A Biologically Motivated Computational Architecture Inspired in the Human Immunological System to Quantify Abnormal Behaviors to Detect Presence of Intruders
In this article is presented a detection model of intruders by using an architecture based in agents that imitates the principal aspects of the Immunological System, such as detection and elimination of antigens in the human body. This model is based on the hypothesis of an intruder which is a strange element in the system, whereby can exist mechanisms able to detect their presence. We will use recognizer agents of intruders (Lymphocytes-B) for such goal and macrophage agents (Lymphocytes-T) for alerting and reacting actions.
The core of the system is based in recognizing abnormal patterns of conduct by agents (Lymphocytes-B), which will recognize anomalies in the behavior of the user, through a catalogue of Metrics that will allow us quantify the conduct of the user according to measures of behaviors and then we will apply Statistic and Data Minig technics to classify the conducts of the user in intruder or normal behavior. Our experiments suggest that both methods are complementary for this purpose. This approach was very flexible and customized in the practice for the needs of any particular system.
KeywordsFalse Alarm False Alarm Rate Intrusion Detection Normal User Authentication Server
- 1.K. Mitnick. The Art of Deception. Wiley. December, 2002.Google Scholar
- 2.A. Mauro. Adaptative Intrusion Detection System using Neural Networks. Conference of ACME! Computer Security Labs. November, 2002.Google Scholar
- 3.Y. Deswarte, L. Blain, and J. C. Fabre. Intrusion tolerance in distributed computing systems. In Proc. Symp. on Research in Security and Privacy, pp. 110–121, Oakland, CA, USA. 1991. IEEE Computer Society Press.Google Scholar
- 4.S. Burgstahler, Sheryl. Working Together: People with Disabilities and Computer. University of Washington. DO-IT. 2002.Google Scholar
- 5.R. Kohavi. A study of cross-validation and bootstrap for accuracy estimation and model selection. IJCAI. 1995.Google Scholar
- 6.T. Fawcett. ROC graphs: Notes and practical considerations for researchers. Technical report, HP Laboratories, MS 1143, 1501 Page Mill Road, Palo Alto CA 94304, USA. 2004.Google Scholar
- 7.S. Forrest, S. A. Hofmeyr. A. Somayaji, and T. A. Longstaff. A sense of self for Unix processes. In Proceedings of 1996 IEEE Symposium on Computer Security and Privacy, pp. 120–128 (1996).Google Scholar