In this paper, we discuss the design and engineering of a biologically-inspired, host-based intrusion detection system to protect computer networks. To this end, we have implemented an Artificial Immune System (AIS) that mimics the behavior of the biological adaptive immune system. The proposed AIS, consists of a number of running artificial white blood cells, which search, recognize, store and deny anomalous requests on individual hosts. The model monitors the system through analysing the set of parameters to provide a general information on its state — ill or not. When some parameters are discovered to have anomalous values, then the artificial immune system takes a proper action. To prove the effectiveness of the suggested model, an exhaustive test on the AIS is conducted, using a server running Apache, Mysql and OpenSSH, and results are reported. Four types of attacks were tested: remote buffer overflow, Distributed Denial of Service (DDOS), port scanning, and dictionary-attack. The test proved that our definition of self/non-self system components is quite effective in protecting host-based systems.

Intrusion Detection via Artificial Immune System: a Performance-based Approach / A. Visconti, N. Fusi, H. Tahayori - In: Biologically-Inspired Collaborative Computing / [a cura di] M. Hinchey, A. Pagnoni, F. J. Rammig, H. Schmeck. - Boston : Springer, 2008. - ISBN 9780387096544. - pp. 125-135 (( Intervento presentato al 20. convegno IFIP World Computer Congress tenutosi a Milano nel 2008.

Intrusion Detection via Artificial Immune System: a Performance-based Approach

A. Visconti
Primo
;
H. Tahayori
Ultimo
2008

Abstract

In this paper, we discuss the design and engineering of a biologically-inspired, host-based intrusion detection system to protect computer networks. To this end, we have implemented an Artificial Immune System (AIS) that mimics the behavior of the biological adaptive immune system. The proposed AIS, consists of a number of running artificial white blood cells, which search, recognize, store and deny anomalous requests on individual hosts. The model monitors the system through analysing the set of parameters to provide a general information on its state — ill or not. When some parameters are discovered to have anomalous values, then the artificial immune system takes a proper action. To prove the effectiveness of the suggested model, an exhaustive test on the AIS is conducted, using a server running Apache, Mysql and OpenSSH, and results are reported. Four types of attacks were tested: remote buffer overflow, Distributed Denial of Service (DDOS), port scanning, and dictionary-attack. The test proved that our definition of self/non-self system components is quite effective in protecting host-based systems.
danger
Settore INF/01 - Informatica
2008
IFIP
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
chp%3A10.1007%2F978-0-387-09655-1_12.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 199.6 kB
Formato Adobe PDF
199.6 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/43885
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 1
social impact