TAT-NIDS: An Immune-Based Anomaly Detection Architecture for Network Intrusion Detection

Antunes, Mário; Correia, Manuel

http://hdl.handle.net/10400.8/12772

Use this identifier to reference this record.

Name:	Description:	Size:	Format:
TAT-NIDS An immune-based anomaly detection architecture for network intrusion detection.pdf	One emergent, widely used metaphor and rich source of inspiration for computer security has been the vertebrate Immune System (IS). This is mainly due to its intrinsic nature of having to constantly protect the body against harm inflicted by external (non-self) harmful entities. The bridge between metaphor and the reality of new practical systems for anomaly detection is cemented by recent biological advancements and new proposed theories on the dynamics of immune cells by the field of theoretical immunology. In this paper we present a work in progress research on the deployment of an immune-inspired architecture, based on Grossman's Tunable Activation Threshold (TAT) hypothesis, for temporal anomaly detection, where there is a strict temporal ordering on the data, such as network intrusion detection. We start by briefly describing the overall architecture. Then, we present some preliminary results obtained in a production network. Finally, we conclude by presenting the main lines of research we intend to pursue in the near future. © 2009 Springer-Verlag Berlin Heidelberg.	6.3 MB	Adobe PDF	Download

Send Feedback

Authors

Antunes, Mário

Correia, Manuel

Antunes, Mário

Abstract(s)

One emergent, widely used metaphor and rich source of inspiration for computer security has been the vertebrate Immune System (IS). This is mainly due to its intrinsic nature of having to constantly protect the body against harm inflicted by external (non-self) harmful entities. The bridge between metaphor and the reality of new practical systems for anomaly detection is cemented by recent biological advancements and new proposed theories on the dynamics of immune cells by the field of theoretical immunology. In this paper we present a work in progress research on the deployment of an immune-inspired architecture, based on Grossman's Tunable Activation Threshold (TAT) hypothesis, for temporal anomaly detection, where there is a strict temporal ordering on the data, such as network intrusion detection. We start by briefly describing the overall architecture. Then, we present some preliminary results obtained in a production network. Finally, we conclude by presenting the main lines of research we intend to pursue in the near future.

Description

2nd International Workshop on Practical Applications of Computational Biology and Bioinformatics (IWPACBB 2008)

Keywords

artificial immune system tunable activation threshold network intrusion detection anomaly detection

URI

http://hdl.handle.net/10400.8/12772

Citation

Antunes, M., Correia, M. (2009). TAT-NIDS: An Immune-Based Anomaly Detection Architecture for Network Intrusion Detection. In: Corchado, J.M., De Paz, J.F., Rocha, M.P., Fernández Riverola, F. (eds) 2nd International Workshop on Practical Applications of Computational Biology and Bioinformatics (IWPACBB 2008). Advances in Soft Computing, vol 49. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85861-4_8.