In this paper, we discuss the design and engineering of a biologically-inspired, host-based intrusion detection system to protect computer networks. To this end, we have implemented an Artificial Immune System (AIS) that mimics the behavior of the biological adaptive immune system. The proposed AIS, consists of a number of running artificial white blood cells, which search, recognize, store and deny anomalous requests on individual hosts. The model monitors the system through analysing the set of parameters to provide a general information on its state — ill or not. When some parameters are discovered to have anomalous values, then the artificial immune system takes a proper action. To prove the effectiveness of the suggested model, an exhaustive test on the AIS is conducted, using a server running Apache, Mysql and OpenSSH, and results are reported. Four types of attacks were tested: remote buffer overflow, Distributed Denial of Service (DDOS), port scanning, and dictionary-attack. The test proved that our definition of self/non-self system components is quite effective in protecting host-based systems.
Intrusion Detection via Artificial Immune System: a Performance-based Approach / A. Visconti, N. Fusi, H. Tahayori - In: Biologically-Inspired Collaborative Computing / [a cura di] M. Hinchey, A. Pagnoni, F. J. Rammig, H. Schmeck. - Boston : Springer, 2008. - ISBN 9780387096544. - pp. 125-135 (( Intervento presentato al 20. convegno IFIP World Computer Congress tenutosi a Milano nel 2008.
Intrusion Detection via Artificial Immune System: a Performance-based Approach
A. ViscontiPrimo
;H. TahayoriUltimo
2008
Abstract
In this paper, we discuss the design and engineering of a biologically-inspired, host-based intrusion detection system to protect computer networks. To this end, we have implemented an Artificial Immune System (AIS) that mimics the behavior of the biological adaptive immune system. The proposed AIS, consists of a number of running artificial white blood cells, which search, recognize, store and deny anomalous requests on individual hosts. The model monitors the system through analysing the set of parameters to provide a general information on its state — ill or not. When some parameters are discovered to have anomalous values, then the artificial immune system takes a proper action. To prove the effectiveness of the suggested model, an exhaustive test on the AIS is conducted, using a server running Apache, Mysql and OpenSSH, and results are reported. Four types of attacks were tested: remote buffer overflow, Distributed Denial of Service (DDOS), port scanning, and dictionary-attack. The test proved that our definition of self/non-self system components is quite effective in protecting host-based systems.
| File | Dimensione | Formato | |
|---|---|---|---|
|
chp%3A10.1007%2F978-0-387-09655-1_12.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
199.6 kB
Formato
Adobe PDF
|
199.6 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
