Communications of the ACM
Validation of Sensor Alert Correlators
IEEE Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
An immunological model of distributed detection and its application to computer security
An immunological model of distributed detection and its application to computer security
Architecture for an Artificial Immune System
Evolutionary Computation
Automated response using system-call delays
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
A Network IDS with low false positive rate
CEC '02 Proceedings of the Evolutionary Computation on 2002. CEC '02. Proceedings of the 2002 Congress - Volume 02
Intrusion detection techniques and approaches
Computer Communications
Hi-index | 0.00 |
Intrusion detection systems (IDS) perform an important role in the provision of network security, providing real- time notification of attacks in progress. One promising category of IDS attempts to incorporate into its design properties found in the natural immune system. Although previous attempts to apply immunology to intrusion detection have considered the issue of accuracy, more work still needs to be done. We present an immunologically-inspired intrusion detection model in which the false positive rate is moderated through a process of event correlation between multiple sensors. In addition, the model offers a novel response mechanism. Previous research has flirted with a variety of response mechanisms, including those that are capable of tearing down connections, killing processes and dynamically updating firewall rules. Although such mechanisms may prevent or at least mitigate an attack before its full impact is achieved, they work against the collection of information for investigatory or evidence purposes. To overcome this limitation, a response strategy is proposed in which the attack is dynamically redirected to an isolated host deployed as a honeypot. In this way, it becomes possible to mitigate the effects of the attack while at the same time study the attack itself.