Abstract
This paper introduces a hybrid model for network intrusion detection that combines artificial immune system methods with conventional information security methods. The Network Threat Recognition with Immune Inspired Anomaly Detection, or NetTRIIAD, model incorporates misuse-based intrusion detection and network monitoring applications into an innate immune capability inspired by the immunological Danger Model. Experimentation on a prototype NetTRIIAD implementation demonstrates improved detection accuracy in comparison with misuse-based intrusion detection. Areas for future investigation and improvement to the model are also discussed.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aickelin, U., Bentley, P., Kim, J., McLeod, J., Cayzer, S.: Danger Theory: The Link between AIS and IDS? In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 147–155. Springer, Heidelberg (2003)
Aickelin, U., Cayzer, S.: The Danger Theory and Its Application to Artificial Immune Systems. In: 1st International Conference on Artificial Immune Systems (ICARIS 2002), University of Kent, Canterbury, UK, pp. 141–148 (2002)
Beale, J., Caswell, B., Kohlenberg, T., Poor, M.: Snort 2.1 Intrusion Detection. Syngress Publishing, Rockland (2004)
Chen, B.C., Yegneswaran, V., Barford, P., Ramakrishnan, R.: Toward a Query Language for Network Attack Data. In: 22nd International Conference on Data Engineering Workshops (ICDEW 2006), pp. 28–36. IEEE Press, New York (2006)
DeCastro, L., Timmis, J.: Artificial Immune Systems: A New Computational Intelligence Approach. Springer, Heidelberg (2002)
Deri, L., Suin, S., Maselli, G.: Design and Implementation of an Anomaly Detection System: an Empirical Approach. In: TERENA Network Conference, Zagreb, Croatia (2003)
Forrest, S., Hofmeyr, S.A., Somayaji, A.: Computer immunology. Communications of the ACM 40(10), 88–96 (1997)
Galil, Z., Italiano, G.F.: Data structures and algorithms for disjoint set union problems. ACM Computing Surveys 23(3), 319–344 (1991)
Galstad, E.: Nagios Home Page (2007), http://www.nagios.org
Greensmith, J., Aickelin, U., Cayzer, S.: Introducing Dendritic Cells as a Novel Immune-Inspired Algorithm for Anomaly Detection. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 153–167. Springer, Heidelberg (2005)
Greensmith, J., Aickelin, U., Twycross, J.: Articulation and Clarification of the Dendritic Cell Algorithm. In: Bersini, H., Carneiro, J. (eds.) ICARIS 2006. LNCS, vol. 4163, pp. 404–417. Springer, Heidelberg (2006)
Greensmith, J., Twycross, J., Aickelin, U.: Dendritic Cells for Anomaly Detection. In: Proceedings of the IEEE Congress on Evolutionary Computation (CEC 2006). IEEE Press, Vancouver (2006)
Hofmeyr, S.A., Forrest, S.: Architecture for an Artificial Immune System. IEEE Transactions on Evolutionary Computation 8(4), 443–473 (2000)
Kim, J., Bentley, P.: An Artificial Immune Model for Network Intrusion Detection. In: 7th European Congress on Intelligent Techniques and Soft Computing. Aachen (1999)
Kim, J., Bentley, P.J.: Towards an Artificial Immune System for Network Intrusion Detection: An Investigation of Dynamic Clonal Selection. In: IEEE Congress on Evolutionary Computation (CEC 2001), pp. 1244–1252. IEEE Press, New York (2002)
Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune system approaches to intrusion detection – a review. Natural Computing 6(4), 413–466 (2007)
Kim, J., Greensmith, J., Twycross, J., Aickelin, U.: Malicious Code Execution Detection and Response Immune System Inspired by the Danger Theory. In: Adaptive and Resilient Computing Security Workshop, Santa Fe, NM (2005)
Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks 34, 579–595 (2000)
Matzinger, P.: Tolerance, Danger, and the Extended Family. Annual Review of Immunology 12, 991–1045 (1994)
Matzinger, P.: The Danger Model in Its Historical Context. Scandanavian Journal of Immunology 54, 4–9 (2001)
Matzinger, P.: The Danger Model: A Renewed Sense of Self. Science 296, 301–305 (2002)
Matzinger, P.: Friendly and dangerous signals: is the tissue in control? Nature Immunology 8(1), 11–13 (2007)
Snort: Snort - The Open Source Network Intrusion Detection System (2007), http://www.snort.org
Stibor, T., Timmis, J., Eckert, C.: On the Appropriateness of Negative Selection Defined Over Hamming Shape-Space as a Network Intrusion Detection System. In: IEEE Congress on Evolutionary Computation (CEC 2005), pp. 995–1002. IEEE Press, New York (2005)
Tedesco, G., Twycross, J., Aickelin, U.: Integrating Innate and Adaptive Immunity for Intrusion Detection. In: Bersini, H., Carneiro, J. (eds.) ICARIS 2006. LNCS, vol. 4163, pp. 193–202. Springer, Heidelberg (2006)
Twycross, J., Aickelin, U.: Towards a Conceptual Framework for Innate Immunity. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 112–125. Springer, Heidelberg (2005)
Twycross, J., Aickelin, U.: Libtissue - Implementing Innate Immunity. In: IEEE Congress on Evolutionary Computation (CEC 2006), pp. 499–506. IEEE Press, New York (2006)
Yegneswaran, V., Barford, P., Ullrich, J.: Internet Intrusions: Global Characteristics and Prevalence. In: ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, pp. 138–147. ACM Press, New York (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fanelli, R.L. (2008). A Hybrid Model for Immune Inspired Network Intrusion Detection. In: Bentley, P.J., Lee, D., Jung, S. (eds) Artificial Immune Systems. ICARIS 2008. Lecture Notes in Computer Science, vol 5132. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85072-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-85072-4_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85071-7
Online ISBN: 978-3-540-85072-4
eBook Packages: Computer ScienceComputer Science (R0)