Natural immune systems protect animals from dangerous foreign pathogens, including bacteria, viruses, parasites, and toxins. Their role in the body is analogous to that of computer security systems in computing. Although there are many differences between living organisms and computer systems, this article argues that the similarities are compelling and could point the way to improved computer security. Improvements can be achieved by designing computer immune systems that have some of the important properties illustrated by natural immune systems. These include multi-layered protection, highly distributed detection and memory systems, diversity of detection ability across individuals, inexact matching strategies, and sensitivity to most new foreign patterns. We first give an overview of how the immune system relates to computer security. We then illustrate these ideas with two examples.

Over the last decade, a new idea challenging the classical self-non-self viewpoint has become popular amongst immunologists. It is called the Danger Theory. In this conceptual paper, we look at this theory from the perspective of Artificial Immune System practitioners. An overview of the Danger Theory is presented with particular emphasis on analogies in the Artificial Immune Systems world. A number of potential application areas are then used to provide a framing for a critical assessment of the concept, and its relevance for Artificial Immune Systems.

Embedding malcode within documents provides a convenient means of penetrating systems which may be unreachable by network-level service attacks. Such attacks can be very targeted and difficult to detect compared to the typical network worm threat due to the multitude of document-exchange vectors. Detecting malcode embedded in a document is difficult owing to the complexity of modern document formats that provide ample opportunity to embed code in a myriad of ways. We focus on Microsoft Word documents as malcode carriers as a case study in this paper. We introduce a hybrid system that integrates static and dynamic techniques to detect the presence and location of malware embedded in documents. The system is designed to automatically update its detection models to improve accuracy over time. The overall hybrid detection system with a learning feedback loop is demonstrated to achieve a 99.27% detection rate and 3.16 % false positive rate on a corpus of 6228 Word documents. 1.

With the increased use of networked computers for critical systems, network security is attracting increasing attention and computer network intrusions have become a significant threat to communication and computer networks in recent years. The models developed in this thesis represent the first step in modelling of network attacks. The thesis demonstrates that models that represent network attacks can be developed and used for both detection and classification. In this thesis we put emphasis on detection and classification of network intrusions and attacks using Hidden Markov Models and training on anomalous sequences. We test several algorithms, apply different rules for classification and evaluate the relative performance of these. We put emphasis on one particular classification algorithm that is not dependent on data set properties. Several of the attack examples presented exploit buffer overflow vulnerabilities, due to availability of data for such attacks. We demonstrate that models for other attacks can be built following our methods but could not be tested due to lack of data. The new method proposed in this thesis is highly efficient and captures char-acteristic features of attacks in short period of time using very low number of sequences.

Over the last decade, a new idea challenging the classical self-non-self viewpoint has become popular amongst immunologists. It is called the Danger Theory. In this conceptual paper, we look at this theory from the perspective of Artificial Immune System practitioners. An overview of the Danger Theory is presented with particular emphasis on analogies in the Artificial Immune Systems world. A number of potential application areas are then used to provide a framing for a critical assessment of the concept, and its relevance for Artificial Immune Systems.

This article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal non-commercial research and education use, including for instruction at the authors institution and sharing with colleagues. Other uses, including reproduction and distribution, or selling or licensing copies, or posting to personal, institutional or third party websites are prohibited. In most cases authors are permitted to post their version of the article (e.g. in Word or Tex form) to their personal website or institutional repository. Authors requiring further information regarding Elsevier’s archiving and manuscript policies are encouraged to visit:

Abstract-How can one effectively exploit the adaptive and distributed information processing characteristics of the immune system for the purposes of computation and engineering problem domains? The field focused on this problem is artificial immune systems, and this work provides a novel hierarchical framework as to how such work, may proceed from at least three similar, although distinct directions.