An artificial immunity-based proactive defense system

As so many novel network-based attacking behaviors have emerged in the Internet, it is increasingly difficult to protect the security of the network with traditional defense facilities, such as the Firewall and IDS. To solve this problem, a new multi-layers architecture of Artificial Immunity-Based Proactive Defense System (AIPDS) is put forward in this paper, which consists of detection layer, defense layer and user layer. According to the grown-up course of the B-Cells and T-cells in human lymphatic tissues, a B-Detector and T-Detector is designed to identify the unknown intrusions and the training algorithm of the Detector has also been given. Finally, a testing is done to prove that the AIPDS has an advantage over the traditional IDS.

[1]  Henry L. Owen,et al.  Using Honeynets to Protect Large Enterprise Networks , 2004, IEEE Secur. Priv..

[2]  N K Jerne,et al.  Towards a network theory of the immune system. , 1973, Annales d'immunologie.

[3]  John Hale,et al.  A systematic approach to multi-stage network attack analysis , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..

[4]  Matt Holdrege,et al.  IP Network Address Translator (NAT) Terminology and Considerations , 1999, RFC.

[5]  Dipankar Dasgupta,et al.  Immunity-Based Intrusion Detection System: A General Framework , 1999 .

[6]  Jerne Nk Towards a network theory of the immune system. , 1974 .

[7]  Yoshiki Uchikawa,et al.  A gait acquisition of a 6-legged robot using immune networks , 1994, Proceedings of IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS'94).

[8]  Fabio A. González,et al.  A comparative analysis of artificial immune network models , 2005, GECCO '05.

[9]  L. Segel,et al.  Design Principles for the Immune System and Other Distributed Autonomous Systems , 2001 .

[10]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[11]  Jonathan Timmis,et al.  Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[12]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.