial immune system , 2013, 2013 INTERNATIONAL CONFERENCE ON COMPUTING, ELECTRICAL AND ELECTRONIC ENGINEERING (ICCEEE).