TAT-NIDS: An Immune-Based Anomaly Detection Architecture for Network Intrusion Detection

One emergent, widely used metaphor and rich source of inspiration for computer security has been the vertebrate Immune System (IS). This is mainly due to its intrinsic nature of having to constantly protect the body against harm inflicted by external (non-self) harmful entities. The bridge between metaphor and the reality of new practical systems for anomaly detection is cemented by recent biological advancements and new proposed theories on the dynamics of immune cells by the field of theoretical immunology. In this paper we present a work in progress research on the deployment of an immune-inspired architecture, based on Grossman’s Tunable Activation Threshold (TAT) hypothesis, for temporal anomaly detection, where there is a strict temporal ordering on the data, such as network intrusion detection. We start by briefly describing the overall architecture. Then, we present some preliminary results obtained in a production network. Finally, we conclude by presenting the main lines of research we intend to pursue in the near future.

[1]  Claudia Eckert,et al.  On the appropriateness of negative selection defined over Hamming shape-space as a network intrusion detection system , 2005, 2005 IEEE Congress on Evolutionary Computation.

[2]  James C. Foster,et al.  Intrusion Detection Systems , 2004 .

[3]  F. Burnet The clonal selection theory of acquired immunity , 1959 .

[4]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Andrew R. Baker,et al.  Snort 2.1 intrusion detection , 2004 .

[6]  R. Vance,et al.  Cutting Edge Commentary: A Copernican Revolution? Doubts About the Danger Theory1 , 2000, The Journal of Immunology.

[7]  Z. Grossman,et al.  Tuning of activation thresholds explains flexibility in the selection and development of T cells in the thymus. , 1996, Proceedings of the National Academy of Sciences of the United States of America.

[8]  Uwe Aickelin,et al.  Danger Theory: The Link between AIS and IDS? , 2003, ICARIS.

[9]  Peter J. Bentley,et al.  An evaluation of negative selection in an artificial immune system for network intrusion detection , 2001 .

[10]  Julie Greensmith,et al.  Immune system approaches to intrusion detection – a review , 2004, Natural Computing.

[11]  Jonathan Timmis,et al.  Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[12]  João Pedro Pedroso,et al.  Simple Metaheuristics Using the Simplex Algorithm for Non-linear Programming , 2007, SLS.

[13]  Dejan Milutinovic,et al.  Immunological self-tolerance: lessons from mathematical modeling , 2005 .

[14]  P. Matzinger The Danger Model: A Renewed Sense of Self , 2002, Science.