Multi-layer Intrusion Detection and Defence Mechanisms Based on Immunity

Recently network intrusion detection is one of the hottest research topics. Existing network-based Intrusion Detection System (IDS) has drawbacks in many aspects, among of which the two outstanding problems are the high ratio of false alarms and the lack of self-adaptation. The powerful information processing capabilities of the biological immune system, such as feature extraction, pattern recognition, learning, memory, and its distributive multi-layer defence mechanisms provide rich metaphors for designing a computer immune defence system. In this approach, the authors propose a novel multi-layer defence mechanisms based on immunity, which is capable of detecting and identifying both known and unknown intrusions, elaborating a specialized response measure. Besides that, the proposed defence mechanisms have the same learning and adaptive capability of the biological immune system, and so it is able to monitor networked computer´s activities at different levels, and to improve its response under subsequent exposures to the same attack. This on-going research effort is not to mimic simply the immunology characteristics but to explore and learn valuable lessons useful for self-adaptive immune intrusion prevention systems.