Citation
Hall, John M., Deborah A. Frincke, An Architecture for Intrusion Detection Modeled After the Human Immune System, Presented at CCCT 2003 in the Computer and Systems Security session.Abstract
We propose a novel architecture for an immunological network intrusion detection system, Immune System Network Intrusion Detection System (ISNIDS), suitable for inclusion in a broader-based multi-enterprise misuse management system. This paper will discuss the architecture, prototype, testing, and lessons learned from ISNIDS, as well as outlining the strategy for integration with a distributed/collaborative misuse management system.
This paper compares the prototype with a similar rule based system in both live and isolated conditions. The live testing was geared toward evaluating the number of false alarms generated under normal conditions. The isolated testing was geared toward evaluating the number of attacks missed under attack conditions. Each detection scheme detected six of the eight implemented attacks. ISNIDS missed one of two masquerading attacks and one password guessing attack. The rule-based system missed both masquerading attacks. As expected, this indicates that the two types of systems could effectively augment each other. The immune-based IDS offers considerable promise as traditional detection methods also have difficulty recognizing masquerading type attacks.
Keywords
Intrusion Detection System, Immunology, Anomaly Detection, Hummer, ISNIDSDownload
(Full Text in PDF) (Presentation in PDF)BibTex Entry
@inproceedings{Hall2003:ISNIDS,
author = "John M. Hall and Deborah A. Frincke",
title = "An Architecture for Intrusion Detection Modeled After the Human Immune System",
booktitle = "Proceedings of the International Conference on Computer, Communication and Control Technologies",
year = "2003",
volume = "6",
pages = "75--78",
url = "http://www.johnmhall.net/research/immunology/CCCT2003/isnids.html" }