Towards a Classifying Artificial Immune System for Web Server Attacks

Classic artificial immune systems for security provide only a simple binary classification of "attack" versus "normal". This work explores expanding an artificial immune system for web server requests into a classifying system that can categorize the attack as one of several common attack categories. Classification can provide a system administrator with an indication of the severity of the attack and can help direct attack mitigation. This work shows promise at the task of classifying web server attacks, but still requires some fine-tuning to get the best performance.

[1]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Kevin P. Anchor,et al.  CDIS: Towards a Computer Immune System for Detecting Network Intrusions , 2001, Recent Advances in Intrusion Detection.

[3]  Stephanie Forrest,et al.  Principles of a computer immune system , 1998, NSPW '97.

[4]  Karl N. Levitt,et al.  Models for threat assessment in networks , 2006 .

[5]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[6]  Karl N. Levitt,et al.  Immune System Model for Detecting Web Server Attacks , 2003, ICMLA.

[7]  Stephanie Forrest,et al.  Immunity by design: an artificial immune system , 1999 .