An Approach for Adaptive Intrusion Prevention Based on The Danger

Current approaches to intrusion detection are generally based on the observation of only one source of information such as network traffic, system calls, resource usage etc. However, we would get a more precise conclusion about the incident of intrusion if we used the entire available information. We are going to present an approach to an intrusion prevention system (IPS) which is inspired by the danger theory of immunology and tries to solve this problem by analyzing more sources of information. In this paper we will show how to link the entities which participate in the interactions described by this theory with components of the operating system for synthesizing of IPS. Well also introduce a technique inspired by the clonal selection mechanism of the human immune system which links the anomaly behavior of system processes with received network traffic and can generate new signatures of network intrusions on the fly

[1]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[2]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[3]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[4]  Uwe Aickelin,et al.  Danger Theory: The Link between AIS and IDS? , 2003, ICARIS.

[5]  Peter J. Bentley,et al.  An evaluation of negative selection in an artificial immune system for network intrusion detection , 2001 .

[6]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[7]  Matthew M. Williamson,et al.  Biologically Inspired Approaches to Computer Security , 2002 .

[8]  Stephanie Forrest,et al.  Automated response using system-call delays , 2000 .

[9]  Julie Greensmith,et al.  Immune system approaches to intrusion detection – a review , 2004, Natural Computing.

[10]  Gerard Zwaan,et al.  A taxonomy of keyword pattern matching algorithms , 1992 .

[11]  Pau-Chen Cheng,et al.  BlueBoX: A policy-driven, host-based intrusion detection system , 2003, TSEC.

[12]  Simon M. Garrett,et al.  How Do We Evaluate Artificial Immune Systems? , 2005, Evolutionary Computation.

[13]  Fabio A. González,et al.  Anomaly Detection Using Real-Valued Negative Selection , 2003, Genetic Programming and Evolvable Machines.