Abstract
The paper extends the intrusion detection methodology proposed by Tarakanov et al. in [8] to k-dimensional shape spaces, for k greater or equal 2. k real vectors, representing antibodies, are used to recognize malicious (or, non-self) connection logs. We suggest a method for recognizing antigens (generating such antibodies) via Singular Value Decomposition of a real-valued matrix obtained by preprocessing a database of connection logs [9]. New incoming connection requests are recognized by the antibodies as either self (normal request), or non-self (potential attack), by (a) mapping them into a k-dimensional shape space, and (b) evaluating the minimum Hamming distance between their image and that of a known attack logs. It is easy to see that using a shape space of dimension greater than 2 significantly reduces false positives.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
De Castro, L.N., Timmis, J.: Artificial Immune System: a new computational intelligence paradigm. Springer, New York (2002)
D’haeseleer, P., Forrest, S., Helman, P.: An immunological approach to change detection: algorithms, analysis and implication. In: Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy. IEEE Computer Society Press, Los Alamitos (1996)
Esponda, F., Forrest, S., Helman, P.: Positive and Negative Detection. IEEE Transaction on System, Man, and Cybernetics, downloaded from the internet (2004) (in press), http://www.cs.unm.edu/~forrest/isapapers.htm
Forrest, S., Hofmeyr, S., Somayaji, A.: Computer immunology. Communication of ACM 40(10), 88–96 (1997)
Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for UNIX processes. In: Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy. IEEE Press, Los Alamitos (1996)
Forrest, S., Perelson, A., Aleen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In: Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos (1994)
Hofmeyr, S., Forrest, S.: Architecture for an Artificial Immune System. Evolutionary Computation 7(1) (2000)
Tarakanov, A.O., Skormin, V.A., Sokolova, S.P.: Immunocomputing: Principles and Applications. Springer, New York (2003)
KDD Cup 1999 Data Set, downloaded from the internet, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Mykerjee, B., Heberlein, T.L., Levitt, K.N.: Network Intrusion Detection. IEEE Network 8(3) (1994)
Pagnoni, A., Visconti, A.: An Innate Immune System for the Protection of Computer Networks. In: Baltes, B.R., et al. (eds.) Information and Communication Technologies. ACM International Conference Proceedings Series (2005) ISBN 0-9544145-6-X
Horn, R., Johnson: Matrix Analisys. Cambridge University Press, Cambridge (1986)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pagnoni, A., Visconti, A. (2006). Profiling Network Attacks Via AIS. In: Apolloni, B., Marinaro, M., Nicosia, G., Tagliaferri, R. (eds) Neural Nets. WIRN NAIS 2005 2005. Lecture Notes in Computer Science, vol 3931. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11731177_34
Download citation
DOI: https://doi.org/10.1007/11731177_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33183-4
Online ISBN: 978-3-540-33184-1
eBook Packages: Computer ScienceComputer Science (R0)