A Prototype for Network Intrusion Detection System using Danger Theory
DOI:
https://doi.org/10.11113/jt.v73.4196Keywords:
Network intrusion detection system, anomaly detection, danger theoryAbstract
Network Intrusion Detection System (NIDS) is considered as one of the last defense mechanisms for any organization. NIDS can be broadly classified into two approaches: misuse-based detection and anomaly-based detection. Misuse-based intrusion detection builds a database of the well-defined patterns of the attacks that exploit weaknesses in systems and network protocols, and uses that database to identify the intrusions. Although this approach can detect all the attacks included in the database, it leads to false negative errors where any new attack not included in that database can’t be detected. The other approach is the anomaly-based NIDS which is developed to emulate the Human Immune System (HIS) and overcome the limitation of the misuse-based approach. The anomaly-based detection approach is based on Negative Selection (NS) mechanism. NS is based on building a database of the normal self patterns, and identifying any pattern not included in that database as a non-self pattern and hence the intrusion is detected. Unfortunately, NS concept has also its drawbacks. Although any attack pattern can be detected as a non-self pattern and this leads to low false negative rate, non-self patterns would not necessarily indicate the existence of intrusions. So, NS has a high false positive error rate caused from that assumption. Danger Theory (DT) is a new concept in HIS, which shows that the response mechanism in HIS is more complicated and beyond the simple NS concept. So, is it possible to utilize the DT to minimize the high false positive detection rate of NIDS? This paper answers this question by developing a prototype for NIDS based on DT and evaluating that prototype using DARPA99 Intrusion Detection dataset. Â
References
Julie Greensmith, U. A., and Steve Cayzer. 2005. Introducing Dendritic Cells as a Novel Immune-Inspired Algorithm for Anomaly Detection. In Proceedings ICARIS-2005, 4th International Conference on Artificial Immune Systems. Canada, 2005: Springer-Verlag, Banff.
Ren Hui Gong, M. Z., and Purang Abolmaesumi. 2005. A Software Implementation of a Genetic Algorithm Based Approach to Network Intrusion Detection. Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.
R. Heady, G. L., A. Maccabe, and M. Servilla. 1990. The Architecture of a Network Level Intrusion Detection System, Technical Report. Department of Computer Science, University of New Mexico.
Ma, P. 2003. Log Analysis-Based Intrusion Detection via Unsupervised Learning. Master Thesis, University of Edinburgh.
Jungwon Kim, P. J. B., Uwe Aickelin, Julie Greensmith, Gianni Tedesco And Jamie Twycross. 2007. Immune System Approaches to Intrusion Detection-A Review. Natural Computing.
Ajith Abraham, R. J., Johnson Thomas, and Sang Yong Han. 2007. D-SCIDS Distributed Soft Computing Intrusion Detection System. Journal of Network and Computer Applications.
Aickelin, J. G. a. U. 2007. Dendritic Cells for SYN Scan Detection. Proceedings of the 9th Annual conference on Genetic and Evolutionary Computation.
Hofmeyr S, F.S. 2000. Architecture for an AIS. Evolutionary Computation.
J, Northcutt S and Novak. 2003. Network Intrusion Detection. 3rd ed. New Riders.
Aickelin U, C. S. 2002. The Danger Theory and Its Application to AIS. 1st International Conference on AIS.
Aickelin, U. B. P., Cayzer, S., Kim, J. and McLeod. J. 2003. Danger Theory: The Link between AIS and IDS. In: Proceedings of the Second International Conference on Artificial Immune Systems (ICARIS-03).
Fu, H. Y., Xiguo Hu, and Liping. 2007. Design of a Four-layer Model Based on Danger Theory and AIS for IDS. International Conference on Wireless Communications, Networking and Mobile Computing.
Forrest, S., P. A., Allen, L. and Cherukuri, R. 1994. Self-Nonself Discrimination in a Computer. In: Proceedings of the 1994 IEEE Symposium on Security and Privacy.
Harmer, P. K., W. P., Gunsch, G. H. and Lamont, G. B. 2002. An Artificial Immune System Architecture for Computer Security Applications. IEEE Transactions on Evolutionary Computation.
Harmer, P. K., W. P., Gunsch, G. H. and Lamont, G. B. 2002. An Artificial Immune System Architecture for Computer Security Applications. IEEE Transactions on Evolutionary Computation.
Dasgupta, F. G. a. D. 2002. An Imunogenetic Technique to Detect Anomalies in Network Traffic. Proceedings of the Genetic and Evolutionary Computation Conference. Morgan Kaufmann Publishers: New York.
González, D. D. a. F. 2002. An Immunity-Based Technique to Characterize Intrusions in Computer Networks. IEEE Transactions on Evolutionary Computation.
Gomez, J, G. F. a. D. D. 2003. An Immuno-fuzzy Approach to Anomaly Detection. In: Proceedings of the 12th IEEE International Conference on Fuzzy Systems (FUZZIEEE).
M. Burgess. 1998. Computer Immunology. In: Proceeding of the Systems Administration Conference (LISA-98).
Kim, J., G. J., Twycross, J. and Aickelin, U. 2005.Malicious Code Execution Detection and Response Immune System inpired by the Danger Theory. Adaptive and Resilient Computing Security Workshop (ARCS-05).
Anukool Lakhina, M. C. a. C. D. 2004. Characterization of Network-wide Anomalies in Traffic Flows. Proceedings of the 4th ACM SIGCOMM conference on Internet measurement.
Paul, Barford, J. K., David Plonka and Amos Ron. 2002. A Signal Analysis of Network Traffic Anomalies. Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement.
Downloads
Published
Issue
Section
License
Copyright of articles that appear in Jurnal Teknologi belongs exclusively to Penerbit Universiti Teknologi Malaysia (Penerbit UTM Press). This copyright covers the rights to reproduce the article, including reprints, electronic reproductions, or any other reproductions of similar nature.