This paper presents design, implementation, and testing of NAIS, an artificial immune system for the protection of computer networks. Inspired by the biological innate immune system, NAIS consists of a collection of digital macrophages that scan the network for dangerous non-self processes, and kill them. NAIS is based on the observation that all significant network attacks are preceded by preparatory small-scale intrusions meant to gather the necessary information – information on servers and operating systems, logins, weak passwords, ill-installed or poorly maintained services, etc. This information is used to bypass the network’s defense barriers – access controls, firewalls – and to gain access to the machine before it is attacked. Such preparatory intrusions do not generate new processes, however the subsequent, actual intrusion will. Such processes will be recognized as non-self by the digital macrophages run by NAIS, and killed right away, thus defusing the attack. Telling illegal new processes from legal ones is a difficult matter, and amounts to providing a strong definition of non-self process. Our testing of NAIS proved our definition to be quite effective in protecting networks of one-service computers.
An innate immune system for the protection of computer networks / A. Pagnoni, A. Visconti - In: Proceedings of the 4th International symposium on information and communication technologies : Cape Town International Convention Center, Cape Town, South Africa, January 3rd - 6th, 2005 / [a cura di] Beate R. Baltes. - Dublin : Computer Science Press, 2005. - ISBN 0-9544145-6-X. - pp. 63-68 (( Intervento presentato al 4. convegno International symposium on information and communication technologies tenutosi a Cape Town nel 2005.
An innate immune system for the protection of computer networks
A. PagnoniPrimo
;A. ViscontiUltimo
2005
Abstract
This paper presents design, implementation, and testing of NAIS, an artificial immune system for the protection of computer networks. Inspired by the biological innate immune system, NAIS consists of a collection of digital macrophages that scan the network for dangerous non-self processes, and kill them. NAIS is based on the observation that all significant network attacks are preceded by preparatory small-scale intrusions meant to gather the necessary information – information on servers and operating systems, logins, weak passwords, ill-installed or poorly maintained services, etc. This information is used to bypass the network’s defense barriers – access controls, firewalls – and to gain access to the machine before it is attacked. Such preparatory intrusions do not generate new processes, however the subsequent, actual intrusion will. Such processes will be recognized as non-self by the digital macrophages run by NAIS, and killed right away, thus defusing the attack. Telling illegal new processes from legal ones is a difficult matter, and amounts to providing a strong definition of non-self process. Our testing of NAIS proved our definition to be quite effective in protecting networks of one-service computers.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
