Open AccessExtended thymus action for reducing false positives in ais based network intrusion detection systems
Author(s) -
Muhammad Shafiq,
Mehrin Kiani,
Bisma Hashmi,
Muddassar Farooq
Publication year - 2007
Publication title -
citeseer x (the pennsylvania state university)
Language(s) - English
Resource type - Conference proceedings
DOI - 10.1145/1276958.1276996
Subject(s) - false positive paradox , anomaly detection , intrusion detection system , computer science , denial of service attack , anomaly based intrusion detection system , network security , action (physics) , artificial intelligence , data mining , computer security , the internet , operating system , physics , quantum mechanics
One of the major problems faced by anomaly based Network Intrusion Detection (NID) systems is the high number of false positives. False positives refer to the false detection of normal behavior as malicious behavior. Artificial Immune Systems (AISs) also fall under the category of anomaly based-NID systems. AIS presented in this paper is as a victim-end filter, consisting of detectors distributed on the network, which distinguishes normal traffic from malicious traffic. In this work, we focus on TCP-SYN flood based Distributed Denial of Services (DDoS) attacks. Light Weight Intrusion Detection System (LISYS) provides the basic framework for AIS based NID systems. AISs normally utilize the negative selection algorithm in thymus action to tolerize the detectors to normal traffic so they may not detect normal traffic as malicious traffic. We propose and implement `extended thymus action' model to improve this characteristic of AIS. Results verify that our model significantly reduces false positives which is a major concern in anomaly-based NID systems.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom