Survey on Artificial Immune System as a Bio ... - Semantic Scholar

5 downloads 0 Views 199KB Size Report
survey on Artificial Immune System as a Bio-Inspired Technique for Anomaly. Based Intrusion Detection Systems. Farhoud Hosseinpour, Kamalrulnizam Abu ...
2010 International Conference on Intelligent Networking and Collaborative Systems

survey on Artificial Immune System as a Bio-Inspired Technique for Anomaly Based Intrusion Detection Systems

Farhoud Hosseinpour, Kamalrulnizam Abu Bakar

Amir Hatami Hardoroudi, Nazaninsadat Kazazi

Faculty of Computer Science and Information System University of Technology Malaysia 54100 Kuala Lumpur, Malaysia [email protected], [email protected]

Advanced Informatics School (AIS) University of Technology Malaysia 54100 Kuala Lumpur, Malaysia [email protected], [email protected] The rest of the paper is organized as follows. In Section 2, a brief history of AIS been presented, In Section 3, we review the related work, and finally conclude in section 4.

Abstract— During the last few years, need for protection of computer networks from the outside world is evident. Connectivity of the computer networks to worked wide internet exposes them to many kinds of cybercrimes. Currently Intrusion detection systems have grown to be an ordinary component of network security infrastructure. With mounting global network connectivity, the issue of intrusion has achieved importance, promoting active research on efficient Intrusion Detection Systems (IDS). Artificial Immune System (AIS) is a new bio-inspired model, which is applied for solving various problems in the field of information security. The unique features AIS encourage the researchers to employ this techniques in variety of applications and especially in intrusion detection systems. This paper presents a survey on current Artificial Immune System based Intrusion Detections.

II.

In recent years use of artificial immune system has been favoured by the researcher to build Intrusion Detection Systems based on it. Although this idea has not been completely applied to the current IDSes, but a lot of effort has been made to develop this idea. The primitive theoretical study on artificial immunology has been conducted by Farmer et al [5] in 1986. They put forward a new link [1] between biological and computing science. Forrest et al [6] in 1994 purposed most effective idea in utilization of immunity in computer security for self and non-self discrimination. Followed by this work they presented basic architecture [7] for artificial immune system and took advantage of that in deploying the first AIS based IDS called LISYS. Matzinger [8] in 2002 applied the danger theory as alternative approach for self sense in AIS. In addition to AIS pioneers, over the past ten years there has been a lot of works on application of AIS in computer security and utilizing it in intrusion detection systems.

Keywords- AIS; IDS; Danger Theory

I. INTRODUCTION Artificial Immune System (AIS) is a new bio-inspired model, which is applied for solving various problems in the field of information security. AIS is defined as [3] “Adaptive systems, inspired by theoretical immunology and observed immune functions, principles and models, which are applied to problem solving.” akin to other bio-inspired models such as genetic algorithms, neural networks, evolutionary algorithms and swarm intelligence, [1] AIS is inspired from human immune system (HIS) which is a system of structures in human body that recognize the foreign pathogens and cells from human body cells and protect the body against those disease [2]. The unique features of dynamic, diversity, distributed, parallel management, self-organization, selflearning and self-adaptation [4],[7] encourage the researchers to employ this techniques in variety of applications. One basic and significant feature of AIS is self and nonself discrimination [6],[7], which make it a precise technique to be used for anomaly detection in intrusion detection systems. Like HIS which protects the human body against the foreign pathogens, the AIS suggest a multilayered protection structure [9],[10] for protecting the computer networks against the attacks. Consequently it has been focused by network security researchers to utilize and optimize it in new generation of IDS.

978-0-7695-4278-2/10 $26.00 © 2010 IEEE DOI 10.1109/INCOS.2010.40

HISTORY

III.

RELATED WORK

Different frameworks have been presented by several authors in utilization of AIS in intrusion detection systems. There are essentially two approaches for applying AIS. One approach is classical self/non-self discrimination and another approach is application of danger theory as substitute to previous approach. A. Self/non-Self Discrimination The artificial immune system has the capability to differentiate between the self-space (the cells, which are owned by the system) and non-self space (foreign entities to the system) which is obtained by T-cells, which are a set of non-self reactive detectors. Negative Selection algorithm is proposed by Forrest [6] which presents a framework to discriminate between self and non-self entities. In this algorithm, at first a set of detectors are produced and then they are compared with a set of normal sets (self), to make sure that non of detectors are not reactive to self data. If any 323

IV. CONCLUSION Computer world and Internet is growing in both size and complexity. They are means to exchange data and an optimum place for e-businesses. In another side, they also became a means for attacking the users and hosts. Recently Artificial Immune System is paid more attention by computer security researchers as a new hotspot of biologically inspired computational intelligence approach. AIS is a new bio-inspired model which is applied for solving various problems in the field of information security. Recently AIS has been applied for anomaly based intrusion detection in computer networks.

of detectors are matched with any self entity the system will eliminate them and the remaining will be kept [6]. Hofmeyr and Forrest [7] developed the first lightweight intrusion detection system (LISYS) based on AIS. They believe that “unlike the other immunology’s rhetorical model AIS are typically constructed as agent-based models (ABM).” LISYS is a network IDS which utilize the negative selection algorithm. In these IDS, TCP connections are inspected and categorized to normal and anomalous connections. They simulate the chemical bound which are made between the protein chains as fixed length binary strings for self and non-self discrimination in AIS. Kannadiga and Zulkernine [11] utilized mobile agents for developing a distributed IDS. This innovation lead to reduce the network bandwidth usage by migrating the detectors and computational entities to each suspected host. Tan et al. [10] proposed a multi-layered structure which consist of detection, defense and user layers. Divyata Dal et al. [12] developed an IDS by utilizing the genetic algorithm for evolution of the detectors to form the primary Immune Response to generate the memory cells. They tried to enhance the Forrest and Hofmeyr’s work by applying Genetic algorithm to enhance the secondary immune response of the AIS without human involvement. Their proposed model was basically a centralized network based IDS with capability of anomaly detection. This work has disadvantage of central processing for massive processes for each packets passing trough network. In this paper we proposed a distributed multi-layerd framework to enhance the detection performance and efficiency of this IDS.

REFERENCES [1]

[2]

[3] [4]

[5] [6]

[7]

B. Danger Theory As a substitute to self/non-self discrimination, Danger model is proposed by Matzinger [8]. According to this hypothesis the main cause of an immune response is that a photogene harms the system and it is thus dangerous and not because of it is unknown to the system. The Danger Model works on the premise that the main director of the immune system is the body’s tissues and not the immune cells. The chemical danger signals are released by the distressed tissues to rouse the immune response whereas the calming or self signals are released by healthy tissues which provide the tolerance for the immune system [13]. The idea of utilizing the Danger Theory model for constructing the next generation of artificial immune system based IDS is proposed by Aickelin et al. [14]. They stated that in IDS paradigm the danger is sensed and measured automatically after some number of intrusions because of the damage that is caused by attack. Once a danger signal is detected it will be transmitted to nearest artificial antigens around the danger area. Fu and his followers [9] proposed a four layer model based on DT and AIS: “Danger sense layer (DSL), danger computing layer (MCL), immune response layer (IRL) and spot disposal layer (SDL)”. In this model each layer works independently while cooperates with other layers.

[8] [9]

[10]

[11]

[12]

[13]

[14]

324

J. Timmisa, A. Honec, T. Stibord and E. Clarka, “Theoretical advances in artificial immune systems”. In: Theoretical Computer Science. science direct. 2008. 403(1): 11-32. K.W. Yeom, J.H. Park: An Immune System Inspired Approach of Collaborative Intrusion Detection System Using Mobile Agents in Wireless Ad Hoc Networks. CIS (2) 2005: 204-211 [2005] L.N. de Castro, J. Timmis. “Artificial Immune Systems: A New Computational Intelligence Approach” Springer, 2002. Yang, J., Liu, X., Tao, L., Liang, G. and Liu, S. Distributed agents model for intrusion detection based on AIS. Knowledge-Based Systems. 2009. 22(2): 115–119. J. D. Farmer, N. H. Packard, and A. S. Perelson. The immune system, adaptation and machine learning. Physica D, 22:187–204, 1986. S. Forrest, A.S. Perelson, L. Allen, R. Cherukuri, Self–nonself discrimination in a computer, in: Proc. IEEE Symposium on Research Security and Privacy, 1994, pp. 202–212. S. Hofmeyr, S. Forrest, Architecture for an artificial immune system, Evolutionary Computation 7 (1) (2000) 1289–1296. Matzinger, P. The Danger Model: A Renewed Sense of Self. In: Science. 2002. 296: 301–305. Fu, H., Yuan, X. and Hu, L. Design of a four-layer model based on danger theory and AIS for IDS. International Conference on Wireless Communications, Networking and Mobile Computing. IEEE. 2007. Tan, M., Yu, H., Zhao, Z., Liu, Z. and Liu, F. An artificial immunitybased proactive defense system. International Conference on Robotics and Biomimetics. IEEE. 2008. Zulkernine, M., and Kannadiga, P. DIDMA: A Distributed Intrusion Detection System Using Mobile Agents. Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on SelfAssembling Wireless Networks. IEEE. 2005. Dal, D., Abraham, S., Abraham, A., Sanyal, S. and Sanglikar, M. (2008). Evolution Induced Secondary Immunity An Artificial Immune System based Intrusion Detection System. In: 7th Computer Information Systems and Industrial Management Applications. IEEE. Fanelli, R. L. A Hybrid Model for Immune Inspired Network Intrusion Detection. In: Artificial Immune Systems. Phuket, Thailand. 107-119. 2009. Aickelin, U., Bentley, P., Cayzer, S., Kim, J., and McLeod, J. (2003). Danger theory: The link between AIS and IDS? In: 2nd International Conference in Artificial Immune Systems Edinburgh, UK: Springer. 147–155. 2003.