Toward Network-based DDoS Detection in Software-defined Networks

To combat susceptibility of modern computing systems to cyberattack, identifying and disrupting malicious traffic without human intervention is essential. To accomplish this, three main tasks for an effective intrusion detection system have been identified: monitor network traffic, categorize and identify anomalous behavior in near real time, and take appropriate action against the identified threat. This system leverages distributed SDN architecture and the principles of Artificial Immune Systems and Self-Organizing Maps to build a network-based intrusion detection system capable of detecting and terminating DDoS attacks in progress

Artificial Immune System dengan Algoritma Genetika untuk Host-based Intrusion Detection System

ABSTRAKSI: Meskipun perkembangan teknologi semakin canggih, ancamannya pun juga semakin beragam, terutama dalam masalah keamanan. Salah satu penanganan keamanan sistem dan jaringan yang banyak dikembangkan adalah IDS (Intrusion Detection System). Sistem pendeteksi intrusi ini sudah banyak dikembangkan, salah satunya adalah dengan menerapkan algoritma Artificial Immune System (AIS) yang mengadaptasi dari sistem kekebalan tubuh manusia. Ide awal dari penggunaan AIS untuk IDS ini adalah karena IDS merupakan suatu sistem yang diharapkan mampu menghalau intrusi-intrusi anomali atau serangan yang dapat merugikan sistem sedangkan AIS sendiri diadaptasi dari sistem kekebalan tubuh manusia yang dapat menghalau virus-virus serta bakteri yang dapat merugikan tubuh manusia.Metode ini digabungkan dengan proses-proses evolusi algoritma genetika seperti rekombinasi dan mutasi untuk menghasilkan detektor-detektor yang lebih optimal.Sistem ini akan menghasilkan rules atau aturan-aturan untaian biner yang merupakan detektor yang diharapkan dapat mendeteksi jika ada serangan pada sistem.Kata Kunci : sistem deteksi intrusi, artificial immune system, algoritma genetikaABSTRACT: Even the technology is more sophisticated, the threats are also more variative, especially in security system. One of the ways to handle the security and network system is IDS (Intrusion Detection System). This intrusion detection system has been developed and one of the develpements is using Artificial Immune System (AIS) algorithm which was adapted from human immune system. The idea of using AIS for IDS is because IDS is a system that is expected to detect the anomaly intrusions or the attacks that can harm the system while AIS is adapted from the human immune system that surely can detect and handle the viruses and bacteria that can harm the human body.This method is combined with the evolusion proceses in genetic algorithm like crossover and mutation to produce the more optimal detectors. This system will produce the binary string rule that is the detectors that are expected to detect if there may be attacks on system.Keyword: intrusion detection system, artificial immune system, genetic algorithm

Experiments with Applying Artificial Immune System in Network Attack Detection

The assurance of security within a network is difficult due to the variations of attacks. This research conducts various experiments to implement an Artificial Immune System based Intrusion Detection System to identify intrusions using the Negative Selection Algorithm. This research explores the implementation of an Artificial Immune System opposed to the industry standard of machine learning. Various experiments were conducted to identify a method to separate data to avoid false-positive results. The use of an Artificial Immune System requires a self and nonself classification to determine if an intrusion is present within the network. The results of an Artificial Immune System based Intrusion Detection System achieved high accuracy when the data records were separated by service. The Negative Selection Algorithm created a range and it provided detectors to determine if an intrusion was present based off of the threshold. The threshold is the number of detectors that must be triggered for the system to identify an intrusion. Many services were unusable as they did contain the requirement of both self and nonself data records, that did not overlap. The results were high accuracies in general for the remaining tested services

