Communications of the ACM
Artificial Immune Systems: A New Computational Intelligence Paradigm
Artificial Immune Systems: A New Computational Intelligence Paradigm
Immunocomputing: Principles and Applications
Immunocomputing: Principles and Applications
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
An Immunological Approach to Change Detection: Algorithms, Analysis and Implications
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Architecture for an Artificial Immune System
Evolutionary Computation
Artificial Immune System Based Robot Anomaly Detection Engine for Fault Tolerant Robots
ATC '08 Proceedings of the 5th international conference on Autonomic and Trusted Computing
A Type-2 Fuzzy Set Recognition Algorithm for Artificial Immune Systems
HAIS '08 Proceedings of the 3rd international workshop on Hybrid Artificial Intelligence Systems
An immunological approach for file recovery over JXTA peer-to-peer framework
International Journal of Network Management
Artificial immune system based on interval type-2 fuzzy set paradigm
Applied Soft Computing
Profiling network attacks via AIS
WIRN'05 Proceedings of the 16th Italian conference on Neural Nets
Hi-index | 0.00 |
This paper presents design, implementation, and testing of NAIS, an artificial immune system for the protection of computer networks. Inspired by the biological innate immune system, NAIS consists of a collection of digital macrophages that scan the network for dangerous non-self processes, and kill them. NAIS is based on the observation that all significant network attacks are preceded by preparatory small-scale intrusions meant to gather the necessary information --- information on servers and operating systems, logins, weak passwords, ill-installed or poorly maintained services, etc. This information is used to bypass the network's defense barriers --- access controls, firewalls --- and to gain access to the machine before it is attacked. Such preparatory intrusions do not generate new processes, however the subsequent, actual intrusion will. Such processes will be recognized as non-self by the digital macrophages run by NAIS, and killed right away, thus defusing the attack. Telling illegal new processes from legal ones is a difficult matter, and amounts to providing a strong definition of non-self process. Our testing of NAIS proved our definition to be quite effective in protecting networks of one-service computers.