S.A. Hofmeyr. An Immunological Model of Distributed Detection and its Application to Computer Security. PhD thesis, University of New Mexico, 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....strings were used as negative detectors to detect novel sequences of bytes, such as those introduced when a virus corrupts or infects a file. The ARTIS framework is an extension of this work that applies negative selection to detect anomalies in streams of data rather than in static data sets [27, 28]. The ARTIS framework was demonstrated on the problem of network anomaly intrusion detection [27, 28, 4] in which any unusual cluster of TCP connections is flagged as anomalous. Many useful sources of information contain unexpected but interesting data, however, so it might be undesirable for an ....

....when a virus corrupts or infects a file. The ARTIS framework is an extension of this work that applies negative selection to detect anomalies in streams of data rather than in static data sets [27, 28] The ARTIS framework was demonstrated on the problem of network anomaly intrusion detection [27, 28, 4] in which any unusual cluster of TCP connections is flagged as anomalous. Many useful sources of information contain unexpected but interesting data, however, so it might be undesirable for an IIS to reject all novel data. Consequently, the IIS design is inspired by the immune system s ability to ....

[Article contains additional citation context not shown here]

S. A. Hofmeyr, An immunological model of distributed detection and its application to computer security, Ph.D. thesis, University of New Mexico, Albuquerque, New Mexico, 1999.

....These strings were used as negative detectors to detect novel sequences of bytes, such as those introduced when a virus corrupts or infects a le. The ARTIS framework is an extension of this work that applies negative selection to detect anomalies in streams of data rather than in static data sets [18, 19]. This framework was used to create systems to detect network intrusions [18, 19, 27, 54] We believe that most useful sources of information present continually changing streams of data, so that it would be undesirable for an IIS to reject all novel data. The IIS is inspired by the immune ....

....such as those introduced when a virus corrupts or infects a le. The ARTIS framework is an extension of this work that applies negative selection to detect anomalies in streams of data rather than in static data sets [18, 19] This framework was used to create systems to detect network intrusions [18, 19, 27, 54]. We believe that most useful sources of information present continually changing streams of data, so that it would be undesirable for an IIS to reject all novel data. The IIS is inspired by the immune system s ability to remember past encounters with pathogens, while the arti cial immune system ....

S. A. Hofmeyr. An immunological model of distributed detection and its application to computer security. PhD thesis, University of New Mexico, Albuquerque, New Mexico, 1999.

....interest based communication model and that all the data analysis is done by agents without the presence of any analysis hierarchy. Under certain assumptions, distributed intrusion detection can be performed without the need for communication between local detection components as shown by Hofmeyr [7]. But under general conditions, a completely distributed analysis requires global correlation and intelligent coordination among the distributed analysis units, which can introduce a significant resource overhead as noted in EMERALD. In our current research effort, we propose a framework for a ....

S. Hofmeyr. An Immunological Model of Distributed Detection and Its Application to Computer Security. PhD thesis, University of New Mexico, May 1999. 12

....superficially, by building a normal profile by monitoring what is assumed to be typical behavior for some period of time. The profile is then used in comparison with online behavior, and anomalies are flagged when the two are different. A short summary is provided for both. For more detail, see [65, 31, 30]. Lisys is directly modeled on the immune system. To explain a bit simplistically, some number of random packet headers are generated by the system on each node of the network as candidate detectors. During the tolerization period each packet s header observed on the network is compared with ....

Steven Hofmeyer. An Immunological Model of Distributed Detection and its Application to Computer Security. PhD thesis, University of New Mexico, 1999.

.... fault diagnosis, virus detection, and mortgage fraud detection (Dasgupta, 1998; Kephart et al.,1995) Among these various areas, intrusion detection is a vigorous research area where the employment of an artificial immune system (AIS) has been examined (Dasgupta, 1998; Kim and Bentley, 1999b; Hofmeyr, 1999; Hofmeyr and Forrest, 2000; Forrest and Hofmeyr, 2000) The main goal of intrusion detection is to detect unauthorised use, misuse and abuse of computer systems by both system insiders and external intruders. Currently many network based intrusion detection systems (IDS s) have been developed ....

....considered that new anomaly must have occurred in the monitored system. This negative selection algorithm has been successfully applied to detect computer viruses (Forrest et al. 1994) tool breakage detection and time series anomaly detection (Dasgupta, 1998) and network intrusion detection (Hofmeyr, 1999; Hofmeyr and Forrest, 2000; Forrest and Hofmeyr, 2000) Besides these practical results, D haeseleer (1997) showed several advantages of negative selection as a novel distributed anomaly detection approach. 3 ALGORITHM OVERVIEW This work used a negative selection algorithm to build an anomaly ....

[Article contains additional citation context not shown here]

Hofmeyr, S., (1999) An Immunological Model of Distributed Detection and Its Application to Computer Security, Phd Thesis, Dept of Computer Science, University of New Mexico.

....events [18, 30] with good success rates, and Tan [47] used neural networks to classify network trac. Frank [20] has surveyed some of these techniques and their possible uses in intrusion detection. In the area of innovative intrusion detection techniques, research has been made lately by Hofmeyr [26] on adaptive intrusion detection , which uses an analogy to the human immune system to provide a highly distributed intrusion detection system that can detect sequences of events that do not belong to the normal behavior of the system (called self ) This system is interesting because it ....

Steven Andrew Hofmeyr. An Immunological Model of Distributed Detection and Its Application to Computer Security. PhD thesis, University of New Mexico, May 1999. URL ftp://coast.cs.purdue.edu/pub/doc/ intrusion_detection/hofmeyer-distributed-detection.ps.gz.

....mechanisms that inspired the model. Of c 1999 by the Massachusetts Institute of Technology Evolutionary Computation 7(1) 45 68 necessity, the immunological details will be sparse and fragmentary; for a detailed overview of immunology that is still accessible to non immunologists, consult [20] 3 . 3.1 DEFINING THE PROBLEM All discrimination between self and nonself in the IS is based upon chemical bonds that form between protein chains. To preserve generality, we model protein chains as binary strings of xed length . The IS must distinguish self from nonself based on proteins; ....

....models indicate ways in which selection could occur, if cytokines re ect the local state of the system (i.e. the damage su ered from pathogens, the damage su ered from the immune system, etc. 37] 11 We have also used other methods of changing the representation. This is the simplest. See [20] for details. c 1999 by the Massachusetts Institute of Technology Evolutionary Computation 7(1) 45 68 We focus on a particular form of e ector selection, instantiated by a class of lymphocytes called B cells. When B cells are activated, they can di erentiate to become plasma cells that secrete a ....

[Article contains additional citation context not shown here]

Steven A. Hofmeyr. A Immunological Model of Distributed Detection and its Application to Computer Security. PhD thesis, Department of Computer Sciences, University of New Mexico, April 1999.

.... to the immune system protecting the body (self ) from invasion by harmful microbes (nonself ) Within this domain, we have studied several problems, including computer virus detection [6, 14] host based intrusion detection [11, 12, 22, 53] automated response [51] and network intrusion detection [23, 25]. This last project incorporates several di erent immune sys Stephanie Forrest and Steven A. Hofmeyr 375 (a) Vaccine1 B cells Ball of Stimulation Memory cells and antibodies produced in response to vaccine1 (b) Vaccine2 Cells and antibodies in the intersection cross react with both ....

....the environment because we needed to repeat many di erent runs of the simulation to test out the e ects of the various mechanisms. We also collected seven traces of network trac during real incidents of attempted and successful intrusions (for a description of these intrusions, see Hofmeyr [25]) In the simulation, with each of the 50 computers running with 100 detectors, the false positive rates were on the order of two per day. This is regarded as very low in the intrusion detection community [32] In addition, the system successfully detected all seven intrusive incidents, in all ....

Hofmeyr, Steven A. \An Immunological Model of Distributed Detection and Its Application to Computer Security." Ph.D. diss., University of New Mexico, Albuquerque, NM, 1999.

....system, and so in the course of describing ARTIS, we shall describe the equivalent biological mechanisms that inspired the model. Of necessity, the immunological details will be sparse and fragmentary; for a detailed overview of immunology that is still accessible to non immunologists, consult [20] 3 . 3.1 DEFINING THE PROBLEM All discrimination between self and nonself in the IS is based upon chemical bonds that form between protein chains. To preserve generality, we model protein chains as binary strings of fixed length . The IS must distinguish self from nonself based on proteins; ....

....viruses, such as the Epstein Barr virus, that have evolved dominant peptides which cannot be bound by particular MHC types, leaving individuals who have those MHC types vulnerable to the disease [25] 11 We have also used other methods of changing the representation. This is the simplest. See [20] for details. 12 holes holes Figure 5: The existence of holes. There are strings in the nonself set that cannot be covered by valid negative detectors of a given specificity (match length r) The size of the dark circles representing detectors is an indication of the generality of those ....