Dendritic Cells for Anomaly Detection

Artificial immune systems, more specifically the negative selection algorithm, have previously been applied to intrusion detection. The aim of this research is to develop an intrusion detection system based on a novel concept in immunology, the Danger Theory. Dendritic Cells (DCs) are antigen presenting cells and key to the activation of the human signals from the host tissue and correlate these signals with proteins know as antigens. In algorithmic terms, individual DCs perform multi-sensor data fusion based on time-windows. The whole population of DCs asynchronously correlates the fused signals with a secondary data stream. The behaviour of human DCs is abstracted to form the DC Algorithm (DCA), which is implemented using an immune inspired framework, libtissue. This system is used to detect context switching for a basic machine learning dataset and to detect outgoing portscans in real-time. Experimental results show a significant difference between an outgoing portscan and normal traffic.Comment: 8 pages, 10 tables, 4 figures, IEEE Congress on Evolutionary Computation (CEC2006), Vancouver, Canad

An anomaly-based intrusion detection system based on artificial immune system (AIS) techniques

Two of the major approaches to intrusion detection are anomaly-based detection and signature-based detection. Anomaly-based approaches have the potential for detecting zero-day and other new forms of attacks. Despite this capability, anomaly-based approaches are comparatively less widely used when compared to signature-based detection approaches. Higher computational overhead, higher false positive rates, and lower detection rates are the major reasons for the same. This research has tried to mitigate this problem by using techniques from an area called the Artificial Immune Systems (AIS). AIS is a collusion of immunology, computer science and engineering and tries to apply a number of techniques followed by the human immune system in the field of computing. An AIS-based technique called negative selection is used. Existing implementations of negative selection algorithms have a polynomial worst-case run time for classification, resulting in huge computational overhead and limited practicality. This research implements a theoretical concept and achieves linear classification time. The results from the implementation are compared with that of existing Intrusion Detection Systems

BIOLOGICAL INSPIRED INTRUSION PREVENTION AND SELF-HEALING SYSTEM FOR CRITICAL SERVICES NETWORK

With the explosive development of the critical services network systems and Internet, the need for networks security systems have become even critical with the enlargement of information technology in everyday life. Intrusion Prevention System (IPS) provides an in-line mechanism focus on identifying and blocking malicious network activity in real time. This thesis presents new intrusion prevention and self-healing system (SH) for critical services network security. The design features of the proposed system are inspired by the human immune system, integrated with pattern recognition nonlinear classification algorithm and machine learning. Firstly, the current intrusions preventions systems, biological innate and adaptive immune systems, autonomic computing and self-healing mechanisms are studied and analyzed. The importance of intrusion prevention system recommends that artificial immune systems (AIS) should incorporate abstraction models from innate, adaptive immune system, pattern recognition, machine learning and self-healing mechanisms to present autonomous IPS system with fast and high accurate detection and prevention performance and survivability for critical services network system. Secondly, specification language, system design, mathematical and computational models for IPS and SH system are established, which are based upon nonlinear classification, prevention predictability trust, analysis, self-adaptation and self-healing algorithms. Finally, the validation of the system carried out by simulation tests, measuring, benchmarking and comparative studies. New benchmarking metrics for detection capabilities, prevention predictability trust and self-healing reliability are introduced as contributions for the IPS and SH system measuring and validation. Using the software system, design theories, AIS features, new nonlinear classification algorithm, and self-healing system show how the use of presented systems can ensure safety for critical services networks and heal the damage caused by intrusion. This autonomous system improves the performance of the current intrusion prevention system and carries on system continuity by using self-healing mechanism

Dendritic Cells for Anomaly Detection

Artificial immune systems, more specifically the negative selection algorithm, have previously been applied to intrusion detection. The aim of this research is to develop an intrusion detection system based on a novel concept in immunology, the Danger Theory. Dendritic Cells (DCs) are antigen presenting cells and key to the activation of the human immune system. DCs perform the vital role of combining signals from the host tissue and correlate these signals with proteins known as antigens. In algorithmic terms, individual DCs perform multi-sensor data fusion based on time-windows. The whole population of DCs asynchronously correlates the fused signals with a secondary data stream. The behaviour of human DCs is abstracted to form the DC Algorithm (DCA), which is implemented using an immune inspired framework, libtissue. This system is used to detect context switching for a basic machine learning dataset and to detect outgoing portscans in real-time. Experimental results show a significant difference between an outgoing portscan and normal traffic