Immune System Approaches to Intrusion Detection : A Review

Immune System Approaches to Intrusion Detection : A Review

The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we review the algorithms used, the development of the systems and the outcome of their implementation. We provide an introduction and analysis of the key developments within this field, in addition to making suggestions for future research. One of the central challenges with computer security is determining the difference between normal and potentially harmful activity. For half a century, developers have protected their systems using rules that identify and block specific events. However, the nature of current and future threats in conjunction with ever larger IT systems urgently requires the development of automated and adaptive defensive tools. A promising solution is emerging in the form of biologically inspired computing, and in particular artificial immune systems (AIS). The Human Immune System (HIS) can detect and defend against harmful and previously unseen invaders, so can a similar system be built for our computers? Perhaps, those systems would then have the same beneficial properties as the HIS such as error tolerance, adaptation and selfmonitoring [48]. Alongside other techniques for preventing intrusions such as encryption and firewalls, Intrusion Detection Systems (IDS) are another significant method used to help safeguard computer systems. The main goal of these systems is to detect unauthorised use, misuse and abuse of computer systems by both system insiders and external intruders [88]. IDS can be broadly classified into two approaches: anomaly detection and misuse detection. Considering the above, one can see an analogy between the HIS and IDS. The HIS has both innate and adaptive components to its mechanisms. For example, an innate response is inflammation – the attraction of lyphocytes to the site of an injury and their automatic consumption of dead cells. An adaptive response is a response learned during the lifetime of an organism, such as the production of specific antibodies from carefully maintained populations of B cells. The innate part of the HIS is akin to the misuse detector class of IDS. Similarities can also be drawn between the adaptive immune system and anomaly based IDS. Both the innate HIS and misuse detectors have prior knowledge of attackers and detect them based on this knowledge. Similarly, both the adaptive immune system and anomaly detectors generate new detectors to find previously unknown attackers.

Free download research paper


taxonomy of intrusion detection systems

Intrusion Detection in Computer Networks based on Machine Learning Algorithms CSE PROJECTS