The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we collate the algorithms used, the development of the systems and the outcome of their implementation. It provides an introduction and review of the key developments within this field, in addition to making suggestions for future research.

This paper describes necessary elements for constructing theoretical models of network and system administration. Armed with a theoretical model it becomes possible to determine best practices and optimal strategies in a way which objectively relates policies and assumptions to results obtained. It is concluded that a mixture of automation and human, or other intelligent incursion is required to fully implement system policy with current technology. Some aspects of the author’s immunity model for automated system administration are explained, as an example. A theoretical framework makes the prediction that the optimal balance between resource availability and garbage collection strategies is encompassed by the immunity model. 1

The field of Artificial Immune Systems (AIS) concerns the study and development of computationally interesting abstractions of the immune system. This survey tracks the development of AIS since its inception, and then attempts to make an assessment of its usefulness, defined in terms of ‘distinctiveness ’ and ‘effectiveness. ’ In this paper, the standard types of AIS are examined—Negative Selection, Clonal Selection and Immune Networks—as well as a new breed of AIS, based on the immunological ‘danger theory. ’ The paper concludes that all types of AIS largely satisfy the criteria outlined for being useful, but only two types of AIS satisfy both criteria with any certainty.

This thesis explores the design and application of artificial immune systems (AISs), problem-solving systems inspired by the human and other immune systems. AISs to date have largely been modelled on the biological adaptive immune system and have taken little inspiration from the innate immune system. The first part of this thesis examines the biological innate immune system, which controls the adaptive immune system. The importance of the innate immune system suggests that AISs should also incorporate models of the innate immune system as well as the adaptive immune system. This thesis presents and discusses a number of design principles for AISs which are modelled on both innate and adaptive immunity. These novel design principles provided a structured framework for developing AISs which incorporate innate and adaptive immune systems in general. These design principles are used to build a software system which allows such AISs to be implemented and explored.

This paper describes the automatic installation and configuration system currently being used to manage several hundred Linux machines in the Division of Informatics at Edinburgh University. This is a development of the LCFG system which has been used successfully for several years under Solaris. The introduction provides some background on the general problem of large-scale configuration, together with a short comparison of typical solutions, and a brief description of the original LCFG system. The specific changes required to support Linux are then discussed; in particular, the issues of installation bootstrapping, and the updaterpms program. This automatically synchronises client software packages with a specification in the central database. We describe how the system is used in practice, and how it enables us to automatically maintain large numbers of machines with very diverse and evolving configurations. Some future plans are then discussed, including a major reworking of the LCFG implementation, LDAP integration, and our intention to make the technology more widely available. 1

The automation of system administration tasks requires a notion of convergence towards a stable state. Some simple models for such convergence with feedback, utilizing the system administration robot cfengine, are examined. Statistical analysis of computer systems can provide information which may be used to regulate the way in which they are used in the future without the need for excessive human intervention. @ 1998 John Wiley & Sous, Ltd. KEY WORDS: feedback regulation automatic system administration

The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we review the algorithms used, the development of the systems and the outcome of their implementation. We provide an introduction and analysis of the key developments within this field, in addition to making suggestions for future research.

The immunity model, as used in the GNU cfengine project, is a distributed framework for performing policy conformant system administration, used on hundreds of thousands of Unix-like and Windows systems.

Correlations between locally averaged host observations, at different times and places, hint at information about the associations between the hosts in a network. These smoothed, pseudo-continuous time-series imply relationships with entities in the wider environment. For anomaly detection, mining this information might provide a valuable source of observational experience for determining comparative anomalies or rejecting false anomalies. The di#culties with distributed analysis lie in collating the distributed data and in comparing observables on di#erent hosts, in di#erent frames of reference. In the present work, we examine two methods (Principle Component Analysis and Eigenvector Centrality) that shed light on the usefulness of comparing data destined for di#erent locations in a network.

Abstract. Within immunology, new theories are constantly being proposed that challenge current ways of thinking. These include new theories regarding how the immune system responds to pathogenic material. This conceptual paper takes one relatively new such theory: the Danger theory, and explores the relevance of this theory to the application domain of web mining. Central to the idea of Danger theory is that of a context dependant response to invading pathogens. This paper argues that this context dependency could be utilised as powerful metaphor for applications in web mining. An illustrative example adaptive mailbox filter is presented that exploits properties of the immune system, including the Danger theory. This is essentially a dynamical classification task: a task that this paper argues is well suited to the field of artificial immune systems, particularly when drawing inspiration from the Danger theory. 1