Performance evaluation of an immunity-enhancing module for server applications

Abstract

This paper focuses on an artificial immunity-enhancing module designed to counter internet-based cyberattacks on high-availability servers. The module consists of innate and adaptive immune functions. The innate immune function detects known and unknown cyberattacks, whereas the adaptive immune function uses a random forest classifier to learn the cyberattack detected by the innate immune function. This paper proposes a new innate immune function that detects two DoS attacks not detected by our previous innate immune function. In addition, a mechanism to maintain learning data is added to the adaptive immune function. The performance of the module was evaluated using four types of attack. Its overall detection accuracy was found to be 87.3%, corresponding to true positive and true negative rates of 78.95% and 95.70%, respectively. Investigation of its detection accuracy for four types of attack showed that a single type of attack degraded the overall detection accuracy. The overheads of the innate and adaptive immune functions were 6% and 4%, respectively, and were little affected by the number of trees in a random forest classifier. The number of learning data required by the adaptive immune function to maintain its high detection accuracy against cyberattacks was approximately 900.