Geodesic
Synthesizing of intrusion prevention system based on the association of human immune system and operating system
Matematičeskoe modelirovanie, Tome 19 (2007) no. 12, pp. 3-12.

Voir la notice de l'article provenant de la source Math-Net.Ru

Current approaches to intrusion detection are generally based on the observation of only one source of information such as network traffic, resource usage, logs etc. In this paper we would get a more precise conclusion about the incident of intrusion if we used all the available information. In this paper we are going to present an approach to an Intrusion Prevention System (IPS) which tries to solve this problem and trigger an active response exclusively for dangerous security events. We will show how to link The Danger Theory of immunology with components of the operating system for the synthesizing of intrusion prevention system. We'll also propose a technique inspired by the clonal selection mechanism of the immune system which links the anomaly behavior of system processes with received network traffic and can generate new signatures of network intrusions on the fly. We'll discuss an implementation of this approach based on the example of a developed prototype which works in the kernel space of Linux. Our IPS combines signature and anomaly based approaches and balances between corresponding modules using several methods. 
@article{MM_2007_19_12_a0,
     author = {A. V. Krizhanovsky and A. M. Marasanov},
     title = {Synthesizing of intrusion prevention system based on the association of human immune system and operating system},
     journal = {Matemati\v{c}eskoe modelirovanie},
     pages = {3--12},
     publisher = {mathdoc},
     volume = {19},
     number = {12},
     year = {2007},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/MM_2007_19_12_a0/}
}
TY  - JOUR
AU  - A. V. Krizhanovsky
AU  - A. M. Marasanov
TI  - Synthesizing of intrusion prevention system based on the association of human immune system and operating system
JO  - Matematičeskoe modelirovanie
PY  - 2007
SP  - 3
EP  - 12
VL  - 19
IS  - 12
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/MM_2007_19_12_a0/
LA  - ru
ID  - MM_2007_19_12_a0
ER  - 
%0 Journal Article
%A A. V. Krizhanovsky
%A A. M. Marasanov
%T Synthesizing of intrusion prevention system based on the association of human immune system and operating system
%J Matematičeskoe modelirovanie
%D 2007
%P 3-12
%V 19
%N 12
%I mathdoc
%U http://geodesic.mathdoc.fr/item/MM_2007_19_12_a0/
%G ru
%F MM_2007_19_12_a0
A. V. Krizhanovsky; A. M. Marasanov. Synthesizing of intrusion prevention system based on the association of human immune system and operating system. Matematičeskoe modelirovanie, Tome 19 (2007) no. 12, pp. 3-12. http://geodesic.mathdoc.fr/item/MM_2007_19_12_a0/

[1] U. Aickelin, J. Greensmith, J. Twycross, Immune System Approaches to Intrusion Detection, Review, School of Computer Science, University of Nottingham, 2004

[2] D. Dasgupta, F. A. Gonzalez, “An Immunity-Based Technique to Characterize Intrusions in Computer Networks”, IEEE Transactions on Evolutionary Computation, 2002, 1081–1088

[3] F. A. Gonzalez, D. Dasgupta, “Anomaly Detection Using Real-Valued Negative Selection”, Journal of Genetic Programming and Evolvable Machines, 2003, 383–403 | DOI

[4] A. Somayaji, S. Forrest, “Automated Response Using System-Call Delays”, Proceedings of the 9th USENIX Security Symposium, 2000

[5] P. Matzinger, The Real Function of the Immune System or Tolerance and Four D's (Danger, Death, Destruction and Distress), http://cmmg.biosci.wayne.edu/asg/polly.html

[6] S. M. Garret, “How Do We Evaluate Artificial Immune Systems?”, Evolutionary Computation, 13:2 (2005), 145–178 | DOI

[7] J. Kim, P. Bentley, “An Evaluation of Negative Selection in an Artificial Immune System for Network Intrusion Detection”, Genetic and Evolutionary Computation Conference (GECCO-2001), 2001, 1330–1337

[8] U. Aickelin, P. Bentley, S. Cayzer, J. Kim, J. McLeod, “Danger Theory: The Link between AIS and IDS?”, Second International Conference on Artificial Immune Systems (ICARIS-2003) (Edinburgh, UK), 2003, 147–155

[9] U. Aickelin, S. Cayzer, “The Danger Theory and Its Application to AIS”, Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS-2002), 2002, 141–148

[10] T. H. Ptacek, T. N. Newshman, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, Secure Networks Inc., 1998

[11] J. Kim, Integrating Artificial Immune Algorithms for Intrusion Detection, PhD thesis, Dept. of Computer Science, University College London, July 2002

[12] Elektronnaya entsiklopediya “Biologiya cheloveka. Immunologiya”, http://obi.img.ras.ru/humbio/

[13] L. N. de Castro, J. Timmis, “Artificial Immune Systems: A Novel Paradigm to Pattern Recognition”, Artificial Neural Networks in Pattern Recognition, SOCO-2002 (University of Paisley, UK), 67–84

[14] J. Kim, P. Bentley, “Towards an Artificial Immune System for Network Intrusion Detection: An Investigation of Dynamic Clonal Selection”, Proceedings of the Congress on Evolutionary Computation (CEC-2002) (Honolulu, May 2002), 1015–1020

[15] M. M. Williamson, Biologically-Inspired Approaches to Computer Security, Technical Report HPL-2002-131, HP Labs, Bristol, UK, 2002

[16] S. Forrest, S. Hofmer, A. Somayaji, T. Longstaff, “A Sense of Self for UNIX processes”, Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy, IEEE Press, 1996

[17] Snort Intrusion Detection System, http://www.snort.org

[18] Vulnerability description, http://www.securiteam.com/exploits/5AP041F8VA. html

[19] S. N. Chari, P. C. Cheng, BlueBoX: A Policy-driven, Host-Based Intrusion Detection System, IBM Thomas J. Watson Research Center, NDSS, 2002

[20] G. Navarro, “NR-grep: a fast and flexible pattern matching tool”, Software Practice and Experience (SPE), 2001, 1265–1312 | DOI | Zbl

[21] G. Navarro, M. Raffinot, “Compat DFA representation for fast regular expression search”, Proceedings of the 5th Workshop on Algorithm Engineering (WAE'01), LNCS 2141, 2001, 1–12 | MR | Zbl

[22] G. Navarro, M. Raffinot, “New Techniques for Regular Expression Searching”, Algorithmica, 41:2 (2004), 89–116 | DOI | MR