Skip to main content
SpringerLink
Log in

CDIS: Towards a Computer Immune System for Detecting Network Intrusions

  • Conference paper
  • First Online:
Recent Advances in Intrusion Detection (RAID 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2212))

Included in the following conference series:

Abstract

Intrusion/misuse detection is the top information assurance priority of both the national interagency INFOSEC Research Council and the Office of the Assistant Secretary of Defense. Traditional IDSs are effective at detecting known attacks; however, developing truly proactive defensive systems remains an open problem. This research investigates the feasibility of using evolutionary search techniques, in the context of a computer immune system, to detect computer network intrusions, with particular emphasis on developing techniques for catching new attacks. The system provided very low false-negative and false-positive error rates during initial experimentation.

The material reported herein is based primarily on the first author’s thesis submitted in partial fulfillment of the requirements for the Master of Science degree at the Air Force Institute of Technology, Wright-Patterson AFB, OH, March 2001. The views expressed in this article are those of the authors and do not reflect the official policy or position of the United States Air Force, Department of Defense, or the U.S. Government.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, and E. Stoner. State of the Practice of Intrusion Detection Technologies. Technical Report CMU/SEI-99-TR-028, Carnegie Mellon Software Engineering Institute, 1999.

    Google Scholar 

  2. Thomas Bäck, D. B. Fogel, and Z. Michalewicz, editors. Evolutionary Computation 1: Basic Algorithms and Operators. Institute of Physics, Bristol (UK), 2000.

    Google Scholar 

  3. Dipankar Dasgupta, editor. Artificial Immune Systems and Their Applications. Springer-Verlag, Berlin, 1998.

    Google Scholar 

  4. Stephanie Forrest and Steven A. Hofmeyr. Immunology as Information Processing. In Design Principles for the Immune Systems and Other Distributed Autonomous System, pages 361–388. Oxford University Press, 2001. Available electronically at URL ftp://ftp.cs.unm.edu/pub/forrest/iaip.ps.

  5. David E. Goldberg. Genetic Algorithms in Search, Optimization, and Machine Learning. Addison-Wesley, Reading, MA, 1989.

    Google Scholar 

  6. V. Gorodetski, I. Kotenko, L. Popyack, and V. Skormin. Multi-agent Integrated Information Security System for Computer Networks: Architecture and Agent Interaction. In Proceedings of the Second International Conference in the Republic of Kazakhstan in the area of “Information Technologies and Control” (Kaz-ITC-99), pages 113–123, 1999.

    Google Scholar 

  7. Paul Harmer. A Distributed Agent Architecture for a Computer Virus Immune System. Master’s thesis, AFIT/GCE/ENG/00M-02, Graduate School of Engineering and Management, Air Force Institute of Technology (AU), Wright-Patterson AFB, OH, March 2000.

    Google Scholar 

  8. Paul Harmer, Paul Williams, Gregg Gunsch, and Gary Lamont. A Distributed Agent Based Architecture for Computer Security Applications. To Appear in IEEE Transactions On Evolutionary Computation, Special Issue on Artificial Immune Systems, 2001. CDIS: Towards a Computer Immune System 133

    Google Scholar 

  9. Steven Hofmeyr and Stephanie Forrest. Architecture for an Artificial Immune System. Evolutionary Computation, 7(1):1289–1296, 1999.

    Google Scholar 

  10. Steven Hofmeyr, Stephanie Forrest, and A. Somayaji. Intrusion Detection using a Sequence of System Calls. Journal of Computer Security, 6:151–180, 1998.

    Google Scholar 

  11. John H. Holland. Adaptation in Natural and Artificial Systems: An Introductory Analysis With Applications to Biology, Control, and Artificial Intelligence. University of Michigan Press, Ann Arbor, MI, 1975.

    Google Scholar 

  12. Jungwon Kim and Peter Bentley. The Artificial Immune Model for Network Intrusion Detection. In 7th European Conference on Intelligent Techniques and Soft Computing (EUFIT’99), Aachen, Germany, 1999.

    Google Scholar 

  13. Gary B. Lamont, Robert E. Marmelstein, and David A. Van Veldhuizen. New Ideas in Optimization, chapter 11, pages 167–183. McGraw-Hill, 1999.

    Google Scholar 

  14. Richard P. Lippmann, R. Cunningham, and Marc A. Zissman. DARPA Intrusion Detection Evaluation, 1999. Massachusetts Institute of Technology World Wide Web Site, URL http://www.ll.mit.edu/IST/ideval/.

  15. Robert E. Marmelstein, David A. Van Veldhuizen, Paul K. Harmer, and Gary B. Lamont. Modeling & Analysis of Computer Immune Systems using Evolutionary Algorithms, Revision 2. White Paper, December 1999. Air Force Institute of Technology, Wright-Patterson AFB, OH.

    Google Scholar 

  16. Ludovic Mé. GASSATA, A Genetic Algorithm as an Alternative Tool for Security Audit Trails Analysis. 1998. In Online Proceedings of the 1stWorkshop on Recent Advances in Intrusion Detection, available at http://www.raid-symposium.org/_raid98/Prog RAID98/Table of content.html.

  17. Z. Michalewicz and D. Fogel. How to Solve It: Modern Heuristics. Springer-Verlag, Berlin, 2000.

    Google Scholar 

  18. Morton Nadler and Eric P. Smith. Pattern Recognition Engineering. John Wiley and Sons, Inc., New York, 1993.

    MATH  Google Scholar 

  19. Filippo Neri. Comparing Local Search with Respect to Genetic Evolution to Detect Intrusions in Computer Networks. In Proceedings of the 2000 Congress on Evolutionary Computation, pages 238–243, Piscataway, NJ, 2000. IEEE Service Center.

    Google Scholar 

  20. Marty Roesch. Writing Snort Rules: How to Write Snort Rules and Keep Your Sanity, 2001. World Wide Web Page. URL http://www.snort.org/writing_snort_rules.htm.

  21. A. Somayaji, S. Hofmeyr, and S. Forrest. Principles of a Computer Immune System. In Proceedings of the New Security Paradigms Workshop (NSPW-97), pages 75–82, Langdale, United Kingdom, 1997. Association for Computing Machinery.

    Google Scholar 

  22. Paul D. Williams. Warthog: Towards a Computer Immune System for Detecting “Low and Slow” Information System Attacks. Master’s thesis, AFIT/GCS/ENG/01M-15, Graduate School of Engineering and Management, Air Force Institute of Technology (AU), Wright-Patterson AFB, OH, March 2001.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Headquarters Air Intelligence Agency, Directorate of Operations, 102 Hall Blvd, Suite 229, San Antonio, TX, 78243, USA

    Paul D. Williams

  2. Dept of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson AFB, OH, 45433, USA

    Kevin P. Anchor, John L. Bebo, Gregg H. Gunsch & Gary D. Lamont

Authors
  1. Paul D. Williams
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kevin P. Anchor
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. John L. Bebo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gregg H. Gunsch
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Gary D. Lamont
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Georgia Institute of Technology, College of Computing, 801 Atlantic Drive, Atlanta, Georgia, 30332-0280, USA

    Wenke Lee

  2. SUPELEC, BP 28, 35511, Cesson Sevigne Cedex, France

    Ludovic Mé

  3. IBM Research, Zurich Research Laboratory, Säumerstr. 4, 8803, Rüschlikon, Switzerland

    Andreas Wespi

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Williams, P.D., Anchor, K.P., Bebo, J.L., Gunsch, G.H., Lamont, G.D. (2001). CDIS: Towards a Computer Immune System for Detecting Network Intrusions. In: Lee, W., Mé, L., Wespi, A. (eds) Recent Advances in Intrusion Detection. RAID 2001. Lecture Notes in Computer Science, vol 2212. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45474-8_8

Download citation

  • DOI: https://doi.org/10.1007/3-540-45474-8_8

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42702-5

  • Online ISBN: 978-3-540-45474-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation