Abstract
This paper proposes a novel framework for an artificial immune server with both innate and adaptive immune functions. The innate immune function detects cyber attacks on a known or unknown vulnerability. Upon detecting a cyber attack, the innate immune function creates a new process of the server application and terminates the compromised process. The adaptive immune function learns the requests with exploit code detected by the innate immune function. The adaptive immune function enables the server application to maintain its own service without terminating the server application after the innate immune function recognizes the attack. Performance tests of a prototype system implemented on a vulnerable web server showed that this prototype system was able to maintain the web service during all attacks except the first.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Microsoft (2015) Enhanced mitigation experience toolkit 5.5 user guide. https://www.microsoft.com/en-us/download/confirmation.aspx?id=50802. Accessed 16 Jun 2016
Cheng Y, Zhou Z, Miao Y, Ding X, Deng H (2014) ROPecker: a generic and practical approach for defending against ROP attack. In: Proceedings of the 21st annual network and distributed system security symposium
Okamoto T (2015) SecondDEP: resilient computing that prevents shellcode execution in cyber-attacks. Procedia Comput Sci 60:691–699
Sano F, Okamoto T, Idris W, Hata Y, Ishida Y (2016) A cyber attack-resilient server inspired by diversity. In: Proceedings of the 21st international symposium on artificial life and robotics, pp 31–35
Kephart JO (1994) A biologically inspired immune system for computers. In: Proceedings of the 4th international workshop on the synthesis and simulation of living systems, artificial life IV, pp 130–139
Forrest S, Hofmeyr SA, Somayaji A, Longstaff TA (1996) A sense of self for unix processes. In: Proceedings of the IEEE symposium on security and privacy, pp 120–128
Shacham H (2007) The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM conference on computer and communications security, , ACM, Washington, D. C., pp 552–561
Willems C, Holz T, Freiling F (2007) Toward automated dynamic malware analysis using cwsandbox. IEEE Secur Priv 2:32–39
Matt_Oh (2014) Technical analysis of CVE-2014-0515 adobe flash player exploit. HP enterprise business community
Jesse K (2006) Identifying almost identical files using context triggered piecewise hashing. Digit Investig 3:91–97
Author information
Authors and Affiliations
Corresponding author
About this article
Cite this article
Okamoto, T., Tarao, M. Toward an artificial immune server against cyber attacks. Artif Life Robotics 21, 351–356 (2016). https://doi.org/10.1007/s10015-016-0282-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10015-016-0282-9