Skip to main content
SpringerLink
Log in

Vulnerability Analysis of Immunity-Based Intrusion Detection Systems Using Evolutionary Hackers

  • Conference paper
Genetic and Evolutionary Computation – GECCO 2004 (GECCO 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3102))

Included in the following conference series:

Abstract

Artificial Immune Systems (AISs) are biologically inspired problem solvers that have been used successfully as intrusion detection systems (IDSs). This paper describes how the design of AIS-based IDSs can be improved through the use of evolutionary hackers in the form of GENERTIA red teams (GRTs) to discover holes (in the form of type II errors) found in the immune system. GENERTIA is an interactive tool for the design and analysis of immunity-based intrusion detection systems. Although the research presented in this paper focuses on AIS-based IDSs, the concept of GENERTIA and red teams can be applied to any IDS that uses machine learning techniques to develop models of normal and abnormal network traffic. In this paper we compare a genetic hacker with six evolutionary hackers based on particle swarm optimization (PSO). Our results show that genetic and swarm search are effective and complementary methods for vulnerability analysis. Our results also suggest that red teams based on genetic/PSO hybrids (which we refer to Genetic Swarms) may hold some promise.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Balthrop, J., Forrest, S., Glickman, M.: Revisiting LISYS: Parameters and Normal Behavior. In: Proceedings of the 2002 Congress on Evolutionary Computation (CEC 2002), IEEE Press, Los Alamitos (2002)

    Google Scholar 

  2. Bloedorn, E., Christiansen, A. D., Hill, W., Skorupka C., Talbot, L. M., Tivel, J.: Data Mining for Network Intrusion Detection: How to Get Started. The MITRE Corporation (August 2001), available at www.mitre.org/support/papers/archive01.shtml

  3. Cannady, J.: Artificial Neural Networks for Misuse Detection. In: Proceedings of the, National Information Systems Security Conference (NISSC 1998), pp. 443–456, October 5-8, Arlington, VA (1998)

    Google Scholar 

  4. Carlisle, A., Dozier, G.: An Off-The-Shelf PSO. In: Proceedings of the, Workshop on Particle Swarm Optimization, Indianapolis, IN, pp. 1–6 (2001)

    Google Scholar 

  5. Davis, L.: Handbook of Genetic Algorithms, Van Nostrand Reinhold (1991)

    Google Scholar 

  6. Dasgupta, D.: An Overview of Artificial Immune Systems and Their Applications. In: Dasgupta, D. (ed.) Artificial Immune Systems and Their Applications, pp. 3–21. Springer, Heidelberg (1999)

    Google Scholar 

  7. Dasgupta, D., Gonzalez, F.: An Immunity-Based Technique to Characterize Intrusions in Computer Networks. IEEE Transactions on Evolutionary Computation 6(3), 281–291 (2002)

    Article  Google Scholar 

  8. Eshelman, L., Schaffer, J.D.: Real-Coded Genetic Algorithms and Interval-Schemata. In: Darrell Whitley, L. (ed.) Proceedings of the 1992 Foundations of Genetic Algorithms (FOGA-2), pp. 187–202. Morgan Kaufmann, San Francisco (1992)

    Google Scholar 

  9. Fogel, D.B.: Evolutionary Computation: Toward a New Philosophy of Machine Intelligence, 2nd edn. IEEE Press, Los Alamitos (2000)

    Google Scholar 

  10. Goldberg, D.E., Deb, K.: A Comparative Analysis of Selection Schemes Used in Genetic Algorithms. In: Rawlins, G.J.E. (ed.) Foundations of Genetic Algorithms, pp. 69–93. Morgan Kaufmann Publishers, San Francisco (1989)

    Google Scholar 

  11. Hofmeyr, S.: An Immunological Model of Distributed Detection and Its Application to Computer Security, Ph.D. Dissertation, Department of Computer Science, The University of New Mexico (1999)

    Google Scholar 

  12. Hofmeyr, S., Forrest, S.: Immunity by Design: An Artificial Immune System. In: The Proceedings of the 1999 Genetic and Evolutionary Computation Conference (GECCO 1999), pp. 1289–1296. Morgan-Kaufmann, San Francisco (1999)

    Google Scholar 

  13. Hofmeyr, S., Forrest, S.: Architecture for an Artificial Immune System. Evolutionary Computation 7(1), 45–68 (1999)

    Article  Google Scholar 

  14. Honeynet Project, Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community, Addison-Wesley (2002)

    Google Scholar 

  15. Hou, H.: Artificial Immunity for Computer Network with Constraint-Based Detector, Masters Thesis, Department of Computer Science and Software Engineering, Auburn University (2002)

    Google Scholar 

  16. Hou, H., Zhu, J., Dozier, G.: Artificial Immunity Using Constraint- Based Detectors. In: Proceedings of the 2002 World Automation Congress (WAC 2002), vol. 13, pp. 239–244. TSI Press (2002)

    Google Scholar 

  17. Kennedy, J., Eberhart, R.: Swarm Intelligence. Morgan Kaufmann, San Francisco (2001)

    Google Scholar 

  18. Marchette, D.J.: A Statistical Method for Profiling Network Traffic. In: Proceedings of the USENIX Workshop on Intrusion Detection and Network, pp. 119–128 (1999)

    Google Scholar 

  19. Marchette, D.J.: Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. Springer, Heidelberg (2001)

    MATH  Google Scholar 

  20. Mitchell, T.M.: Machine Learning. McGraw-Hill, New York (1997)

    MATH  Google Scholar 

  21. Northcutt, S., Novak, J.: Network Intrusion Detection: An Analyst’s Handbook, 2nd edn. New Riders, Indianapolis (2001)

    Google Scholar 

  22. Northcutt, S., Cooper, M., Fearnow, M., Frederick, K.: Intrusion Signatures and Analysis. New Riders, Indianapolis (2001)

    Google Scholar 

  23. Somayaji, A., Hofmeyr, S., Forrest, S.: Principles of a Computer Immune System. In: The 1997 New Security Paradigm Workshop, pp. 75–82 (1997)

    Google Scholar 

  24. Stewart, A.J.: Distributed Metastasis : A Computer Network Penetration Methodology (1999), available at citeseer.nj.nec.com/387640.html

  25. Yokoo, M.: Distributed Constraint Satisfaction. Springer, Heidelberg (2001)

    MATH  Google Scholar 

  26. Zhu, J.: Use of an Immune Model to Improve Intrusion Detection on Dynamic Broadcast Local Area Networks, Masters Thesis, Department of Computer Science & Software Engineering, Auburn University (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science & Software Engineering, Auburn University, AL, 36849-5347, USA

    Gerry Dozier

  2. Dept. of Computer Science, Clark-Atlanta University, Atlanta, GA, 30314, USA

    Douglas Brown & Krystal Cain

  3. Distributed Systems Integration The Boeing Company, Seattle, WA, 98124, USA

    John Hurley

Authors
  1. Gerry Dozier
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Douglas Brown
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. John Hurley
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Krystal Cain
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Kanpur, Department of Mechanical Engineering, Kanpur Genetic Algorithms Laboratory (KanGAL), 208016, Kanpur, Uttar Pradesh, India

    Kalyanmoy Deb

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dozier, G., Brown, D., Hurley, J., Cain, K. (2004). Vulnerability Analysis of Immunity-Based Intrusion Detection Systems Using Evolutionary Hackers. In: Deb, K. (eds) Genetic and Evolutionary Computation – GECCO 2004. GECCO 2004. Lecture Notes in Computer Science, vol 3102. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24854-5_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24854-5_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22344-3

  • Online ISBN: 978-3-540-24854-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation