Chapter

Distributed, Parallel and Biologically Inspired Systems

Volume 329 of the series IFIP Advances in Information and Communication Technology pp 242-253

Novelty-Aware Attack Recognition – Intrusion Detection with Organic Computing Techniques

  • Dominik FischAffiliated withComputationally Intelligent Systems Lab, University of Passau
  • , Ferdinand KastlAffiliated withComputationally Intelligent Systems Lab, University of Passau
  • , Bernhard SickAffiliated withComputationally Intelligent Systems Lab, University of Passau

Abstract

A typical task of intrusion detection systems is to detect known kinds of attacks by analyzing network traffic. In this article, we will take a step forward and enable such a system to recognize very new kinds of attacks by means of novelty-awareness mechanisms. That is, an intrusion detection system will be able to recognize deficits in its own knowledge and to react accordingly. It will present a learned rule premise to the system administrator which will then be labeled, i.e., extended by an appropriate conclusion. In this article, we present new techniques for novelty-aware attack recognition based on probabilistic rule modeling techniques and demonstrate how these techniques can successfully be applied to intrusion benchmark data. The proposed novelty-awareness techniques may also be used in other application fields by intelligent technical systems (e.g., organic computing systems) to resolve problems with knowledge deficits in a self-organizing way.