D'haeseleer, P., Forrest, S., and Helman, P. (1996). An immunological approach to change detection: Algorithms, analysis and implications. In IEEE Symposium on Research in Security and Privacy.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....the efficiency of the mapping process will have to be studied with care. To conclude, the proposed approach was used for misuse detection. It could be also used for anomaly detection. The algorithm may then be used to verify that a process behaves as during a training period, as proposed by [9]. ....

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: Algorithms, analysis and imphcations. In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society, IEEE Computer Society Press, May 1996.

....the efficiency of the mapping process will have to be studied with care. To conclude, the proposed approach was used for misuse detection. It could be also used for anomaly detection. The algorithm may then be used to verify that a process behaves as during a training period, as proposed by [9]. ....

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: Algorithms, analysis and implications. In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society, IEEE Computer Society Press, May 1996.

....complex. The general assumption is that the normal behavior of a system can often be characterized by a series of observations over time. Also, normal system behavior generally exhibits stable patterns when observed over a period of time. There are multiple approaches to such anomaly detection [5, 7, 13, 14, 15, 22, 23, 26], and most of them work by building a model or profile of the system that reflects its normal behavior. A simple approach is to define thresholds (upper and lower) for each monitored parameter of the system, and if a parameter exceeds this range, it is considered an abnormality. The most common ....

....among di#erent parameters. The independent values of two di#erent parameters might be considered normal, but their combination might show abnormality, or otherwise [25] Other approaches also build models to predict the future behavior of systems or processes based on the present and past states [4, 5, 14, 17, 23]. Accordingly, if the actual state of the system di#ers considerably from the predicted state, an anomaly alarm is raised. These approaches are more successful in capturing temporal and multiple variable correlations. However, more time is needed for training the model, and in some cases its ....

[Article contains additional citation context not shown here]

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: Algorithms. In Proceedings of the 1996.

....of the more general problem of distinguishing self, e.g. the normal behavior of system programs, from other, e.g. the behavior of trojanized system programs. The resulting anomaly detector was initially presented as a change detection algorithm applied to the detection of computer viruses [2]. It has since been applied to the task of detecting intrusions or exploits by way of detecting abnormal behavior in processes that run with root privileges on UNIX systems. Named stide , Sequence TIme Delay Embedding) the anomaly detector was designed to operate on categorical data in the form ....

Patrick D'haeseleer, Stephanie Forrest and Paul Helman, "An immunological approach to change detection: algorithms, analysis and implications ", Proceedings of the

....approximate matching of tolerance conditions. 3.2 The Perfect Tolerance Conditions The generation of tolerance conditions is critical to the success of this work. It has already been shown in computer security research that such a task requires both novel and efficient matching algorithms [8], 13] 7] The challenge here will be to generate, ideally, two sets of tolerance conditions that provide a general coverage of both valid and invalid state transitions. The challenge is aided for the counter FSM by already knowing the perfect solution through the direct abstraction of all ....

P. D'haeseleer, S. Forrest, and P. Helman. An Immunological Approach to Change Detection: Algorithms, Analysis and Implications. In Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy, pages 110--119, Oakland, CA., 1996. IEEE Computer Society Press.

....the test program. A similar approach could be applied to the investigation of the range of behaviour that an autonomous agent can carry out, before it is deployed in its environment. A related application is to the application of diversity techniques to software security. Forrest and co workers [9, 12, 13] have worked on systems which attempts to defeat computer viruses and similar security threats by creating a system which compiles the same software in a number of di erent ways, so that a virus cannot exploit the structure of the compiled program. Again this relies simply on uniform random ....

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: Algorithms, analysis and implications. In IEEE Symposium on Security and Privacy. IEEE Press, 1996.

....with a particular program that was to be tested. We generate a range of potential inputs, and monitor which parts of the program are being well tested by these inputs, then we use this data to nd examples which test other parts of the program. 2.5 Software security. Work by Forrest and others [34, 28, 21] has made use of diversity for computer security. The core concept here is that one of the major security holes in computer systems is their similarity the same software is run by many people, and so if someone can exploit a loophole in the way that software is written, they can breach the ....

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: Algorithms, analysis and implications. In IEEE Symposium on Security and Privacy. IEEE Press, 1996.

