Abstract
Artificial Immune Systems (AISs) are biologically inspired problem solvers that have been used successfully as intrusion detection systems (IDSs). This paper describes how the design of AIS-based IDSs can be improved through the use of evolutionary hackers in the form of GENERTIA red teams (GRTs) to discover holes (in the form of type II errors) found in the immune system. GENERTIA is an interactive tool for the design and analysis of immunity-based intrusion detection systems. Although the research presented in this paper focuses on AIS-based IDSs, the concept of GENERTIA and red teams can be applied to any IDS that uses machine learning techniques to develop models of normal and abnormal network traffic. In this paper we compare a genetic hacker with six evolutionary hackers based on particle swarm optimization (PSO). Our results show that genetic and swarm search are effective and complementary methods for vulnerability analysis. Our results also suggest that red teams based on genetic/PSO hybrids (which we refer to Genetic Swarms) may hold some promise.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Balthrop, J., Forrest, S., Glickman, M.: Revisiting LISYS: Parameters and Normal Behavior. In: Proceedings of the 2002 Congress on Evolutionary Computation (CEC 2002), IEEE Press, Los Alamitos (2002)
Bloedorn, E., Christiansen, A. D., Hill, W., Skorupka C., Talbot, L. M., Tivel, J.: Data Mining for Network Intrusion Detection: How to Get Started. The MITRE Corporation (August 2001), available at www.mitre.org/support/papers/archive01.shtml
Cannady, J.: Artificial Neural Networks for Misuse Detection. In: Proceedings of the, National Information Systems Security Conference (NISSC 1998), pp. 443–456, October 5-8, Arlington, VA (1998)
Carlisle, A., Dozier, G.: An Off-The-Shelf PSO. In: Proceedings of the, Workshop on Particle Swarm Optimization, Indianapolis, IN, pp. 1–6 (2001)
Davis, L.: Handbook of Genetic Algorithms, Van Nostrand Reinhold (1991)
Dasgupta, D.: An Overview of Artificial Immune Systems and Their Applications. In: Dasgupta, D. (ed.) Artificial Immune Systems and Their Applications, pp. 3–21. Springer, Heidelberg (1999)
Dasgupta, D., Gonzalez, F.: An Immunity-Based Technique to Characterize Intrusions in Computer Networks. IEEE Transactions on Evolutionary Computation 6(3), 281–291 (2002)
Eshelman, L., Schaffer, J.D.: Real-Coded Genetic Algorithms and Interval-Schemata. In: Darrell Whitley, L. (ed.) Proceedings of the 1992 Foundations of Genetic Algorithms (FOGA-2), pp. 187–202. Morgan Kaufmann, San Francisco (1992)
Fogel, D.B.: Evolutionary Computation: Toward a New Philosophy of Machine Intelligence, 2nd edn. IEEE Press, Los Alamitos (2000)
Goldberg, D.E., Deb, K.: A Comparative Analysis of Selection Schemes Used in Genetic Algorithms. In: Rawlins, G.J.E. (ed.) Foundations of Genetic Algorithms, pp. 69–93. Morgan Kaufmann Publishers, San Francisco (1989)
Hofmeyr, S.: An Immunological Model of Distributed Detection and Its Application to Computer Security, Ph.D. Dissertation, Department of Computer Science, The University of New Mexico (1999)
Hofmeyr, S., Forrest, S.: Immunity by Design: An Artificial Immune System. In: The Proceedings of the 1999 Genetic and Evolutionary Computation Conference (GECCO 1999), pp. 1289–1296. Morgan-Kaufmann, San Francisco (1999)
Hofmeyr, S., Forrest, S.: Architecture for an Artificial Immune System. Evolutionary Computation 7(1), 45–68 (1999)
Honeynet Project, Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community, Addison-Wesley (2002)
Hou, H.: Artificial Immunity for Computer Network with Constraint-Based Detector, Masters Thesis, Department of Computer Science and Software Engineering, Auburn University (2002)
Hou, H., Zhu, J., Dozier, G.: Artificial Immunity Using Constraint- Based Detectors. In: Proceedings of the 2002 World Automation Congress (WAC 2002), vol. 13, pp. 239–244. TSI Press (2002)
Kennedy, J., Eberhart, R.: Swarm Intelligence. Morgan Kaufmann, San Francisco (2001)
Marchette, D.J.: A Statistical Method for Profiling Network Traffic. In: Proceedings of the USENIX Workshop on Intrusion Detection and Network, pp. 119–128 (1999)
Marchette, D.J.: Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. Springer, Heidelberg (2001)
Mitchell, T.M.: Machine Learning. McGraw-Hill, New York (1997)
Northcutt, S., Novak, J.: Network Intrusion Detection: An Analyst’s Handbook, 2nd edn. New Riders, Indianapolis (2001)
Northcutt, S., Cooper, M., Fearnow, M., Frederick, K.: Intrusion Signatures and Analysis. New Riders, Indianapolis (2001)
Somayaji, A., Hofmeyr, S., Forrest, S.: Principles of a Computer Immune System. In: The 1997 New Security Paradigm Workshop, pp. 75–82 (1997)
Stewart, A.J.: Distributed Metastasis : A Computer Network Penetration Methodology (1999), available at citeseer.nj.nec.com/387640.html
Yokoo, M.: Distributed Constraint Satisfaction. Springer, Heidelberg (2001)
Zhu, J.: Use of an Immune Model to Improve Intrusion Detection on Dynamic Broadcast Local Area Networks, Masters Thesis, Department of Computer Science & Software Engineering, Auburn University (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dozier, G., Brown, D., Hurley, J., Cain, K. (2004). Vulnerability Analysis of Immunity-Based Intrusion Detection Systems Using Evolutionary Hackers. In: Deb, K. (eds) Genetic and Evolutionary Computation – GECCO 2004. GECCO 2004. Lecture Notes in Computer Science, vol 3102. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24854-5_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-24854-5_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22344-3
Online ISBN: 978-3-540-24854-5
eBook Packages: Springer Book Archive