[Article contains additional citation context not shown here]

Steven A. Hofmeyr. A Immunological Model of Distributed Detection and its Application to Computer Security. PhD thesis, Department of Computer Sciences, University of New Mexico, April 1999.

....prototypes for several computer security problems. Armed with that experience, we show here how to embed an architecture for adaptive behavior in a real time environment with live agents (computers and the humans who operate them) A more detailed description of the AIS architecture appears in [9, 10], together with experimental and analytical results of its performance. Our emphasis here is on the comparison with classifier systems. 2 THE IMMUNE SYSTEM The immune system is highly complicated and appears to be precisely tuned to the problem of detecting and eliminating infections. It is also ....

....robust, degrades gracefully, and is resilient to errors and subversion [20] These are properties we would like to see in computer security systems. We have studied several computer security problems, including computer virus detection [6] host based intrusion detection [5] and network security [9]. In this paper we concentrate on the latter protecting a local area broadcast network (LAN) from network based attacks. Broadcast LANs have the convenient property that every location (computer) sees every packet passing through the LAN, so we can view the entire LAN as the body to be ....

S. A. Hofmeyr. An immunological model of distributed detection and its application to computer security. PhD thesis, Univ. of New Mexico, Albuquerque, NM, 1999.

....system mechanisms is computer security, where the analogy between protecting the body and protecting a normally operating computer is evident. Within this domain, we have studied several problems, including computer virus detection [6] host based intrusion detection [5] and network security [8]. In this paper we concentrate on the latter protecting a local area broadcast network (LAN) from network based attacks. Broadcast LANs have the convenient property that every location (computer) sees every packet passing through the LAN. In this domain, we define self to be the set of normal ....

Steven A. Hofmeyr. A Immunological Model of Distributed Detection and its Application to Computer Security. PhD thesis, Department of Computer Sciences, University of New Mexico, April 1999.

No context found.

S.A. Hofmeyr. An Immunological Model of Distributed Detection and its Application to Computer Security. PhD thesis, University of New Mexico, 1999.

No context found.

Steven Hofmeyr. An immunological model of distributed detection and its application to computer security. PhD thesis, University Of New Mexico, 1999.

No context found.

S. A. Hofmeyr. A Immunological Model of Distributed Detection and its Application to Computer Security. PhD thesis, Department of Computer Science, University of New Mexico, Apr. 1999.

No context found.

S.A. Hofmeyr. An Immunological Model of Distributed Detection and it's Application to Computer Security. PhD thesis, Department of Computer Sciences, University of New Mexico, April 1999.

No context found.

Steven A. Hofmeyr. An immunological model of distributed detection and its application to computer security. PhD thesis, University of New Mexico, Albuquerque, NM, 1999.

No context found.

S.A. Hofmeyr. An Immunological Model of Distributed Detection and it's Application to Computer Security. PhD thesis, Department of Computer Sciences, University of New Mexico, April 1999.

No context found.

S. Hofmeyr. An immunological model of distributed detection and its application to computer security. PhD ths., UNM, 1999.

No context found.

S. Hofmeyr. An immunological model of distributed detection and its application to computer security. PhD thesis, University of New Mexico, Albuquerque, NM, 1999.

No context found.

S.A. Hofmeyr. An Immunological Model of Distributed Detection and it's Application to Computer Security. PhD thesis, Department of Computer Sciences, University of New Mexico, April 1999.

No context found.

S. A. Hofmeyr. A Immunological Model of Distributed Detection and its Application to Computer Security.PhD thesis, Department of Computer Science, University of New Mexico, Apr. 1999.

No context found.

S. Hofmeyr. An immunological model of distributed detection and its application to computer security. PhD thesis, University of New Mexico, Albuquerque, NM, 1999.

No context found.

S. Hofmeyr. An immunological model of distributed detection and its application to computer security. PhD ths., UNM, 1999.

No context found.

Steven Andrew Hofmeyr. An Immunological Model of Distributed Detection and Its Application to Computer Security. PhD thesis, University of New Mexico, May 1999. URL ftp://coast.cs.purdue.edu/pub/doc/intrusion_ detection/hofmeyer-distributed-detection.ps.gz.

No context found.

Hofmeyr, S. A. (1999). An Immunological Model of Distributed Detection and its Application to Computer Security. PhD thesis, University of New Mexico. 22

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC