Abstract
The paper extends the intrusion detection methodology proposed by Tarakanov et al. in [8] to k-dimensional shape spaces, for k greater or equal 2. k real vectors, representing antibodies, are used to recognize malicious (or, non-self) connection logs. We suggest a method for recognizing antigens (generating such antibodies) via Singular Value Decomposition of a real-valued matrix obtained by preprocessing a database of connection logs [9]. New incoming connection requests are recognized by the antibodies as either self (normal request), or non-self (potential attack), by (a) mapping them into a k-dimensional shape space, and (b) evaluating the minimum Hamming distance between their image and that of a known attack logs. It is easy to see that using a shape space of dimension greater than 2 significantly reduces false positives.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
De Castro, L.N., Timmis, J.: Artificial Immune System: a new computational intelligence paradigm. Springer, New York (2002)
D’haeseleer, P., Forrest, S., Helman, P.: An immunological approach to change detection: algorithms, analysis and implication. In: Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy. IEEE Computer Society Press, Los Alamitos (1996)
Esponda, F., Forrest, S., Helman, P.: Positive and Negative Detection. IEEE Transaction on System, Man, and Cybernetics, downloaded from the internet (2004) (in press), http://www.cs.unm.edu/~forrest/isapapers.htm
Forrest, S., Hofmeyr, S., Somayaji, A.: Computer immunology. Communication of ACM 40(10), 88–96 (1997)
Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for UNIX processes. In: Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy. IEEE Press, Los Alamitos (1996)
Forrest, S., Perelson, A., Aleen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In: Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos (1994)
Hofmeyr, S., Forrest, S.: Architecture for an Artificial Immune System. Evolutionary Computation 7(1) (2000)
Tarakanov, A.O., Skormin, V.A., Sokolova, S.P.: Immunocomputing: Principles and Applications. Springer, New York (2003)
KDD Cup 1999 Data Set, downloaded from the internet, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Mykerjee, B., Heberlein, T.L., Levitt, K.N.: Network Intrusion Detection. IEEE Network 8(3) (1994)
Pagnoni, A., Visconti, A.: An Innate Immune System for the Protection of Computer Networks. In: Baltes, B.R., et al. (eds.) Information and Communication Technologies. ACM International Conference Proceedings Series (2005) ISBN 0-9544145-6-X
Horn, R., Johnson: Matrix Analisys. Cambridge University Press, Cambridge (1986)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pagnoni, A., Visconti, A. (2006). Profiling Network Attacks Via AIS. In: Apolloni, B., Marinaro, M., Nicosia, G., Tagliaferri, R. (eds) Neural Nets. WIRN NAIS 2005 2005. Lecture Notes in Computer Science, vol 3931. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11731177_34
Download citation
DOI: https://doi.org/10.1007/11731177_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33183-4
Online ISBN: 978-3-540-33184-1
eBook Packages: Computer ScienceComputer Science (R0)