Download Artificial Immunity-based Intrusion Detection System

Artificial Immunity-based Intrusion
Detection System
Associate Prof. Fang Xian-jin
Computer School of AUST
Background
- With the development of computer and
network technology, information security is
becoming very significant.
- Solution: Data encryption, Authentication,
Authorization and Access control, Digital
Signature, Firewall, Intrusion Detection
System, VPN, Anti-virus technology.
Background
- Firewall is the first line of security defense,
but it can’t prevent attack from intranet.
- IDS can provide real time detection and
implement defense strategy, its main purpose
is to deal with inner attack.
Intrusion Detection System
- What is the IDS?
Input
normal
Intrusion
Detection
Anomalous
Input can be OS log, network data packet,
application system log, firewall log, etc.
Intrusion Detection System
- General study methodology in IDS
 Misuse detection
It is a rule-based detection technology, namely, p-best. The
related technology is pattern matching algorithm.
 Anomaly detection
it is a activity-based detection technology. Firstly ,normal
activity profile is created, and then comparing the deviation
amplitude between input activity and normal activity profile.
the following methods are used to study IDS:
•
•
•
•
•
•
•
Statistic method [1]
Data mining method [2]
Artificial Immunity System[3]
Artificial neural network[4][5]
Fuzzy expert system[6]
P-best (product-based expert system tool-kit)
All kinds of classification and clustering methods
Natural immune system & computer
security
Important properties of natural immune
systems:
- Multilayered protection
- Highly distributed detector
- Effector
- Memory system
- Diversity of detection ability across individuals
- Inexact matching strategies
- Sensitivity to most new foreign patterns
To be continued!
References
[1]. Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji. A Sense of Self for Unix Processes.
[2]. Wenke Lee and Salvatore J. Stolfo, data mining approaches for intrusion detection, in:
proceeding of the 7th USENIX Security Symposium, 1998.
[3]. Steven Andrew Hofmeyr, An Immunological Model of Distributed Detection and Its Application to
Computer Security [D], Department of computer science, University of new Mexico, Albuquerque,
NM,1999.
[4]. Anup K Ghosh, James Wanken, Frank Charron. Detecting anomalous and unknown intrusion against
programs[C]. In: proceeding of the 1998 Annual Computer Security Applications
Conference(ACSAC’98),1998.
[5]. 宋歌, 闫巧, 喻建平. 神经网络在异常检测中的应用[J], 计算机工程与应用, 2002.18(146).
[6]. 李之棠, 杨红云. 模糊入侵检测模型[J]. 计算机工程与科学, p49, Vol 22, No 2, 2000.
[7]. Herve DEBAR, Monique Becker, Didier Siboni. A. Neural Network Component for an intrusion
detection System. IEEE Symposium on Security and Privacy. Oakland, California: IEEE Computer
Society 1992:256-266
[8]. C.R. Gent, C.P. Sheppard. Predicting time series by a fully corrected neural network trained by back
propagation [J]. Computing and control Engineering Journal,1992:12(5):123~127.
[9]. Anup K Ghosh, Aaron Schwartzbard, Michel Schatz, et al. Learning Program behavior profile for
intrusion detection and network monitoring, Santa Clara, CA IEEE Computer society,1999:9~12.
[10]. Cannady. Artificial Neural network for misuse detection [C]. In: proceeding of the 1998 National
information system security conference(NISSC’98), Arlington, VA, 1998:443-456.