Skip to main content
SpringerLink
Log in
Book cover

International Conference on Artificial Immune Systems

ICARIS 2008: Artificial Immune Systems pp 107–118Cite as

A Hybrid Model for Immune Inspired Network Intrusion Detection

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5132))

Abstract

This paper introduces a hybrid model for network intrusion detection that combines artificial immune system methods with conventional information security methods. The Network Threat Recognition with Immune Inspired Anomaly Detection, or NetTRIIAD, model incorporates misuse-based intrusion detection and network monitoring applications into an innate immune capability inspired by the immunological Danger Model. Experimentation on a prototype NetTRIIAD implementation demonstrates improved detection accuracy in comparison with misuse-based intrusion detection. Areas for future investigation and improvement to the model are also discussed.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aickelin, U., Bentley, P., Kim, J., McLeod, J., Cayzer, S.: Danger Theory: The Link between AIS and IDS? In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 147–155. Springer, Heidelberg (2003)

    Google Scholar 

  2. Aickelin, U., Cayzer, S.: The Danger Theory and Its Application to Artificial Immune Systems. In: 1st International Conference on Artificial Immune Systems (ICARIS 2002), University of Kent, Canterbury, UK, pp. 141–148 (2002)

    Google Scholar 

  3. Beale, J., Caswell, B., Kohlenberg, T., Poor, M.: Snort 2.1 Intrusion Detection. Syngress Publishing, Rockland (2004)

    Google Scholar 

  4. Chen, B.C., Yegneswaran, V., Barford, P., Ramakrishnan, R.: Toward a Query Language for Network Attack Data. In: 22nd International Conference on Data Engineering Workshops (ICDEW 2006), pp. 28–36. IEEE Press, New York (2006)

    Chapter  Google Scholar 

  5. DeCastro, L., Timmis, J.: Artificial Immune Systems: A New Computational Intelligence Approach. Springer, Heidelberg (2002)

    Google Scholar 

  6. Deri, L., Suin, S., Maselli, G.: Design and Implementation of an Anomaly Detection System: an Empirical Approach. In: TERENA Network Conference, Zagreb, Croatia (2003)

    Google Scholar 

  7. Forrest, S., Hofmeyr, S.A., Somayaji, A.: Computer immunology. Communications of the ACM 40(10), 88–96 (1997)

    Article  Google Scholar 

  8. Galil, Z., Italiano, G.F.: Data structures and algorithms for disjoint set union problems. ACM Computing Surveys 23(3), 319–344 (1991)

    Article  Google Scholar 

  9. Galstad, E.: Nagios Home Page (2007), http://www.nagios.org

  10. Greensmith, J., Aickelin, U., Cayzer, S.: Introducing Dendritic Cells as a Novel Immune-Inspired Algorithm for Anomaly Detection. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 153–167. Springer, Heidelberg (2005)

    Google Scholar 

  11. Greensmith, J., Aickelin, U., Twycross, J.: Articulation and Clarification of the Dendritic Cell Algorithm. In: Bersini, H., Carneiro, J. (eds.) ICARIS 2006. LNCS, vol. 4163, pp. 404–417. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. Greensmith, J., Twycross, J., Aickelin, U.: Dendritic Cells for Anomaly Detection. In: Proceedings of the IEEE Congress on Evolutionary Computation (CEC 2006). IEEE Press, Vancouver (2006)

    Google Scholar 

  13. Hofmeyr, S.A., Forrest, S.: Architecture for an Artificial Immune System. IEEE Transactions on Evolutionary Computation 8(4), 443–473 (2000)

    Google Scholar 

  14. Kim, J., Bentley, P.: An Artificial Immune Model for Network Intrusion Detection. In: 7th European Congress on Intelligent Techniques and Soft Computing. Aachen (1999)

    Google Scholar 

  15. Kim, J., Bentley, P.J.: Towards an Artificial Immune System for Network Intrusion Detection: An Investigation of Dynamic Clonal Selection. In: IEEE Congress on Evolutionary Computation (CEC 2001), pp. 1244–1252. IEEE Press, New York (2002)

    Google Scholar 

  16. Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune system approaches to intrusion detection – a review. Natural Computing 6(4), 413–466 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  17. Kim, J., Greensmith, J., Twycross, J., Aickelin, U.: Malicious Code Execution Detection and Response Immune System Inspired by the Danger Theory. In: Adaptive and Resilient Computing Security Workshop, Santa Fe, NM (2005)

    Google Scholar 

  18. Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks 34, 579–595 (2000)

    Article  Google Scholar 

  19. Matzinger, P.: Tolerance, Danger, and the Extended Family. Annual Review of Immunology 12, 991–1045 (1994)

    Google Scholar 

  20. Matzinger, P.: The Danger Model in Its Historical Context. Scandanavian Journal of Immunology 54, 4–9 (2001)

    Article  Google Scholar 

  21. Matzinger, P.: The Danger Model: A Renewed Sense of Self. Science 296, 301–305 (2002)

    Article  Google Scholar 

  22. Matzinger, P.: Friendly and dangerous signals: is the tissue in control? Nature Immunology 8(1), 11–13 (2007)

    Article  Google Scholar 

  23. Snort: Snort - The Open Source Network Intrusion Detection System (2007), http://www.snort.org

  24. Stibor, T., Timmis, J., Eckert, C.: On the Appropriateness of Negative Selection Defined Over Hamming Shape-Space as a Network Intrusion Detection System. In: IEEE Congress on Evolutionary Computation (CEC 2005), pp. 995–1002. IEEE Press, New York (2005)

    Chapter  Google Scholar 

  25. Tedesco, G., Twycross, J., Aickelin, U.: Integrating Innate and Adaptive Immunity for Intrusion Detection. In: Bersini, H., Carneiro, J. (eds.) ICARIS 2006. LNCS, vol. 4163, pp. 193–202. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  26. Twycross, J., Aickelin, U.: Towards a Conceptual Framework for Innate Immunity. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 112–125. Springer, Heidelberg (2005)

    Google Scholar 

  27. Twycross, J., Aickelin, U.: Libtissue - Implementing Innate Immunity. In: IEEE Congress on Evolutionary Computation (CEC 2006), pp. 499–506. IEEE Press, New York (2006)

    Chapter  Google Scholar 

  28. Yegneswaran, V., Barford, P., Ullrich, J.: Internet Intrusions: Global Characteristics and Prevalence. In: ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, pp. 138–147. ACM Press, New York (2003)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information and Computer Science, University of Hawaii at Manoa, Honolulu, HI 96822, USA

    Robert L. Fanelli

Authors
  1. Robert L. Fanelli
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Peter J. Bentley Doheon Lee Sungwon Jung

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fanelli, R.L. (2008). A Hybrid Model for Immune Inspired Network Intrusion Detection. In: Bentley, P.J., Lee, D., Jung, S. (eds) Artificial Immune Systems. ICARIS 2008. Lecture Notes in Computer Science, vol 5132. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85072-4_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85072-4_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85071-7

  • Online ISBN: 978-3-540-85072-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation