Abstract
This study focused on an artificial immunity-enhancing module for high-availability servers against cyberattacks on the internet. Similar to the human immune system, an artificial immunity-enhancing module consists of innate and adaptive immune functions. The innate immune function detects cyberattacks on a known or unknown vulnerability of a server application, although this function causes to restart the server application to recover its execution control. The adaptive immune function adaptively learns the cyberattacks detected by the innate immune function using a random forest classifier. In addition, the adaptive immune function prevents subsequent cyberattacks without restarting the server application before the innate immune function detects the cyberattacks. Performance tests showed that the detection accuracy of a prototype was 92.16%, achieving a true negative rate of 99.13% by adaptively acquiring immunity against cyberattacks. Moreover, the overhead of the prototype had little effect on the performance of the server application.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Microsoft (2016) Enhanced mitigation experience Toolkit 5.5 User Guide. http://www.microsoft.com/en-us/download/confirmation.aspx?id=50802. Accessed 16 Jun 2016
Fratrić I (2012) ROPGuard: runtime prevention of return-oriented programming attacks. https://www.ieee.hr/_download/repository/Ivan_Fratric.pdf. Accessed 13 Feb 2017
Okamoto T (2015) SecondDEP: resilient computing that prevents shellcode execution in cyber-attacks. Proc Comput Sci 60:691–669
Buczak AL, Guven E (2016) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutor 18(2):1153–1176
Lin WC, Ke SW et al (2015) CANN: An intrusion detection system based on combining cluster centers and nearest neighbors. Knowl Based Syst 78:13–21
Ashfaq RAR, Wang XZ et al (2017) Fuzziness based semi-supervised learning approach for intrusion detection system. Inf Sci 378:484–497
Forrest S, Hofmeyr SA et al (1996) A sense of self for unix processes. In: Proceedings of the IEEE Symposium on security and privacy. pp 120–128
Mohammadi M, Akbari A et al (2014) A fast anomaly detection system using probabilistic artificial immune algorithm capable of learning new attacks. Evol Intel 6(3):135–156
Tarao M, Okamoto T (2016) Toward an artificial immune server against cyber attacks: enhancement of protection against DoS attacks. Proc Comput Sci 96:1137–1146
Cheng Y, Zhou Z, Miao Y, Deng H (2014) ROPecker: A generic and practical approach for defending against ROP attack. In: Proceedings of the 21st annual network and distributed system security symposium
Okamoto T, Tarao M (2016) ROPGuard bypass prevention method using last branch recording facilities. IPSJ J 57(9):1933–1943
Jesse K (2006) Identifying almost identical files using context triggered piecewise hashing. Digit Investig 3:91–97
Wright MN, Ziegler A (2016) Ranger: a fast implementation of random forests for high dimensional data in C++ and R. J Stat Softw. http://arxiv.org/abs/15088.04409. Accessed 13 Feb 2017
Author information
Authors and Affiliations
Corresponding author
About this article
Cite this article
Okamoto, T., Tarao, M. An artificial immunity-enhancing module for internet servers against cyberattacks. Artif Life Robotics 23, 292–297 (2018). https://doi.org/10.1007/s10015-018-0426-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10015-018-0426-1