....and nonself, an algorithm must ensure that the comparison between sets of patterns is carried out in the intended way. We call this algorithm the meta level R. To my knowledge, existing AIS always have such a meta algorithm. Even if the architecture is based on distributed pattern detectors e.g. [7]) a meta algorithm must manage the detectors and ensure that recognition of nonself occurs as intended. But if the underlying algorithm R of the anomaly detection process behaves anomalously as a result of an intrusion, there is nothing that can sense this state in current AIS systems. Simply ....

P. D'haeseleer, S. Forrest, P. Helman. "An Immunological Approach to Change Detection: Algorithms, Analysis and Implications" in Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy, Oakland, California. IEEE Press Los Alamitos, CA, pages 110-119.

....in the sixties by professor John Holland at university of Michigan as models of an Artificial Evolution. In the thirty past years, they have been successfully applied to a wide range of problems such as Natural Systems Modeling (e.g. Artificial Life environments [11] immune system modeling [7]) Machine Learning by the way of classifier systems, and optimization. GAs basically handle a population of chromosomes (Individuals) often modeled by long vector of binary genes. Each one encodes a potential solution to the considered problem and is rewarded by a so called Fitness value which ....

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection : algorithms, analysis and implications. In Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy, 1996.

....a user or an application. The basic idea is to baseline normal behavior of the object being monitored and then flag behaviors that are significantly different from this baseline as abnormalities, or possible intrusions. See [Lunt, 1993, Lunt and Jagannathan, 1988, Lunt, 1990, Lunt et al. 1992, D haeseleer et al. 1996, Porras and Neumann, 1997] for sources on anomaly detection approaches. The most significant disadvantage of misuse detection approaches is that they will only detect the attacks for which they are trained to detect. Novel attacks or even variants of common attacks often go undetected. In a time ....

....intrusions can be tracked at a finer grain of resolution. The work of Forrest et al. also examines system processes for anomalous behavior, however, their approach captures system calls from programs and uses a table look up algorithm for detecting potential intrusions [Forrest et al. 1997, D haeseleer et al. 1996] An application of machine learning to intrusion detection has been developed elsewhere as well [Lane and Brodley, 1997] Lane and Brodley s work is similar in that machine learning is used to distinguish between normal and anomalous behavior. However, their work is different in that they build ....

D'haeseleer, P., Forrest, S., and Helman, P. (1996). An immunological approach to change detection: Algorithms, analysis and implications. In IEEE Symposium on Security and Privacy.

No context found.

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: algorithms, analysis and implications. In Proceedings of the 1996.

No context found.

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: algorithms, analysis and implications. In Proceedings of the 1996.

No context found.

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: algorithms, analysis and implications. In Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy. IEEE Press, 1996.

No context found.

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: algorithms, analysis and implications. In Proceedings of the 1996.

....Because of these similarities, we have designed and implemented LISYS, an intrusion detection system that monitors network trac. LISYS demonstrates the utility of ARTIS when applied to a speci c problem domain. In earlier papers we presented our results in the context of computer security [11, 9, 8, 13, 12, 19], deemphasizing more general considerations. The goal of this paper is to rectify that, making the biological connections more concrete and emphasizing the adaptive systems framework in which our implementation resides. In the next section (2) we brie y introduce the immune system, and in the ....

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: Algorithms, analysis and implications. In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA, 1996. IEEE Computer Society Press.

....ed before we have an implementable algorithm (1) How are the detectors represented (2) How is a match de ned (3) How are detectors Stephanie Forrest and Steven A. Hofmeyr 365 generated (4) How ecient is the algorithm These topics are explored in detail in Forrest et al. 14] and D haeseleer [6, 7], but we give highlights here. There are many possible de nitions of self for a computer. Our de nitions rely on the idea that any pattern (e.g. a computer program, an execution trace of a program, or the ow of packets through a local area network) can be represented as a nite length string of ....

....this generating procedure is inecient the number of random strings that must be generated and tested is approximately exponential in the size of self. However, more ecient algorithms based on dynamic programming methods allow us to generate detectors in linear time for the r contiguous bits rule [6]. The negative detection algorithm has several interesting properties. First, it can be easily distributed because each detector can function independently of other detectors, that is, without communication between detectors or coordination of multiple detection events. This is because each ....

