Abstract—With increased global interconnectivity, reliance on e-commerce, network services, and Internet communication, computer security has become a necessity. Organizations must protect their systems from intrusion and computer-virus attacks. Such protection must detect anomalous patterns by exploiting known signatures while monitoring normal computer programs and network usage for abnormalities. Current antivirus and network intrusion detection (ID) solutions can become overwhelmed by the burden of capturing and classifying new viral stains and intrusion patterns. To overcome this problem, a self-adaptive distributed agent-based defense immune system based on biological strategies is developed within a hierarchical layered architecture. A prototype interactive system is designed, implemented in Java, and tested. The results validate the use of a distributed-agent biological-system approach toward the computer-security problems of virus elimination and ID. Index Terms—Agents, artificial immune system, computer security, computer virus, intrusion detection.

This paper studies a simplified form of LISYS, an artificial immune system for network intrusion detection. The paper describes results based on a new, more controlled data set than that used for earlier studies. The paper also looks at which parameters appear most important for minimizing false positives, as well as the trade-o#s and relationships among parameter settings.

Abstract. Redundancy and diversity are commonly applied principles for fault tolerance against accidental faults. Their use in security, which is attracting increasing interest, is less general and less of an accepted principle. In particular, redundancy without diversity is often argued to be useless against systematic attack, and diversity to be of dubious value. This paper discusses their roles and limits, and to what extent lessons from research on their use for reliability can be applied to security, in areas such as intrusion detection. We take a probabilistic approach to the problem, and argue its validity for security. We then discuss the various roles of redundancy and diversity for security, and show that some basic insights from probabilistic modelling in reliability and safety indeed apply to examples of design for security. We discuss the factors affecting the efficacy of redundancy and diversity, the role of “independence ” between layers of defense, and some of the trade-offs facing designers. 1.

Soft computing techniques are increasingly being used for problem solving. This paper addresses using an ensemble approach of different soft computing and hard computing techniques for intrusion detection. Due to increasing incidents of cyber attacks, building effective intrusion detection systems are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. We studied the performance of Artificial Neural Networks (ANNs), Support Vector Machines (SVMs) and Multivariate Adaptive Regression Splines (MARS). We show that an ensemble of ANNs, SVMs and MARS is superior to individual approaches for intrusion detection in terms of classification accuracy.

Attacks against computer networks are becoming more sophisticated, with adversaries using new attacks or modifying existing attacks. The research uses two types of multiobjective approaches, lexicographic and Pareto-based, in an evolutionary programming algorithm to develop a new method for detecting such attacks. This development extends the Computer Defense Immune System, an artificial immune system for virus and computer intrusion detection. The approach "vaccinates" the system by evolving antibodies as finite state transducers to detect attacks; this technique may allow the system to detect attacks with features similar to known attacks. Initial testing indicates that the algorithm performs satisfactorily in generating finite state transducers capable of detecting attacks.

The paper describes the design of a genetic classifier-based intrusion detection system, which can provide active detection and automated responses during intrusions. It is designed to be a sense and response system that can monitor various activities on the network (i.e. looks for changes such as malfunctions, faults, abnormalities, misuse, deviations, intrusions, etc.). In particular, it simultaneously monitors networked computer's activities at different levels (such as user level, system level, process level and packet level) and use a genetic classifier system in order to determine a specific action in case of any security violation. The objective is to find correlation among the deviated values (from normal) of monitored parameters to determine the type of intrusion and to generate an action accordingly. We performed some experiments to evolve set of decision rules based on the significance of monitored parameters in Unix environment, and tested for validation.

The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we review the algorithms used, the development of the systems and the outcome of their implementation. We provide an introduction and analysis of the key developments within this field, in addition to making suggestions for future research.

this report (De Castro & Von Zuben, 1999) is intended to present the basic theory and concepts necessary for the development of immune-based systems. It brings an instructive introduction to the mammal immune system and depicts its most relevant aspects from the viewpoint of engineering. Mechanisms like the clonal selection theory, the immune response along with its affinity maturation process and the immune network hypothesis are emphasized. A few computational algorithms were developed and applied to several different types of problems in order to demonstrate how principles gleaned from the immune system can and must be used in the design of engineering tools for solving complex tasks. In addition, it is introduced an emerging area of research, called immune engineering. The immune engineering is comprised of several strategies, like artificial immune systems, immune-based systems, immunogenetic approaches, etc., and is supposed to include any technique developed using ideas from immunology.

ARTIS is an artificial immune system framework which contains several adaptive mechanisms. LISYS is a version of ARTIS specialized for the problem of network intrusion detection. The adaptive mechanisms of LISYS are characterized in terms of their machine-learning counterparts, and a series of experiments is described, each of which isolates a different mechanism of LISYS and studies its contribution to the system’s overall performance. The experiments were conducted on a new data set, which is more recent and realistic than earlier data sets. The network intrusion detection problem is challenging because it requires one-class learning in an on-line setting with concept drift. The experiments confirm earlier experimental results with LISYS, and they study in detail how LISYS achieves success on the new data set.

While biology has inspired much of the vocabulary in computer security, biologically-inspired security remains a controversial research strategy. This panel was convened to address the issue of biologically-inspired security by raising the question of whether there is anything left to learn. The discussion at NSPW touched on many issues, ranging from the nature of evolved and intelligent systems to whether anything in security works. The final consensus, however, was that while there may be promise in biologically-inspired defenses, we need to clarify our goals and develop better evaluation methodologies if we are to see further successes in such approaches. 1.