The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we collate the algorithms used, the development of the systems and the outcome of their implementation. It provides an introduction and review of the key developments within this field, in addition to making suggestions for future research.

LISYS is an artificial immune system framework which is specialized for the problem of network intrusion detection. LISYS learns to detect abnormal packets by observing normal network tra#c. Because LISYS sees only a partial sample of normal tra#c, it must generalize from its observations in order to characterize normal behavior correctly. A variation of the r-contiguous bits matching rule is introduced, and its e#ect on coverage and generalization is studied. The e#ect of representation diversity on coverage and generalization is also explored by studying permutations in the order of bits in the representation.

journal homepage: www.elsevier.com/locate/asoc

artificial immune system. This document reviews recent efforts in the area of Artificial immune systems (AIS) and their applications for (ad hoc) wireless networks. It presents basic mechanism of Human immune systems, introduces the reader to the learning paradigms of AIS, sums up misbehavior in ad hoc wireless networks and discusses pros and cons of AIS in increasing robustness of ad hoc wireless networks against misbehavior.

The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we review the algorithms used, the development of the systems and the outcome of their implementation. We provide an introduction and analysis of the key developments within this field, in addition to making suggestions for future research.

Abstract — Sensor networks are a flavor of ad hoc wireless networks with limited computational capabilities. The task to protect such networks against misbehavior is therefore more complicated as any detection mechanism has to be simple and efficient. We employed mechanisms based on Artificial immune systems (AIS) in order to detect misbehavior. We conclude that AIS based misbehavior detection offers a decent detection performance at a very low computational cost. We show that misbehavior detection when applied at both the MAC and network layers may still not be sufficient, instead it will be necessary to extend it to layers with end-to-end connection information; this would also allow for classifying misbehavior by its potential to cause harm. These results have a direct impact on the design of AIS for sensor networks and on engineering of sensor networks. I.

Intrusion detection is a key technology for self-healing systems designed to prevent or manage damage caused by security threats. Protecting web server-based applications using intrusion detection is challenging, especially when autonomy is required (i.e., without signature updates or extensive administrative overhead). Web applications are difficult to protect because they are large, complex, highly customized, and often created by programmers with little security background. Anomaly-based intrusion detection has been proposed as a strategy to meet these requirements. This paper describes how DFA induction can be used to detect malicious web requests. The method is used in combination with rules for reducing variability among requests and heuristics for filtering and grouping anomalies. With this setup a wide variety of attacks is detectable with few false positives, even when the system is trained on data containing benign attacks (e.g., attacks that fail against properly patched servers).

ARTIS is an artificial immune system framework which contains several adaptive mechanisms. LISYS is a version of ARTIS specialized for the problem of network intrusion detection. The adaptive mechanisms of LISYS are characterized in terms of their machine-learning counterparts, and a series of experiments is described, each of which isolates a different mechanism of LISYS and studies its contribution to the system’s overall performance. The experiments were conducted on a new data set, which is more recent and realistic than earlier data sets. The network intrusion detection problem is challenging because it requires one-class learning in an on-line setting with concept drift. The experiments confirm earlier experimental results with LISYS, and they study in detail how LISYS achieves success on the new data set.

Abstract — A sensor network is a collection of wireless devices that are able to monitor physical or environmental conditions. These devices are expected to operate autonomously, be battery powered and have very limited computational capabilities. This makes the task of protecting a sensor network against misbehavior or possible malfunction a challenging problem. In this document we discuss performance of Artificial immune systems (AIS) when used as the mechanism for detecting misbehavior. We concentrate on performance of respective genes; genes are necessary to measure a network’s performance from a sensor’s viewpoint. We conclude that the choice of genes has a profound influence on the performance of the AIS. We identified a specific MAC layer based gene that showed to be especially useful for detection. We also discuss implementation details of AIS when used with sensor networks. I.

Abstract — We investigate the influence of the network traffic payload, using 50 concurrent connections, with a Poisson distributed packet injection model, on the detection performance of our Artificial Immune System (AIS). We compare the detection performance to priorly gained results which were based on a smaller scenario. We conclude that the Poisson traffic model had again no negative impact on the detection performance. We also conclude that a higher network payload has no negative impact on the detection performance. Additionally a statistically significant difference in the detection performance between CBR and Poisson could be observed for a high network payload.