The paper extends the intrusion detection methodology proposed by Tarakanov et al. in [8] to k-dimensional shape spaces, for k greater or equal 2. k real vectors, representing antibodies, are used to recognize malicious (or, non-self) connection logs. We suggest a method for recognizing antigens (generating such antibodies) via Singular Value Decomposition of a real-valued matrix obtained by preprocessing a database of connection logs [9]. New incoming connection requests are recognized by the antibodies as either self (normal request), or non-self (potential attack), by (a) mapping them into a k-dimensional shape space, and (b) evaluating the minimum Hamming distance between their image and that of a known attack logs. It is easy to see that using a shape space of dimension greater than 2 significantly reduces false positives
Profiling Network Attacks via AIS / A. Pagnoni, A. Visconti (LECTURE NOTES IN COMPUTER SCIENCE). - In: Neural Nets: 16th Italian Workshop on Neural Nets, WIRN 2005, and International Workshop on Natural and Artificial Immune Systems, NAIS 2005 : Vietri sul Mare, Italy, June 8-11, 2005 : Revised Selected PapersBerlin : Springer, 2006. - ISBN 3540331832. - pp. 272-277 (( Intervento presentato al 16. convegno NAIS International Workshop on Natural and Artificial Immune Systems : June, 8th - 11th tenutosi a Vietri sul Mare nel 2005 [10.1007/11731177_34].
Profiling Network Attacks via AIS
A. PagnoniPrimo
;A. ViscontiUltimo
2006
Abstract
The paper extends the intrusion detection methodology proposed by Tarakanov et al. in [8] to k-dimensional shape spaces, for k greater or equal 2. k real vectors, representing antibodies, are used to recognize malicious (or, non-self) connection logs. We suggest a method for recognizing antigens (generating such antibodies) via Singular Value Decomposition of a real-valued matrix obtained by preprocessing a database of connection logs [9]. New incoming connection requests are recognized by the antibodies as either self (normal request), or non-self (potential attack), by (a) mapping them into a k-dimensional shape space, and (b) evaluating the minimum Hamming distance between their image and that of a known attack logs. It is easy to see that using a shape space of dimension greater than 2 significantly reduces false positives
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
