Tunable immune detectors for behaviour-based network intrusion detection

  • Authors:
  • Mário Antunes;Manuel E. Correia

  • Affiliations:
  • School of Technology and Management, Polytechnic Institute of Leiria, Portugal and Center for Research in Advanced Computing Systems, Faculty of Science, University of Porto, Portugal;Center for Research in Advanced Computing Systems, Faculty of Science, University of Porto, Portugal

  • Venue:
  • ICARIS'11 Proceedings of the 10th international conference on Artificial immune systems
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

Computer networks are highly dynamic environments in which the meaning of normal and anomalous behaviours can drift considerably throughout time. Behaviour-based Network Intrusion Detection System (NIDS) have thus to cope with the temporal normality drift intrinsic on computer networks, by tuning adaptively its level of response, in order to be able to distinguish harmful from harmless network traffic flows. In this paper we put forward the intrinsic Tunable Activation Threshold (TAT) theory ability to adaptively tolerate normal drifting network traffic flows. This is embodied on the TAT-NIDS, a TAT-based Artificial Immune System (AIS) we have developed for network intrusion detection. We describe the generic AIS framework we have developed to assemble TAT-NIDS and present the results obtained thus far on processing real network traffic data sets. We also compare the performance obtained by TAT-NIDS with the well known and widely deployed signature-based snort network intrusion detection system.