P2P-AIS: A P2P Artificial Immune Systems architecture for detecting DDoS flooding attacks

The Human Immune System (HIS) plays an important role in protecting the human body from various intruders ranging from naive germs to the most sophisticated viruses. It acts as an Intrusion Detection and Prevention System (IDPS) for the human body and detects anomalies that make the body deviate from its normal behavior. This inspired researchers to build Artificial Immune Systems (AISes) which imitate the behavior of the HIS and are capable of protecting hosts or networks from attacks. An Artificial Immune System (AIS) is capable of detecting novel attacks because it is trained to differentiate between the normal behavior (self) and the abnormal behavior (non-self) during a tolerization (i.e training) period. Although several AISes have been proposed, only a few make use of collaborative approaches. In this paper we propose P2P-AIS, a P2P approach for AISes in which peers exchange intrusion detection experience in order to enhance attack detection and mitigation. P2P-AIS implements Chord as a distributed hash table (DHT) protocol to organize the peers.

[1]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[2]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[3]  Angela Orebaugh,et al.  Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) , 2006 .

[4]  Tansu Alpcan,et al.  A Cooperative AIS Framework for Intrusion Detection , 2007, 2007 IEEE International Conference on Communications.

[5]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[6]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[7]  P. Helman,et al.  A formal framework for positive and negative detection schemes , 2004, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[8]  Ngoc Thanh Nguyen,et al.  Agent-Based Approach for Distributed Intrusion Detection System Design , 2006, International Conference on Computational Science.

[9]  Harald Niederreiter,et al.  Random number generation and Quasi-Monte Carlo methods , 1992, CBMS-NSF regional conference series in applied mathematics.

[10]  Nahid Shahmehri,et al.  A Trust-Aware, P2P-Based Overlay for Intrusion Detection , 2006, 17th International Workshop on Database and Expert Systems Applications (DEXA'06).

[11]  Fabio A. González,et al.  CIDS: An agent-based intrusion detection system , 2005, Comput. Secur..

[12]  Paul Helman,et al.  An immunological approach to change detection: algorithms, analysis and implications , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[13]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[14]  Jarmo Mölsä,et al.  Mitigating denial of service attacks: A tutorial , 2005, J. Comput. Secur..

[15]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[16]  Carla E. Brodley,et al.  Temporal sequence learning and data reduction for anomaly detection , 1998, CCS '98.

[17]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[18]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[19]  Qi Zhang,et al.  Indra: a peer-to-peer approach to network intrusion detection and prevention , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..