Immunotronics - novel finite-state-machine architectures with built-in self-test using self-nonself differentiation

A novel approach to hardware fault tolerance is demonstrated that takes inspiration from the human immune system as a method of fault detection. The human immune system is a remarkable system of interacting cells and organs that protect the body from invasion and maintains reliable operation even in the presence of invading bacteria or viruses. This paper seeks to address the field of electronic hardware fault tolerance from an immunological perspective with the aim of showing how novel methods based upon the operation of the immune system can both complement and create new approaches to the development of fault detection mechanisms for reliable hardware systems. In particular, it is shown that by use of partial matching, as prevalent in biological systems, high fault coverage can be achieved with the added advantage of reducing memory requirements. The development of a generic finite-state-machine immunization procedure is discussed that allows any system that can be represented in such a manner to be "immunized" against the occurrence of faulty operation. This is demonstrated by the creation of an immunized decade counter that can detect the presence of faults in real tim

An anomaly-based intrusion detection system based on artificial immune system (AIS) techniques

Two of the major approaches to intrusion detection are anomaly-based detection and signature-based detection. Anomaly-based approaches have the potential for detecting zero-day and other new forms of attacks. Despite this capability, anomaly-based approaches are comparatively less widely used when compared to signature-based detection approaches. Higher computational overhead, higher false positive rates, and lower detection rates are the major reasons for the same. This research has tried to mitigate this problem by using techniques from an area called the Artificial Immune Systems (AIS). AIS is a collusion of immunology, computer science and engineering and tries to apply a number of techniques followed by the human immune system in the field of computing. An AIS-based technique called negative selection is used. Existing implementations of negative selection algorithms have a polynomial worst-case run time for classification, resulting in huge computational overhead and limited practicality. This research implements a theoretical concept and achieves linear classification time. The results from the implementation are compared with that of existing Intrusion Detection Systems

Detecção de elementos estranhos em modelos inspirados em imunologia

Mestrado em Engenharia FísicaNeste trabalho é apresentado um algoritmo para detecção de elementos estranhos (nonself) baseado no mecanismo de Frustração Celular. Este mecanismo apresenta uma nova abordagem às interacções celulares que ocorrem no sistema imunológico adaptativo. O conceito é o de que qualquer elemento estranho estabelecerá interacções menos frustradas do que os restantes elementos do sistema, podendo por isso, através do seu comportamento anómalo, ser detectado. O algoritmo proposto possui vantagens em relação aos sistemas imunológicos artificiais mais conhecidos. Entre elas está a possibilidade de obter detecção perfeita com um número reduzido de detectores. Nesta tese, analisa-se comparativamente este algoritmo com algoritmos de selecção negativa existentes na literatura.In this work an algorithm for nonself detection is presented, based on the Cellular Frustration mechanism. This mechanism presents a novel approach to cellular interactions occurring in the adaptive immune system. The concept is that any nonself element will establish less frustrated interactions than the remaining elements of the system, can thus, by its anomalous behaviour, be detected. The proposed algorithm has advantages over the most know artificial immune systems. Among the advantages there is the possibility to achieve perfect detection using a reduced number of detectors. In this thesis, this algorithm is analysed comparatively to negative selection algorithms that can be found in literature

A Self-Adaptive Evolutionary Negative Selection Approach for Anomaly Detection

Forrest et al. (1994; 1997) proposed a negative selection algorithm, also termed the exhaustive detector generating algorithm, for various anomaly detection problems. The negative selection algorithm was inspired by the thymic negative selection process that is intrinsic to natural immune systems, consisting of screening and deleting self-reactive T-cells, i.e., those T-cells that recognize self-cells. The negative selection algorithm takes considerable time (exponential to the size of the self-data) and produces redundant detectors. This time/size limitation motivated the development of different approaches to generate the set of candidate detectors. A reasonable way to find suitable parameter settings is to let an evolutionary algorithm determine the settings itself by using self-adaptive techniques. The objective of the research presented in this dissertation was to analyze, explain, and demonstrate that a novel evolutionary negative selection algorithm for anomaly detection (in non-stationary environments) can generate competent non redundant detectors with better computational time performance than the NSMutation algorithm when the mutation step size of the detectors is self-adapted

Efficient Algorithms for String-Based Negative Selection

Abstract. String-based negative selection is an immune-inspired classi-fication scheme: Given a self-set S of strings, generate a set D of detectors that do not match any element of S. Then, use these detectors to parti-tion a monitor set M into self and non-self elements. Implementations of this scheme are often impractical because they need exponential time in the size of S to construct D. Here, we consider r-chunk and r-contiguous detectors, two common implementations that suffer from this problem, and show that compressed representations of D are constructible in poly-nomial time for any given S and r. Since these representations can them-selves be used to classify the elements in M, the worst-case running time of r-chunk and r-contiguous detector based negative selection is reduced from exponential to polynomial.

An Artificial Immune System-Inspired Multiobjective Evolutionary Algorithm with Application to the Detection of Distributed Computer Network Intrusions

Today\u27s predominantly-employed signature-based intrusion detection systems are reactive in nature and storage-limited. Their operation depends upon catching an instance of an intrusion or virus after a potentially successful attack, performing post-mortem analysis on that instance and encoding it into a signature that is stored in its anomaly database. The time required to perform these tasks provides a window of vulnerability to DoD computer systems. Further, because of the current maximum size of an Internet Protocol-based message, the database would have to be able to maintain 25665535 possible signature combinations. In order to tighten this response cycle within storage constraints, this thesis presents an Artificial Immune System-inspired Multiobjective Evolutionary Algorithm intended to measure the vector of trade-off solutions among detectors with regard to two independent objectives: best classification fitness and optimal hypervolume size. Modeled in the spirit of the human biological immune system and intended to augment DoD network defense systems, our algorithm generates network traffic detectors that are dispersed throughout the network. These detectors promiscuously monitor network traffic for exact and variant abnormal system events, based on only the detector\u27s own data structure and the ID domain truth set, and respond heuristically. The application domain employed for testing was the MIT-DARPA 1999 intrusion detection data set, composed of 7.2 million packets of notional Air Force Base network traffic. Results show our proof-of-concept algorithm correctly classifies at best 86.48% of the normal and 99.9% of the abnormal events, attributed to a detector affinity threshold typically between 39-44%. Further, four of the 16 intrusion sequences were classified with a 0% false positive rate

An Intrusion Detection System for Fog Computing and IoT based Logistic Systems using a Smart Data Approach

The Internet of Things (IoT) is widely used in advanced logistic systems. Safety and security of such systems are utmost important to guarantee the quality of their services. However, such systems are vulnerable to cyber-attacks. Development of lightweight anomaly based intrusion detection systems (IDS) is one of the key measures to tackle this problem. In this paper, we present a new distributed and lightweight IDS based on an Artificial Immune System (AIS). The IDS is distributed in a three-layered IoT structure including the cloud, fog and edge layers. In the cloud layer, the IDS clusters primary network traffic and trains its detectors. In the fog layer, we take advantage of a smart data concept to analyze the intrusion alerts. In the edge layer, we deploy our detectors in edge devices. Smart data is a very promising approach for enabling lightweight and efficient intrusion detection, providing a path for detection of silent attacks such as botnet attacks in IoT-based systems. </p