Abstract
An intrusion detection system inspired by the human immune system is described: a custom artificial immune system that monitors a local area containing critical files in the operating system. The proposed mechanism scans the files and checks for possible malware-induced alterations in them, based on a negative selection algorithm. The system consists of two modules: a receptor generation unit, which generates receptors using an original method based on templates, and an anomaly detection unit. Anomalies detected in the files using previously generated receptors are reported to the user. The system has been implemented and experiments have been conducted to compare the effectiveness of the algorithms with that of a different receptor generation method, called the random receptor generation method. In a controlled testing environment, anomalies in the form of altered program code bytes were injected into the monitored programs. Real-world tests of this system have been performed regarding its performance and scalability. Experimental results are presented, evaluated in a comparative analysis, and some conclusions are drawn.
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call