Name
Abstract | ||
|---|---|---|
In this paper we present a novel intrusion detec- tion architecture based on Idiotypic Network Theory (INIDIS), that aims at dealing with large scale network attacks featuring variable properties, like Denial of Service (DoS). The proposed architecture performs dynamic and adaptive clustering of the network traffic for taking fast and effective countermeasures against such high-volume attacks. INIDIS is evaluated on the MIT'99 dataset and outperforms previous approaches for DoS detection applied to this set. I. INTRODUCTION Intrusion Detection (ID) plays a vital role in the process of securing network-based computer systems by analyzing communications and reporting on malicious or abnormal activity. On the one hand the process of ID has to deal with large computational cost due to the volume of data produced by high-speed networks, and on the other hand with the constant evolution and development of intrusion methods and tools making intrusions more stealth and effective. The methods of defence against intrusions are also getting more and more sophisticated in this multi-objective "weapon race" between attackers and defenders. Nature-inspired algorithms offer robustness, speed and adaptability features that seem appealing from the point of view of intrusion detection systems. source of information about correct and malicious behavior is taken directly from defended systems. First, a model of the proper system behavior is constructed, based on observation of certain system parameters during regular activities. Then, the monitoring process is performed by verification of the communication processes against the constructed model. Any deviation implies an anomalous behavior, thus a potential intrusion. This type of IDS allows to detect previously un- known attacks, since every malicious activity falling outside the model of normal behavior produces some alerts and brings up issues related to model upgrade due to changes of behavior in time and in system configuration. Additionally, the model needs to be constructed without presence of any attack to make it fully reflecting the accepted behavior, what requires completely isolated network environment. |
Year | DOI | Venue |
|---|---|---|
2008 | 10.1109/CEC.2008.4631077 | Evolutionary Computation, 2008. CEC 2008. |
Keywords | Field | DocType |
computer network management,pattern clustering,security of data,telecommunication security,adaptive clustering,denial of service,dynamic clustering,idiotypic network theory,idiotypic networks paradigm,intrusion detection architecture,large scale network attacks,network traffic | Artificial immune system,Architecture,Denial-of-service attack,Computer science,Server,Network theory,Cluster analysis,Intrusion detection system,Distributed computing,Metaheuristic | Conference |
ISBN | Citations | PageRank |
978-1-4244-1823-7 | 0 | 0.34 |
References | Authors | |
5 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Marek Ostaszewski | 1 | 29 | 7.04 |
| Pascal Bouvry | 2 | 8 | 3.32 |
| Franciszek Seredynski | 3 | 366 | 55.06 |