An Approach for Adaptive Intrusion Prevention Based on The Danger

Author

Krizhanovsky, Alexander ; Marasanov, Alexander

Author_Institution

Moscow Aviation Inst.

fYear

2007

fDate

10-13 April 2007

Firstpage

1135

Lastpage

1142

Abstract

Current approaches to intrusion detection are generally based on the observation of only one source of information such as network traffic, system calls, resource usage etc. However, we would get a more precise conclusion about the incident of intrusion if we used the entire available information. We are going to present an approach to an intrusion prevention system (IPS) which is inspired by the danger theory of immunology and tries to solve this problem by analyzing more sources of information. In this paper we will show how to link the entities which participate in the interactions described by this theory with components of the operating system for synthesizing of IPS. Well also introduce a technique inspired by the clonal selection mechanism of the human immune system which links the anomaly behavior of system processes with received network traffic and can generate new signatures of network intrusions on the fly

Keywords

artificial immune systems; operating systems (computers); security of data; adaptive intrusion prevention system; anomaly behavior; clonal selection; danger theory; immune system; immunology; information source analysis; network intrusion; network traffic; operating system; Bones; Genetic mutations; Humans; Immune system; Information analysis; Information resources; Intrusion detection; Operating systems; Pathogens; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on

Conference_Location

Vienna

Print_ISBN

0-7695-2775-2

Type

conf

DOI

10.1109/ARES.2007.36

Filename

4159918