A hybrid artificial immune and mobile agent intrusion detection based model for computer network operations

Agent based models are the natural extension of the Ising or cellular automata-like models which have been used in the past decades to simulate various physical phenomena. By taking advantages of the main features of such models, coupled with nature based models such as artificial immune systems we present a novel artificial immune and agent based intrusion detection model for large computer networks Our solution is based upon several security levels event based model, and a simple computational abstraction where an anomaly detection technique is designed to monitor the users' registrations to the operational targeted system, e.g., UNIX-like implementation. In our model, the events' generation model is processed using the Unix Syslog-ng tool, the events' analysis using the Logcheck tool, while the activities of the users and the execution of the both reactive and pro-active events' activities are implemented within an artificial immune and mobile agent based infrastructure. We have implemented and designed our model to differentiate among attacks, security violations, and several other security levels. In this paper we present our model, and show how mobile agent and artificial immune paradigms can be used to design efficient intrusion detection systems. We also discuss the validation of our model followed by a set of experiments we have carried out to evaluate the performance of our model using realistic case studies.

[1]  Stephanie Forrest,et al.  Immunity by design: an artificial immune system , 1999 .

[2]  Jeffrey O. Kephart,et al.  A biologically inspired immune system for computers , 1994 .

[3]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[4]  Azzedine Boukerche,et al.  An artificial immune based intrusion detection model for computer and telecommunication systems , 2004, Parallel Comput..

[5]  Azzedine Boukerche,et al.  Human immune anomaly and misuse based detection for computer system operations: part II , 2003, Proceedings International Parallel and Distributed Processing Symposium.

[6]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[7]  Peter J. Bentley,et al.  The Artificial Immune System for Network Intrusion Detection : An Investigation of Clonal Selection with a Negative Selection Operator , 2001 .

[8]  Stephanie Forrest,et al.  Principles of a computer immune system , 1998, NSPW '97.

[9]  Azzedine Boukerche,et al.  Behavior-Based Intrusion Detection in Mobile Phone Systems , 2002, J. Parallel Distributed Comput..

[10]  Jonathan Timmis Artificial immune systems : a novel data analysis technique inspired by the immune network theory , 2000 .

[11]  Peter J. Bentley,et al.  An evaluation of negative selection in an artificial immune system for network intrusion detection , 2001 .

[12]  S. Forrest,et al.  Immunology as Information Processing , 2001 .

[13]  Sandeep Kumar,et al.  Classification and detection of computer intrusions , 1996 .