Abstract
This paper presents continued experimentation on the Network Threat Recognition with Immune Inspired Anomaly Detection, or NetTRIIAD, model. This hybrid model combines established network monitoring methods with artificial immune system methods to achieve improved performance. The paper presets experiments investigating the model’s performance in detecting novel threats and the performance contribution of the individual components.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aickelin, U., et al.: Danger Theory: The Link between AIS and IDS? In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 147–155. Springer, Heidelberg (2003)
Al-Hammadi, Y., Aickelin, U., Greensmith, J.: The DCA for Bot Detection. In: Proceedings of the IEEE World Congress on Evolutionary Computation 2008 (CEC 2008), pp. 1807–1816. IEEE Press, New York (2008)
Dasgupta, D. (ed.): An Overview of Artificial Immune Systems and Their Applications. Springer, Heidelberg (1998)
Fanelli, R.: A Hybrid Model for Immune Inspired Network Intrusion Detection. In: Bentley, P.J., Lee, D., Jung, S. (eds.) ICARIS 2008. LNCS, vol. 5132, pp. 107–118. Springer, Heidelberg (2008)
Fanelli, R.: Network Threat Detection Utilizing Adaptive and Innate Immune System Metaphors. Dissertation, University of Hawaii (2008)
Forrest, S., Hofmeyr, S.A., Somayaji, A.: Computer immunology. Communications of the ACM 40(10), 88–96 (1997)
Galstad, E.: Nagios Home Page, http://www.nagios.org
Glickman, M., Balthrop, J., Forrest, S.: A Machine Learning Evaluation of an Artificial Immune System. Evolutionary Computation Journal 13(2), 179–212 (2005)
Greensmith, J., Aickelin, U., Cayzer, S.: Introducing Dendritic Cells as a Novel Immune-Inspired Algorithm for Anomaly Detection. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 153–167. Springer, Heidelberg (2005)
Greensmith, J., Aickelin, U.: Dendritic Cells for SYN Scan Detection. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2007), London, pp. 49–56 (2007)
Haines, J.W., et al.: 1999 DARPA Intrusion Detection Evaluation: Design and Procedures, TR-1062, Lincoln Laboratory, Massachusetts Institute of Technology, Lexington, MA (2001)
Hofmeyr, S.A., Forrest, S.: Architecture for an Artificial Immune System. IEEE Transactions on Evolutionary Computation 8(4), 443–473 (2000)
Janeway, C.A.: Immunobiology, 6th edn. Garland Science, New York (2005)
Kim, J., Bentley, P.: Towards an Artificial Immune System for Network Intrusion Detection: An Investigation of Dynamic Clonal Selection. In: Proceedings of the 2001 Congress on Evolutionary Computation (CEC 2001), Seoul, pp. 1244–1252 (2002)
Kim, J.W., et al.: Malicious Code Execution Detection and Response Immune System Inspired by the Danger Theory. In: Proceedings of the Adaptive and Resilient Computing Security Workshop (ARCS 2005), Santa Fe, NM (2005)
Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 220–237. Springer, Heidelberg (2003)
Matzinger, P.: Tolerance, Danger, and the Extended Family. Annual Review of Immunology 12, 991–1045 (1994)
Matzinger, P.: Friendly and dangerous signals: is the tissue in control? Nature Immunology 8(1), 11–13 (2007)
McHugh, J.: Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM Transactions on Information and System Security 3(4), 262–294 (2000)
Metasploit LLC: The Metasploit Project, http://www.metasploit.com/
MITRE Corp: Common Vulnerabilities and Exposures - CVE-2007-1748, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1748
Paul, W.E.: Fundamental Immunology, 4th edn. Lippincott Williams & Wilkins, Philadelphia (1998)
Sangster, B., et al.: Toward Instrumenting Network Warfare Competitions to Generate Labeled Datasets. In: USENIX Security’s Workshop on Cyber Security Experimentation and Test, CSET (2009)
Sourcefire Inc: Snort - The Open Source Network Intrusion Detection System, http://www.snort.org
Stibor, T., Timmis, J., Eckert, C.: On the Appropriateness of Negative Selection Defined Over Hamming Shape-Space as a Network Intrusion Detection System. In: Proceedings of the 2005 IEEE Congress on Evolutionary Computation, pp. 995–1002. IEEE Press, New York (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fanelli, R.L. (2010). Further Experimentation with Hybrid Immune Inspired Network Intrusion Detection. In: Hart, E., McEwan, C., Timmis, J., Hone, A. (eds) Artificial Immune Systems. ICARIS 2010. Lecture Notes in Computer Science, vol 6209. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14547-6_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-14547-6_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14546-9
Online ISBN: 978-3-642-14547-6
eBook Packages: Computer ScienceComputer Science (R0)