BIOLOGICAL INSPIRED INTRUSION PREVENTION AND SELF-HEALING SYSTEM FOR CRITICAL SERVICES NETWORK

With the explosive development of the critical services network systems and Internet, the need for networks security systems have become even critical with the enlargement of information technology in everyday life. Intrusion Prevention System (IPS) provides an in-line mechanism focus on identifying and blocking malicious network activity in real time. This thesis presents new intrusion prevention and self-healing system (SH) for critical services network security. The design features of the proposed system are inspired by the human immune system, integrated with pattern recognition nonlinear classification algorithm and machine learning. Firstly, the current intrusions preventions systems, biological innate and adaptive immune systems, autonomic computing and self-healing mechanisms are studied and analyzed. The importance of intrusion prevention system recommends that artificial immune systems (AIS) should incorporate abstraction models from innate, adaptive immune system, pattern recognition, machine learning and self-healing mechanisms to present autonomous IPS system with fast and high accurate detection and prevention performance and survivability for critical services network system. Secondly, specification language, system design, mathematical and computational models for IPS and SH system are established, which are based upon nonlinear classification, prevention predictability trust, analysis, self-adaptation and self-healing algorithms. Finally, the validation of the system carried out by simulation tests, measuring, benchmarking and comparative studies. New benchmarking metrics for detection capabilities, prevention predictability trust and self-healing reliability are introduced as contributions for the IPS and SH system measuring and validation. Using the software system, design theories, AIS features, new nonlinear classification algorithm, and self-healing system show how the use of presented systems can ensure safety for critical services networks and heal the damage caused by intrusion. This autonomous system improves the performance of the current intrusion prevention system and carries on system continuity by using self-healing mechanism

DEVELOPMENT OF SECUREPLUS ANTIVIRUS WITH THE ARTIFICIAL IMMUNE SYSTEMMODEL

This paper is about Malware proliferation in the wide and the development of an Antivirus called Secure Plus. Malware is a generic name for malfunctioned program codes that could wreak destructive impacts on Information Technology critical infrastructures. These malware usually use various techniques to avoid being detected; usually they are encrypted using hybridized cryptographic algorithms. Malware may be detected using antivirus that can scan the database signatures already accumulated and stored by antivirus vendors in some server. These stored databases signatures can then be compared with zero-day malware through comparison with the benign software. The zero-day malware are of sophisticated program codes that can transmute into different transforming patterns; yet retain their portent functionalities attributes and are now of billion categories by deverse clones. This paper after over viewing the literatures on ground (and they are of large numerical numbers), attempts to make its contribution to the design and development of Antivirus that can detect those zero-day or metamorphic malware. This proposed Antivirus being developed is christened Secure Plus that applies the heuristic Artificial Immune System Algorithm for the design and development. The tested experimental outputs are provided as prove of the Secure Plus effectual functionality worthy of application but need further works through to detect malware proactively

From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods

Over the last five years there has been an increase in the frequency and diversity of network attacks. This holds true, as more and more organisations admit compromises on a daily basis. Many misuse and anomaly based Intrusion Detection Systems (IDSs) that rely on either signatures, supervised or statistical methods have been proposed in the literature, but their trustworthiness is debatable. Moreover, as this work uncovers, the current IDSs are based on obsolete attack classes that do not reflect the current attack trends. For these reasons, this paper provides a comprehensive overview of unsupervised and hybrid methods for intrusion detection, discussing their potential in the domain. We also present and highlight the importance of feature engineering techniques that have been proposed for intrusion detection. Furthermore, we discuss that current IDSs should evolve from simple detection to correlation and attribution. We descant how IDS data could be used to reconstruct and correlate attacks to identify attackers, with the use of advanced data analytics techniques. Finally, we argue how the present IDS attack classes can be extended to match the modern attacks and propose three new classes regarding the outgoing network communicatio

An evolutionary computing model for the study of within-host evolution

Evolution of an individual within another individual is known as within-host dynamics (WHD). The most common modeling technique to study WHD involves ordinary differential equations (ODEs). In the field of biology, models of this kind assume, for example, that both the number of viruses and the number of mouse cells susceptible to being infected change according to their interaction as stated in the ODE model. However, viruses can undergo mutations and, consequently, evolve inside the mouse, whereas the mouse, in turn, displays evolutionary mechanisms through its immune system (e.g., clonal selection), defending against the invading virus. In this work, as the main novelty, we propose an evolutionary WHD model simulating the coexistence of an evolving invader within a host. In addition, instead of using ODEs we developed an alternative methodology consisting of the hybridization of a genetic algorithm with an artificial immune system. Aside from the model, interest in biology, and its potential clinical use, the proposed WHD model may be useful in those cases where the invader exhibits evolutionary changes, for instance, in the design of anti-virus software, intrusion detection algorithms in a corporation’s computer systems, etc. The model successfully simulates two intruder detection paradigms (i.e., humoral detection, danger detection) in which the intruder represents an evolving invader or guest (e.g., virus, computer program,) that infects a host (e.g., mouse, computer memory). The obtained results open up the possibility of simulating environments in which two entities (guest versus host) compete evolutionarily with each other when occupying the same space (e.g., organ cells, computer memory, network

Modeling the Artificial Immune System to the Human Immune System with the Use of Agents

The purpose of this study is to provide a model and a work frame to approximate the artificial immune system to the human immune system with the use of agents to counter malicious software (malware). The artificial immune system components are commercial off-the-shelf products that are managed by the agent that coordinate and synchronize their activity. The behavior of the agent is a simulation of the B-cells in the Human Immune System in the encapsulation, analysis and digestion of the antigen. The proposed architecture can be implemented in almost certainty based on the use of the commercial off-the-shelf products (COTS). The agent can be constructed to perform the required functionality with the help of the sandbox tools that provide the encapsulation. Anomaly detectors provide the knowledge of any process' action that is considered abnormal, hence, a possible malware. The Antivirus applications provide the digestion of the antigen, where known malware is handled directly, while unknown malware is analyzed by signature extraction, then handled by the antivirus. Other components such as intrusion detection (ID) applications perform the defenses at the entrances to the system (communication channels) and the firewall applications provide the prevention of the spread of the antigen and quarantining it in the infected node. The implementation of the model will provide a parallel self-healing system against antigens along side the applications and hardware self-healing systems.Computer Science Departmen

Computer Immunodeficiency: Analogy between Computer Security and HIV

Current security systems are designed to prevent foreseeable attacks. Those security systems do not prevent effectively the more emergent types of attacks, like a botnet, whose presence and behavior is difficult to predict. In order to predominate those types of attacks, we advocate an adaptive security approach based on the animal immune system. But since those sophisticated attacks can also be directed at the security systems themselves, leading to computer immunodeficiency, like HIV, in this paper we propose a protocol that protects the immune system itself. This approach discriminates between attacks on the security systems, which are part of the computer immune system, and attacks on other vital computer systems in an information infrastructure