[Article contains additional citation context not shown here]

D'haeseleer, P., S. Forrest, and P. Helman. \An Immunological Approach to Change Detection: Algorithms, Analysis, and Implications." In Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy. Los Alamitos, CA: IEEE Press, 1996.

....goals stated above, for an ID system based on NSM, can be achieved through the use of algorithms and architecture that are based on immunological mechanisms. Previous work has isolated and investigated an immunological model of change detection, called negative detection. Forrest, et al. 1994, D haeseleer, et al. 1996, D haeseleer, 1996, D haeseleer, 1995, Helman Forrest, 1994] This research is briefly reviewed here; more details are given later in chapter 3, in the formal description of the model of distributed detection which is a foundation for the results in this dissertation. The problem of anomaly ....

....ID system based on NSM, can be achieved through the use of algorithms and architecture that are based on immunological mechanisms. Previous work has isolated and investigated an immunological model of change detection, called negative detection. Forrest, et al. 1994, D haeseleer, et al. 1996, D haeseleer, 1996, D haeseleer, 1995, Helman Forrest, 1994] This research is briefly reviewed here; more details are given later in chapter 3, in the formal description of the model of distributed detection which is a foundation for the results in this dissertation. The problem of anomaly detection can be ....

[Article contains additional citation context not shown here]

D'haeseleer, P., Forrest, S., & Helman, P. (1996). An immunological approach to change detection: Algorithms, analysis and implications. In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy Los Alamitos, CA: IEEE Computer Society Press.

....Because of these similarities, we have designed and implemented LISYS, an intrusion detection system that monitors network traffic. LISYS demonstrates the utility of ARTIS when applied to a specific problem domain. In earlier papers we presented our results in the context of computer security [11, 9, 8, 13, 12, 19], deemphasizing more general considerations. The goal of this paper is to rectify that, making the biological connections more concrete and emphasizing the adaptive systems framework in which our implementation resides. In the next section (2) we briefly introduce the immune system, and in the ....

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: Algorithms, analysis and implications. In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA, 1996. IEEE Computer Society Press.

....the string representation of the network packets. Each detector set has a different, randomly generated, permutation mask. One limitation of the negative selection algorithm as originally implemented is that it can result in undetectable abnormal patterns called holes, which limit detection rates [3, 2]. Holes can exist for any symmetric, fixed probability matching rule, but by using permutation masks, we effectively change the match rule on each host, and so overcome the hole limitation. Thus, the permutation mask controls how the network packet is presented to the detection system, which is ....

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: Algorithms, analysis and implications. In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA, 1996. IEEE Computer Society Press.

....the string representation of the network packets. Each detector set has a different, randomly generated, permutation mask. One limitation of the negative selection algorithm as originally implemented is that it can result in undetectable abnormal patterns called holes, which limit detection rates [3, 2]. Holes can exist for any symmetric, fixed probability matching rule, but by using permutation masks, we effectively change the match rule on each host, and so overcome the hole limitation. Thus, the permutation mask controls how the network packet is presented to the detection system, which is ....

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: Algorithms, analysis and implications. In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA, 1996. IEEE Computer Society Press.

No context found.

D'haeseleer, P., Forrest, S., and Helman, P. (1996). An immunological approach to change detection: Algorithms, analysis and implications. In IEEE Symposium on Research in Security and Privacy.

No context found.

P.D'haeseleer, Forrest, and P. Helman. An immunological approach to change detection: algorithms, analysis, and implications. In Proceedings of the 1996.

No context found.

P. D'haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: algorithms, analysis and implications. In J. McHugh and G. Dinolt, editors, Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy, pages 110--119, USA, 1996. IEEE Press.

No context found.

D'haeseleer, P., S. Forrest, and P. Helman: 1996, `An immunological approach to change detection: algorithms, analysis and implications'. In: J. McHugh and G. Dinolt (eds.): Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy. USA, pp. 110--119.

No context found.

D'haeseleer, P., S. Forrest & P. Helman (1996), "An Immunological Approach to Change Detection: Algorithms, Analisys and Implications", Proc. of the IEEE Symposium on Computer Security and Privacy.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC