Towards an immunity-based anomaly detection system for network traffic

Authors:
Takeshi Okamoto;Yoshiteru Ishida
Affiliations:
Department of Information Network and Communication, Kanagawa Institute of Technology, 1030, Shimo-ogino, Atsugi, Kanagawa 243-0292, Japan;Department of Knowledge-Based Information Engineering, Toyohashi University of Technology, 1-1, Tempaku, Toyohashi, Aichi 441-8580, Japan
Venue:
International Journal of Knowledge-based and Intelligent Engineering Systems
Year:
2011

Citing 13
Cited 0

Fundamentals of speech recognition

Fundamentals of speech recognition
Detecting masquerades in intrusion detection based on unpopular commands

Information Processing Letters
Code-Red: a case study on the spread and victims of an internet worm

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
CDIS: Towards a Computer Immune System for Detecting Network Intrusions

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Throttling Viruses: Restricting propagation to defeat malicious mobile code

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A taxonomy of computer worms

Proceedings of the 2003 ACM workshop on Rapid malcode
Probabilistic anomaly detection in distributed computer networks

Science of Computer Programming
Implementing and testing a virus throttle

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Immune system approaches to intrusion detection --- a review

Natural Computing: an international journal
Sensing danger: Innate immunology for intrusion detection

Information Security Tech. Report
Network patterns in cfengine and scalable data aggregation

LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
A sense of self for Unix processes

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
A worm filter based on the number of unacknowledged requests

KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes an immunity-based anomaly detection system for network traffic. The system is inspired by the specificity and diversity of the immune system; the system has a user-specific agent for every user, and diverse agents make a decision whether network traffic is normal or abnormal. The system makes use of multiple user profiles, which account for normal user traffic, while conventional anomaly detections have used only the single user profile. The use of multiple profiles leads to an improvement in detection accuracy. In addition, this paper proposes an evaluation framework for the immunity-based anomaly detection system. The evaluation framework is capable of evaluating the differences in detection accuracy between internal and external anomalies. In experiments, the immunity-based method outperformed the conventional method. For internal masquerader detection, the average false acceptance rate was 11.21% with no false alarms. For virus detection, four random-scanning worms and the simulated metaserver worm were detected with no false acceptances and no false alarms, while a simulated passive worm was successfully detected on some of accounts.