A Novel Immune Detection Approach Enhanced by Attack Graph Based Correlation

Artificial immune systems (AIS) are computational intelligence inspired by the human biological immune system. The AIS four main algorithms are negative selection, clonal selection, immune network, and danger theory. This paper incorporates the AIS approach to develop an agent-based detection method to analyze network traffic. The system works with an attack graph based correlation technique. This technique can improve detection performance by decreasing false alerts. This work was tested for denial of service (DoS), remote to local (R2L), user to root (U2R) and probe attack classes. Results have shown the addition of the correlation technique can aid to the detection performance of AIS detection systems.

[1]  Azuan Ahmad,et al.  CloudIDS: Cloud Intrusion Detection Model Inspired by Dendritic Cell Mechanism , 2017, Int. J. Commun. Networks Inf. Secur..

[2]  Heejo Lee,et al.  Flooding DDoS mitigation and traffic management with software defined networking , 2015, 2015 IEEE 4th International Conference on Cloud Networking (CloudNet).

[3]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[4]  Ridwan Nur Wibowo,et al.  NSL-KDD Dataset , 2019 .

[5]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[6]  Воробьев Антон Александрович Анализ уязвимостей вычислительных систем на основе алгебраических структур и потоков данных National Vulnerability Database , 2013 .

[7]  Raj Acharya,et al.  An immune inspired unsupervised intrusion detection system for detection of novel attacks , 2016, 2016 IEEE Conference on Intelligence and Security Informatics (ISI).

[8]  Rahmi Khoirani Common Vulnerability and Exposures (CVE) , 2018 .

[9]  C. Janeway,et al.  The complement system and innate immunity , 2001 .

[10]  Reza Azmi,et al.  MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach , 2014, Eng. Appl. Artif. Intell..

[11]  H. Kim,et al.  A SDN-oriented DDoS blocking scheme for botnet-based attacks , 2014, 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN).

[12]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[13]  Mohamed M. K. Elhaj,et al.  A multi-layer network defense system using artificial immune system , 2013, 2013 INTERNATIONAL CONFERENCE ON COMPUTING, ELECTRICAL AND ELECTRONIC ENGINEERING (ICCEEE).

[14]  Jérôme Darmont,et al.  Adaptive Network Intrusion Detection Learning: Attribute Selection and Classification , 2009 .

[15]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[16]  Pei-Chann Chang,et al.  A population-based incremental learning approach with artificial immune system for network intrusion detection , 2016, Eng. Appl. Artif. Intell..

[17]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[18]  Richard Lippmann,et al.  Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation , 2000, Recent Advances in Intrusion Detection.

[19]  Ahmed Toumanari,et al.  Security analysis as software-defined security for SDN environment , 2017, 2017 Fourth International Conference on Software Defined Systems (SDS).

[20]  Christoph Meinel,et al.  A New Alert Correlation Algorithm Based on Attack Graph , 2011, CISIS.

[21]  V. Kishore Babu Detection of Probe Attacks Using Machine Learning Techniques , 2015 .

[22]  Tarek N. Saadawi,et al.  Distributed Network Intrusion Detection Systems: An Artificial Immune System Approach , 2016, 2016 IEEE First International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE).

[23]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[24]  C. S. Ravichandran,et al.  Efficient Classifier for R2L and U2R Attacks , 2012 .