An Immune Inspired Network Intrusion Detection System Utilising Correlation Context
Gianni Tedesco, Uwe Aickelin
TL;DR
This paper introduces an immune-inspired algorithm for network intrusion detection that aims to identify novel attack variations beyond known signatures, enhancing detection capabilities.
Contribution
It presents a novel immune algorithm tailored for IDS to detect new attack variants, addressing limitations of signature-based systems.
Findings
Effective detection of attack variations
Reduced false positives
Enhanced adaptability to new threats
Abstract
Network Intrusion Detection Systems (NIDS) are computer systems which monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDSs rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to the IDS problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.