Integrating Innate and Adaptive Immunity for Intrusion Detection

TL;DR

This paper proposes a novel immune-inspired algorithm for intrusion detection that aims to identify new attack variations beyond known signatures, enhancing detection capabilities by mimicking the human immune system.

Contribution

It introduces an immune algorithm that detects novel attack variations, addressing limitations of signature-based IDS and improving detection of unknown threats.

Findings

Successfully identifies variations of known attacks

Reduces false positives in intrusion detection

Enhances detection of novel attack patterns

Abstract

Network Intrusion Detection Systems (NDIS) monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDS's rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alters, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to an intrusion detection problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.