A Scaled, Immunological Approach to Anomaly Countermeasures

We discuss the combination of two anomaly detection models, the Linux kernel module pH and cfengine, in order to create a multi-scaled approach to computer anomaly detection with automated response. By examining the time-average data from pH, we find the two systems to be conceptually complementary and to have compatible data models. Based on these findings, we build a simple prototype system and comment on how the same model could be extended to include other anomaly detection mechanisms.

[1]  Jay Lepreau,et al.  Computer System Performance Problem Detection Using Time Series Model , 1993, USENIX Summer.

[2]  Mark Burgess,et al.  A Site Configuration Engine , 1995, Comput. Syst..

[3]  Mark Burgess,et al.  On the theory of system administration , 2000, Sci. Comput. Program..

[4]  Mark Burgess,et al.  Measuring system normality , 2002, TOCS.

[5]  Joseph L. Hellerstein,et al.  An approach to predictive detection for service management , 1999, Integrated Network Management VI. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management. (Cat. No.99EX302).

[6]  Mark Burgess Two Dimensional Time-Series for Anomaly Detection and Regulation in Adaptive Systems , 2002, DSOM.

[7]  Stephanie Forrest,et al.  Principles of a computer immune system , 1998, NSPW '97.

[8]  Mark Burgess Automated system administration with feedback regulation , 1998 .

[9]  Yuri Demchenko,et al.  TERENA'S Incident Object Description and Exchange Format Requirements , 2001, RFC.

[10]  Stephanie Forrest,et al.  Automated response using system-call delays , 2000 .

[11]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[12]  Marcus J. Ranum,et al.  Implementing a generalized tool for network monitoring , 1997, Inf. Secur. Tech. Rep..

[13]  Paul Helman,et al.  An immunological approach to change detection: algorithms, analysis and implications , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.