A New Model for Dynamic Intrusion Detection

Building on the concepts and the formal definitions of self, nonself, antigen, and detector introduced in the research of network intrusion detection, the dynamic evolution models and the corresponding recursive equations of self, antigen, immune-tolerance, lifecycle of mature detectors, and immune memory are presented. Following that, an immune-based model, referred to as AIBM, for dynamic intrusion detection is developed. Simulation results show that the proposed model has several desirable features including self-learning, self-adaption and diversity, thus providing a effective solution for network intrusion detection.

[1]  Tao Li,et al.  An immune based dynamic intrusion detection model , 2005 .

[2]  Andy M. Tyrrell,et al.  A hardware immune system for benchmark state machine error detection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[3]  Thomas Bäck,et al.  An Overview of Evolutionary Computation , 1993, ECML.

[4]  Tao Li,et al.  A New Model of Immune-Based Network Surveillance and Dynamic Computer Forensics , 2005, ICNC.

[5]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[6]  Jonathan Timmis,et al.  Artificial immune systems as a novel soft computing paradigm , 2003, Soft Comput..

[7]  F. Azuaje Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[8]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[10]  Stephanie Forrest,et al.  Immunity by design: an artificial immune system , 1999 .

[11]  Jonathan Timmis,et al.  Artificial immune systems - a new computational intelligence paradigm , 2002 .

[12]  A.M. Tyrell,et al.  Computer know thy self!: a biological way to look at fault-tolerance , 1999, Proceedings 25th EUROMICRO Conference. Informatics: Theory and Practice for the New Millennium.

[13]  Patrik D'haeseleer,et al.  An immunological approach to change detection: theoretical results , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[14]  G. Weisbuch,et al.  Immunology for physicists , 1997 .

[15]  Dipankar Dasgupta,et al.  Immunity-Based Intrusion Detection System: A General Framework , 1999 .

[16]  Stephanie Forrest,et al.  Principles of a computer immune system , 1998, NSPW '97.

[17]  Paul Helman,et al.  An immunological approach to change detection: algorithms, analysis and implications , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[18]  Rogério de Lemos,et al.  Negative Selection: How to Generate Detectors , 2002 .

[19]  Andrew M. Tyrrell Computer Know Thy Self!: A Biological Way to Look at Fault-Tolerance , 1999, EUROMICRO.

[20]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[21]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[22]  Tao Li,et al.  An immunity based network security risk estimation , 2005, Science in China Series F: Information Sciences.