Kolmogorov complexity estimates for detection of viruses in biologically inspired security systems: A comparison with traditional approaches

This article presents results in two mutually complementary areas: distributed immunological information assurance and a new signature-matching technique based on Kolmogorov Complexity. This article introduces a distributed model for security based on biological paradigms of epidemiology and immunology. In this model each node in the network has an immune system that identifies and destroys pathogens in the incoming network traffic as well as files resident on the node. The network nodes present a collective defense to the pathogens by working symbiotically and sharing pathogen information with each other. Each node compiles a list of pathogens that are perceived as threats by using information provided from all the nodes in the network. The signatures for these pathogens are incorporated into the detector population of the immune systems to increase the probability of detection. Critical to the success of this system is the detection scheme, which should not only be accurate but also efficient. Three separate schemes for detecting pathogens are examined, namely, contiguous string matching, Hamming distance, and Kolmogorov Complexity. This work provides a model of the system and examines the efficiency of different detection schemes. A simulation model is built to study the sensitivity of model parameters, such as signature length, sampling rate, and network topology, to detection of pathogens.

[1]  F. Burnet A modification of jerne's theory of antibody production using the concept of clonal selection , 1976, CA: a cancer journal for clinicians.

[2]  William I. Gasarch,et al.  Book Review: An introduction to Kolmogorov Complexity and its Applications Second Edition, 1997 by Ming Li and Paul Vitanyi (Springer (Graduate Text Series)) , 1997, SIGACT News.

[3]  Jeffrey O. Kephart,et al.  Biologically Inspired Defenses Against Computer Viruses , 1995, IJCAI.

[4]  A. Perelson,et al.  Predicting the size of the T-cell receptor and antibody combining region from consideration of efficient self-nonself discrimination. , 1993, Proceedings of the National Academy of Sciences of the United States of America.

[5]  Alan S. Perelson,et al.  A Change-Detection Algorithm Inspired by the Immune System , 1995 .

[6]  Jerne Nk Towards a network theory of the immune system. , 1974 .

[7]  John H. Holland,et al.  Properties of the bucket brigade algorithm , 1985 .

[8]  William Hugh Murray,et al.  The application of epidemiology to computer viruses , 1988, Comput. Secur..

[9]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Robert Ghanea-Hercock Resilient and adaptive defense of computing networks , 2003, Complex..

[11]  Stephanie Forrest,et al.  John Holland’s Invisible Hand: An Artificial Immune System , 1999 .

[12]  Stephen F. Bush,et al.  Information assurance through Kolmogorov complexity , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[13]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Victor A. Skormin,et al.  BASIS: A Biological Approach to System Information Security , 2001, MMM-ACNS.

[15]  石黒 章夫 Emergent Construction of Artificial Immune Networks for Autonomous Mobile Robots , 1997 .

[16]  Jeffrey O. Kephart,et al.  A biologically inspired immune system for computers , 1994 .

[17]  Peter J. Bentley,et al.  Negative selection and niching by an artificial immune system for network intrusion detection , 1999 .

[18]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[19]  Jongsoo Lee,et al.  GA BASED SIMULATION OF IMMUNE NETWORKS APPLICATIONS IN STRUCTURAL OPTIMIZATION , 1997 .

[20]  Albert-László Barabási,et al.  Error and attack tolerance of complex networks , 2000, Nature.

[21]  Richard S. Rosenberg,et al.  Computer Crime and Security , 2004 .

[22]  Stephen F. Bush,et al.  Genetically induced communication network fault tolerance , 2003, Complex..

[23]  Victor A. Skormin,et al.  Pattern recognition by immunocomputing , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[24]  John H. Holland,et al.  Properties of the Bucket Brigade , 1985, ICGA.

[25]  G. Oster,et al.  Theoretical studies of clonal selection: minimal antibody repertoire size and reliability of self-non-self discrimination. , 1979, Journal of theoretical biology.

[26]  Alan S. Perelson,et al.  Using Genetic Algorithms to Explore Pattern Recognition in the Immune System , 1993, Evolutionary Computation.

[27]  Stephen F. Bush,et al.  Active virtual network management prediction: complexity as a framework for prediction, optimization, and assurance , 2002, Proceedings DARPA Active Networks Conference and Exposition.

[28]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[29]  N K Jerne,et al.  Towards a network theory of the immune system. , 1973, Annales d'immunologie.

[30]  John E. Hunt,et al.  Learning using an artificial immune system , 1996 .

[31]  Ming Li,et al.  An Introduction to Kolmogorov Complexity and Its Applications , 2019, Texts in Computer Science.

[32]  C. Colwill,et al.  Information Assurance , 2001 .

[33]  Paul Helman,et al.  An immunological approach to change detection: algorithms, analysis and implications , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[34]  Jon Timmis,et al.  Jisys: The Envelopment of an Artificial Immune System for Real World Applications , 1999 .

[35]  Dipankar Dasgupta,et al.  An immunochip architecture and its emulation , 2002, Proceedings 2002 NASA/DoD Conference on Evolvable Hardware.

[36]  Stephanie Forrest,et al.  Immunity by design: an artificial immune system , 1999 .

[37]  Hawoong Jeong,et al.  Modeling the Internet's large-scale topology , 2001, Proceedings of the National Academy of Sciences of the United States of America.

[38]  M. Newman,et al.  Epidemics and percolation in small-world networks. , 1999, Physical review. E, Statistical physics, plasmas, fluids, and related interdisciplinary topics.

[39]  Paul M. B. Vitányi,et al.  The miraculous universal distribution , 1997 .

[40]  Eric R. Zieyel Operations research : applications and algorithms , 1988 .

[41]  Alan S. Perelson,et al.  The immune system, adaptation, and machine learning , 1986 .

[42]  A S Perelson,et al.  Pattern formation in one- and two-dimensional shape-space models of the immune system. , 1992, Journal of theoretical biology.

[43]  Stephen F. Bush,et al.  Active Networks and Active Network Management: A Proactive Management Framework , 2001 .

[44]  Y. Ishida,et al.  An immune algorithm for multiagent: application to adaptive noise neutralization , 1996, Proceedings of IEEE/RSJ International Conference on Intelligent Robots and Systems. IROS '96.

[45]  Stephen F. Bush,et al.  Complexity-Based Information Assurance , 2001 .

[46]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .