Abstract
Artificial immune systems have previously been applied to the problem of intrusion detection. The aim of this research is to develop an intrusion detection system based on the function of Dendritic Cells (DCs). DCs are antigen presenting cells and key to the activation of the human immune system, behaviour which has been abstracted to form the Dendritic Cell Algorithm (DCA). In algorithmic terms, individual DCs perform multi-sensor data fusion, asynchronously correlating the fused data signals with a secondary data stream. Aggregate output of a population of cells is analysed and forms the basis of an anomaly detection system. In this paper the DCA is applied to the detection of outgoing port scans using TCP SYN packets. Results show that detection can be achieved with the DCA, yet some false positives can be encountered when simultaneously scanning and using other network services. Suggestions are made for using adaptive signals to alleviate this uncovered problem.
Highlights
The Dendritic Cell Algorithm (DCA) is a recent addition to artificial immune systems (AIS), a collection of algorithms inspired by the human immune system
The active normal (AN) signals are more variable than the passive normal (PN) signals, as many more processes run during the AN session
The DCA is a new development in AIS, and as yet has not been extensively tested
Summary
The Dendritic Cell Algorithm (DCA) is a recent addition to artificial immune systems (AIS), a collection of algorithms inspired by the human immune system. In this paper we present an approach to intrusion detection inspired by the observed behaviour of natural dendritic cells. DCs form ideal inspiration for an artificial immune system based intrusion detection algorithm as they are a key cell in this biological decision. The majority of techniques in IDS rely on signature-based misuse systems, where patterns of known malicious behaviour are stored in a database and are compared against observed patterns at run-time[13]. This approach can lead to false negative errors as the signature base must be constantly updated in order to provide adequate protection. The method employed to achieve protection against breaches in computer security was the negative selection (NS) algorithm [7]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
