Immunizing Computer Networks : Getting All the Machines in Your Network to Fight the Hacker Disease

This paper introduces a method of distributed network intru sion detection which scales with the number of computers on a network and is tunable (the probabil ity of detection can be traded off against overhead). Experiments with real network traffic show that t e system has high detection rates for several common routes of intrusion, and low false-positive rates un der normal behavior. The method can easily be extended to accommodate dynamically changing definition s of ormal behavior (for example, adding a host to the network) and to remember known patterns of intru sion.

[1]  Biswanath Mukherjee,et al.  A network security monitor , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Craig Hunt TCP/IP Network Administration , 1992 .

[3]  Alan S. Perelson,et al.  Probability of Self-Nonself Discrimination , 1992 .

[4]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[5]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[7]  Paul Helman,et al.  An immunological approach to change detection: algorithms, analysis and implications , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[8]  Patrik D'haeseleer,et al.  An immunological approach to change detection: theoretical results , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.