TAT-NIDS: An Immune-Based Anomaly Detection Architecture for Network Intrusion Detection

Antunes, Mário; Correia, Manuel

doi:10.1007/978-3-540-85861-4_8

Mário Antunes¹ &
Manuel Correia²

Part of the book series: Advances in Soft Computing ((AINSC,volume 49))

715 Accesses
4 Citations

Summary

One emergent, widely used metaphor and rich source of inspiration for computer security has been the vertebrate Immune System (IS). This is mainly due to its intrinsic nature of having to constantly protect the body against harm inflicted by external (non-self) harmful entities. The bridge between metaphor and the reality of new practical systems for anomaly detection is cemented by recent biological advancements and new proposed theories on the dynamics of immune cells by the field of theoretical immunology. In this paper we present a work in progress research on the deployment of an immune-inspired architecture, based on Grossman’s Tunable Activation Threshold (TAT) hypothesis, for temporal anomaly detection, where there is a strict temporal ordering on the data, such as network intrusion detection. We start by briefly describing the overall architecture. Then, we present some preliminary results obtained in a production network. Finally, we conclude by presenting the main lines of research we intend to pursue in the near future.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 129.00; Price excludes VAT (USA)

Softcover Book: USD 169.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Aickelin, U., Bentley, P., Cayzer, S., Kim, J., McLeod, J.: Danger theory: The link between ais and ids? In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 147–155. Springer, Heidelberg (2003)
Google Scholar
Beale, J., Caswell, B.: Snort 2.1 Intrusion Detection. Syngress (2004)
Google Scholar
Burmester, G.R., Pezzuto, A.: Color Atlas of Immunology. Thieme Medical Publishers (2003)
Google Scholar
Burnet, F.M.: The Clonal Selection Theory of Acquired Immunity. Vanderbilt University Press (1959)
Google Scholar
Carneiro, J., Paixão, T., Milutinovic, D., Sousa, J., Leon, K., Gardner, R., Faro, J.: Immunological self-tolerance: Lessons from mathematical modeling. Journal of Computational and Applied Mathematics 184(1), 77–100 (2005)
Article MATH MathSciNet Google Scholar
de Castro, L.N., Timmis, J.: Artificial Immune Systems: A New Computational Intelligence Approach. Springer, Heidelberg (2002)
MATH Google Scholar
Forrest, S., Perelson, A.S., Allen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In: Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, pp. 201–212 (1994)
Google Scholar
Grossman, Z., Singer, A.: Tuning of activation thresholds explains flexibility in the selection and development of t cells in the thymus (1996)
Google Scholar
Kim, J., Bentley, P.: An evaluation of negative selection in an artificial immune system for network intrusion detection. In: Genetic and Evolutionary Computation Conference 2001, pp. 1330–1337 (2001)
Google Scholar
Kim, J., Bentley, P., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune system approaches to intrusion detection - a review. Natural computing (2007)
Google Scholar
Matzinger, P.: The Danger Model: A Renewed Sense of Self. Science’s STKE 296(5566), 301–305 (2002)
Google Scholar
Pedroso, J.P.: Simple Metaheuristics Using the Simplex Algorithm for Non-linear Programming. In: Stützle, T., Birattari, M., H. Hoos, H. (eds.) SLS 2007. LNCS, vol. 4638, p. 217. Springer, Heidelberg (2007)
Chapter Google Scholar
Stibor, T., Timmis, J., Eckert, C.: On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system. The 2005 IEEE Congress on Evolutionary Computation 2 (2005)
Google Scholar
Vance, R.E.: Cutting edge commentary: A copernican revolution? doubts about the dangertheory. The Journal of Immunology 165, 1725–1728 (2000)
Google Scholar

Download references

Author information

Authors and Affiliations

School of Technology and Management, Polytechnic Institute of Leiria, Alto do Vieiro, 2411-901, Leiria, Portugal
Mário Antunes
Faculty of Sciences, University of Porto, Rua do Campo Alegre 1021/1055, 4169-007, Porto, Portugal
Manuel Correia

Authors

Mário Antunes
View author publications
You can also search for this author in PubMed Google Scholar
Manuel Correia
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Juan M. Corchado Juan F. De Paz Miguel P. Rocha Florentino Fernández Riverola

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Antunes, M., Correia, M. (2009). TAT-NIDS: An Immune-Based Anomaly Detection Architecture for Network Intrusion Detection. In: Corchado, J.M., De Paz, J.F., Rocha, M.P., Fernández Riverola, F. (eds) 2nd International Workshop on Practical Applications of Computational Biology and Bioinformatics (IWPACBB 2008). Advances in Soft Computing, vol 49. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85861-4_8

Download citation

DOI: https://doi.org/10.1007/978-3-540-85861-4_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85860-7
Online ISBN: 978-3-540-85861-4
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics