A Network IDS with low false positive rate

Author

Qiao, Yan ; Weixin, Xie

Author_Institution

Xidian Univ., Xi´´an, China

Volume

2

fYear

2002

fDate

6/24/1905 12:00:00 AM

Firstpage

1121

Lastpage

1126

Abstract

An intrusion detection model AINIDS (an artificial immunological network intrusion detection system) based on the biological immune mechanism is given, which consists of two types of components: detectors and monitor agents. The detectors derive from LISYS (a network-based IDS given by Hofmeyr) and have the same advantages as LISYS has such as: distributability, diversity, error tolerant, dynamic defensive, adaptability, and perfectly integrating the anomaly detection techniques with misuse detection techniques, and so on. Three monitor agents in AINIDS provide the co-stimulation signal to the detectors in order to effectively reduce the false positive alarm. These agents monitor whether the integrity, confidentiality, or availability of a crucial computer system is compromised respectively. Since AINIDS adopts a more objective and reasonable co-stimulation mechanism based on the definition of intrusion and the principle of biological immune than LISYS does, it has very low false positive rate. The preliminary experiment results show the effectiveness of our system

Keywords

computer network management; evolutionary computation; security of data; LISYS; anomaly detection; artificial immunological network intrusion detection; computer system; immune mechanism; integrity; intrusion detection; intrusion detection model; misuse detection; Biological system modeling; Biology computing; Computer architecture; Computer networks; Computerized monitoring; Detectors; Immune system; Intrusion detection; Libraries; Signal detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Evolutionary Computation, 2002. CEC '02. Proceedings of the 2002 Congress on

Conference_Location

Honolulu, HI

Print_ISBN

0-7803-7282-4

Type

conf

DOI

10.1109/CEC.2002.1004400

Filename

1004400