Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
GECCO HUMIES - 2008 Immune-inspired Network Intrusion Detection System (i-NIDS) M. Zubair Shafiq1, Syed Ali Khayam2, Muddassar Farooq1 1 Next Generation Intelligent Networks Research Center 2 School of Electrical Engineering & Computer Sciences National University of Computer & Emerging Sciences National University of Sciences & Technology Islamabad, Pakistan Rawalpindi, Pakistan http://www.nexginrc.org http://wisnet.niit.edu.pk Introduction Simple Human competitive Human^ machine competitive 2 Unfortunately, most computer viruses are not so courteous! 3 Estimated Damage (in billions of US Dollars) 55 Thousands Threat numbers show the story of what’s happening? 600 500 Number of new threats Total threats 400 300 200 25 12.1 17.1 13.2 100 0 1999 2000 2001 2002 2003 4 These are Commercial Software… Norton AV Command AV McAfee AV Chernobyl1.4 Not detected Not detected Not detected F0sf0r0 Not detected Not detected Not detected Hare Not detected Not detected Not detected Z0mbie-6.b Not detected Not detected Not detected Signature matching! Size of signature database cannot scale! Inability to detect zero-day (novel) attacks! 5 Motivation for current work A self-healing, self-defending and living artificial immune system Proactive defense against zero-day attacks Mapping concepts from A-life and evolution 6 Immune inspired Network Intrusion Detection System Alarm Output Network Traffic Stream Intelligent Statistical Features 1. Memory of Markov Chain 2. Multi resolution session rate 3. Entropy of IP address 4. Divergence of port distribution Adaptive Immune System/ Innate Immune System 1. Negative Selection 2. Dendritic Cell Algorithm 7 Human^machine Competitive Results Detector TP rate (%) FP rate (%) [Classical Bio-inspired Detector] Naïve RVNS 53.5 7.9 [Classical Bio-inspired Detector] Naïve DCA 61.6 5.8 [State-of-the-art Statistical Detector] Rate Limiting 84.4 1.4 [State-of-the-art Statistical Detector] Maximum Entropy 83.1 4.2 [Immune inspired NIDS] i-RVNS 94.9 0.2 [Immune inspired NIDS] i-DCA 94.6 0.1 8 Engineered System Traffic PBTS Application Layer PBSP-App WBFC Application Layer Features-App BCM Application Layer Features-Trans BCM Transport Layer Features-Net BCM Network Layer Features-DL BCM Datalink Layer Decision Feedback Patent pending Traffic PBTS Transport Layer PBSP-Trans WBFC Transport Layer Decision Feedback Network Protocol Stack (Client Machine) Traffic PBTS Network Layer PBSP-Net WBFC Network Layer Decision Feedback Traffic PBTS Datalink Layer PBSP-DL WBFC Datalink Layer Decision Feedback Complete version will be ready in 1 year time; free download Keys : PBTS : Policy Based Traffic Sniffer WBFC : Window Based Feature Computers BCM : Binary Classifier Module US$200,000 grant to develop the final product from the National ICT R&D fund, Government of Pakistan 9 Why the best? In a nutshell… 1. Hard problem in hard domain; impossible for a human to solve 2. Evolved system better than human developed, commercial antivirus software 3. Evolved system better than state-of-the-art statistical malware detectors 4. Hybrid of statistical-immune detectors; best of both worlds 5. Engineered product; open-source initiative 10 Publications A Comparative Study of Fuzzy Inference Systems, Neural Networks and Adaptive Neuro Fuzzy Inference Systems for Portscan Detection M. Zubair Shafiq, Muddassar Farooq and Syed Ali Khayam In M. Giacobini et al.(Eds.), Proceedings of Applications of Evolutionary Computing, EvoWorkshops 2007 (EuroGP-EvoCoMnet), Volume 4974 of Lecture Notes in Computer Science, pp. 48–57, Springer Verlag, Napoli, Italy, March,2008. (BEST PAPER NOMINATION) Improving the Accuracy of Immune-inspired Malware Detectors by using Intelligent Features M. Zubair Shafiq, Syed Ali Khayam and Muddassar Farooq In Genetic and Evolutionary Conference (GECCO), July, 2008, Atlanta, USA. 11 12