A spontaneous content based filtering approach for network security
ICNVS'10 Proceedings of the 12th international conference on Networking, VLSI and signal processing
Hi-index | 0.00 |
Current approaches to intrusion detection are generally based on the observation of only one source of information such as network traffic, system calls, resource usage etc. However, we would get a more precise conclusion about the incident of intrusion if we used the entire available information. We are going to present an approach to an Intrusion Prevention System (IPS) which is inspired by the Danger Theory of immunology and tries to solve this problem by analyzing more sources of information. In this paper we will show how to link the entities which participate in the interactions described by this theory with components of the operating system for synthesizing of IPS. We'll also introduce a technique inspired by the clonal selection mechanism of the human immune system which links the anomaly behavior of system processes with received network traffic and can generate new signatures of network intrusions on the fly.