A Hybrid Model for Immune Inspired Network Intrusion Detection

This paper introduces a hybrid model for network intrusion detection that combines artificial immune system methods with conventional information security methods. The Network Threat Recognition with Immune Inspired Anomaly Detection, or NetTRIIAD, model incorporates misuse-based intrusion detection and network monitoring applications into an innate immune capability inspired by the immunological Danger Model. Experimentation on a prototype NetTRIIAD implementation demonstrates improved detection accuracy in comparison with misuse-based intrusion detection. Areas for future investigation and improvement to the model are also discussed.

[1]  Uwe Aickelin,et al.  libtissue - implementing innate immunity , 2006, 2006 IEEE International Conference on Evolutionary Computation.

[2]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[3]  Julie Greensmith,et al.  Articulation and Clarification of the Dendritic Cell Algorithm , 2006, ICARIS.

[4]  F. Azuaje Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[5]  Vinod Yegneswaran,et al.  Internet intrusions: global characteristics and prevalence , 2003, SIGMETRICS '03.

[6]  Uwe Aickelin,et al.  Integrating Innate and Adaptive Immunity for Intrusion Detection , 2006, ICARIS.

[7]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[8]  Jonathan Timmis,et al.  Artificial immune systems - a new computational intelligence paradigm , 2002 .

[9]  Jay Beale,et al.  Snort 2.1 Intrusion Detection, Second Edition , 2004 .

[10]  Zvi Galil,et al.  Data structures and algorithms for disjoint set union problems , 1991, CSUR.

[11]  Julie Greensmith,et al.  Malicious Code Execution Detection and Response Immune System inspired by the Danger Theory , 2010, ArXiv.

[12]  P. Matzinger,et al.  Essay 1: The Danger Model in Its Historical Context , 2001, Scandinavian journal of immunology.

[13]  Claudia Eckert,et al.  On the appropriateness of negative selection defined over Hamming shape-space as a network intrusion detection system , 2005, 2005 IEEE Congress on Evolutionary Computation.

[14]  Peter J. Bentley,et al.  An artificial immune model for network intrusion detection , 1999 .

[15]  Julie Greensmith,et al.  Introducing Dendritic Cells as a Novel Immune-Inspired Algorith for Anomoly Detection , 2005 .

[16]  Andrew R. Baker,et al.  Snort 2.1 intrusion detection , 2004 .

[17]  P. Matzinger The Danger Model: A Renewed Sense of Self , 2002, Science.

[18]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[19]  Gaia Maselli Design and Implementation of an Anomaly Detection System: an Empirical Approach , 2003 .

[20]  Julie Greensmith,et al.  Dendritic Cells for Anomaly Detection , 2006, 2006 IEEE International Conference on Evolutionary Computation.

[21]  Moshe Sipper,et al.  The preservation of favored building blocks in the struggle for fitness: the puzzle algorithm , 2004, IEEE Transactions on Evolutionary Computation.

[22]  Julie Greensmith,et al.  Immune System Approaches to Intrusion Detection - A Review , 2004, ICARIS.

[23]  Uwe Aickelin,et al.  Danger Theory: The Link between AIS and IDS? , 2003, ICARIS.

[24]  Uwe Aickelin,et al.  Towards a Conceptual Framework for Innate Immunity , 2005, ICARIS.

[25]  Uwe Aickelin,et al.  The Danger Theory and Its Application to Artificial Immune Systems , 2008, ArXiv.

[26]  Polly Matzinger,et al.  Friendly and dangerous signals: is the tissue in control? , 2007, Nature Immunology.

[27]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[28]  P. Matzinger Tolerance, danger, and the extended family. , 1994, Annual review of immunology.

[29]  Vinod Yegneswaran,et al.  Toward a Query Language for Network Attack Data , 2006, 22nd International Conference on Data Engineering Workshops (ICDEW'06).