This paper presents an evaluation of exhaustive testing of NAIS, a native artificial immune system for the protection of computer networks. NAIS is a network intrusion detection system inspired by the biological innate, or native, immune system. NAIS is based on a few observations. In the first place, malicious users very often try to gain superuser privileges by exploiting process bugs. In the second place, most network intrusions take place while server administrators are not connected to the server, and cannot control the running processes. In the third place, more and more often LAN administrators try to protect their networks from some of the damage caused by intrusions by running different services on different machines. NAIS runs on mono-service servers. It consists of a collection of digital macrophages that scan the network for dangerous non-self processes, and kill them right away. Our testing of NAIS proved: (a) the absence of autoimmune threats to the hosting system (no risk that the immune system attacks the system it is supposed to protect), and (b) a strong, and reliable discrimination between intrusive (non-self) and regular (self) system processes.
Testing of Native Immune System for the Protection of Computer Networks / A. Visconti - In: Proceedings of the IADIS International Conference WWW / Internet 2005 / [a cura di] Pedro Isaías. - Lisbon : IADIS Press, 2005. - ISBN 972-8924-02-X. - pp. 283-288 (( convegno IADIS International Conference Applied Computing 2005 tenutosi a Lisbon, Portugal nel 2005.
Testing of Native Immune System for the Protection of Computer Networks
A. ViscontiPrimo
2005
Abstract
This paper presents an evaluation of exhaustive testing of NAIS, a native artificial immune system for the protection of computer networks. NAIS is a network intrusion detection system inspired by the biological innate, or native, immune system. NAIS is based on a few observations. In the first place, malicious users very often try to gain superuser privileges by exploiting process bugs. In the second place, most network intrusions take place while server administrators are not connected to the server, and cannot control the running processes. In the third place, more and more often LAN administrators try to protect their networks from some of the damage caused by intrusions by running different services on different machines. NAIS runs on mono-service servers. It consists of a collection of digital macrophages that scan the network for dangerous non-self processes, and kill them right away. Our testing of NAIS proved: (a) the absence of autoimmune threats to the hosting system (no risk that the immune system attacks the system it is supposed to protect), and (b) a strong, and reliable discrimination between intrusive (non-self) and regular (self) system processes.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
