A computer security system is typically tasked with identifying an intrusion, which is defined as a set of actions that attempt to compromise, “the integrity, confidentiality, or availability of any resources provided by a computing system” [1] An attack on a computer system plays out in a series of sequential events, the granularity of which can vary drastically depending on the type of exploit. An intrusion detection system is tasked with monitoring a system or systems in order to look for these events as indicators of potential malicious behavior. Computer intrusion detection can be provided via signatures which describe the actions associated with an attack. In a world with constantly evolving threats combined with unique new attack vectors, maintaining signatures for every individual piece of malware becomes unwieldy. This is especially true in the mobile realm, where the additional processing power and battery capacity needed to handle high numbers of signatures adversely impacts the user experience and overall platform speed. As mobile devices become increasingly computer-like, complete with similar vulnerabilities and ever-increasing connectivity, their attractiveness to attackers has increased. Efficiently detecting threats across devices on a mobile network This paper introduces the Mobile Network Defense (MND), a lightweight intrusion detection system. MND is biologically-modeled on the behavior of a population of ants, giving it many advantages over traditional security measures. Each ant in the virtual colony has the ability to detect one specic metric of the current state of a computer. In combination, the results of these simple tests can point to specic attacks, while the dynamic nature of the MND offers performance benets over the traditional static setup. This paper will demonstrate how the biologically-modeled MND offers a 34% improvement in detection time over other agent-based systems, and provides more efficient intrusion detection platform than a static model with respect to CPU utilization, making the system attractive for use across many types of mobile devices.
[1]
Errin W. Fulp,et al.
High-speed packet filtering utilizing stream processors
,
2009,
Defense + Commercial Sensing.
[2]
A. Householder,et al.
Computer attack trends challenge Internet security
,
2002
.
[3]
Arthur B. Maccabe,et al.
The architecture of a network level intrusion detection system
,
1990
.
[4]
Dan Farmer,et al.
Forensic Discovery
,
2004
.
[5]
Errin W. Fulp,et al.
Towards Optimal Firewall Rule Ordering Utilizing Directed Acyclical Graphs
,
2009,
2009 Proceedings of 18th International Conference on Computer Communications and Networks.
[6]
Jeffrey O. Kephart,et al.
The Vision of Autonomic Computing
,
2003,
Computer.
[7]
Glenn A. Fink,et al.
Mixed-Initiative Cyber Security: Putting humans in the right loop
,
2009
.
[8]
Piet Demeester,et al.
AntNET: ACO routing algorithm in practice
,
2006
.
[9]
Luca Maria Gambardella,et al.
Ant Algorithms for Discrete Optimization
,
1999,
Artificial Life.
[10]
John Mark Agosta,et al.
An adaptive anomaly detector for worm detection
,
2007
.
[11]
Marco Dorigo,et al.
Distributed Optimization by Ant Colonies
,
1992
.