Immunity-Inspired Host-Based Intrusion Detection Systems

Artificial immune system (AIS) is applied to intrusion detection systems (IDS). An IDS inspired by the danger theory of human immune system is proposed. The intelligence behind IDS is based on the functionality of dendritic cells in human immune systems and the danger theory. Antigens are profiles of system calls while corresponding behaviors are regarded as signals. This IDS is based on the dual detections of DC agent for signals and TC agent for antigen, where each agent coordinates with other to calculate danger value (DV). According to DVs, immune response for malicious behaviors is activated by either computer host or Security Operating Center.

[1]  Julie Greensmith,et al.  The DCA: SOMe comparison , 2008, Evol. Intell..

[2]  Na Wang,et al.  Multi-agents Artificial Immune System (MAAIS) Inspired by Danger Theory for Anomaly Detection , 2007, 2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007).

[3]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[4]  P. Matzinger Tolerance, danger, and the extended family. , 1994, Annual review of immunology.

[5]  Chenggong Zhang,et al.  A danger theory inspired artificial immune algorithm for on-line supervised two-class classification problem , 2010, Neurocomputing.

[6]  Julie Greensmith,et al.  Detecting Danger: The Dendritic Cell Algorithm , 2010, ArXiv.

[7]  Yiwen Liang,et al.  Integrating Innate and Adaptive Immunity for Worm Detection , 2009, 2009 Second International Workshop on Knowledge Discovery and Data Mining.