Skip to main content
SpringerLink
Log in

Danger Theory: The Link between AIS and IDS?

  • Conference paper
Artificial Immune Systems (ICARIS 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2787))

Included in the following conference series:

Abstract

We present ideas about creating a next generation Intrusion Detection System (IDS) based on the latest immunological theories. The central challenge with computer security is determining the difference between normal and potentially harmful activity. For half a century, developers have protected their systems by coding rules that identify and block specific events. However, the nature of current and future threats in conjunction with ever larger IT systems urgently requires the development of automated and adaptive defensive tools. A promising solution is emerging in the form of Artificial Immune Systems (AIS): The Human Immune System (HIS) can detect and defend against harmful and previously unseen invaders, so can we not build a similar Intrusion Detection System (IDS) for our computers? Presumably, those systems would then have the same beneficial properties as HIS like error tolerance, adaptation and self-monitoring. Current AIS have been successful on test systems, but the algorithms rely on self-nonself discrimination, as stipulated in classical immunology. However, immunologist are increasingly finding fault with traditional self-nonself thinking and a new ‘Danger Theory’ (DT) is emerging. This new theory suggests that the immune system reacts to threats based on the correlation of various (danger) signals and it provides a method of ‘grounding’ the immune response, i.e. linking it directly to the attacker. Little is currently understood of the precise nature and correlation of these signals and the theory is a topic of hot debate. It is the aim of this research to investigate this correlation and to translate the DT into the realms of computer security, thereby creating AIS that are no longer limited by self-nonself discrimination. It should be noted that we do not intend to defend this controversial theory per se, although as a deliverable this project will add to the body of knowledge in this area. Rather we are interested in its merits for scaling up AIS applications by overcoming self-nonself discrimination problems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aickelin, U., Cayzer, S.: The Danger Theory and Its Application to AIS. In: 1st International Conference on AIS, pp. 141–148 (2002)

    Google Scholar 

  2. Barcia, R., Pallister, C., Sansom, D., McLeod, J.: Apoptotic response to membrane and soluble CD95-ligand by human peripheral T cells. Immunology 101 S1 77 (2000)

    Google Scholar 

  3. Boulougouris, G., McLeod, J., et al.: IL-2 independent T cell activation and proliferation induced by CD28. Journal of Immunology 163, 1809–1816 (1999)

    Google Scholar 

  4. Cayzer, S., Aickelin, U.: A Recommender System based on the Immune Network. In: Proceedings CEC, pp. 807–813 (2002)

    Google Scholar 

  5. Cayzer, S., Aickelin, U.: Idiotypic Interactions for Recommendation Communities in AIS. In: 1st International Conference on AIS, pp. 154–160 (2002)

    Google Scholar 

  6. Cuppens, F.: Managing Alerts in a Multi Intrusion Detection Environment. In: The 17th Annual Computer Security Applications Conference (2001)

    Google Scholar 

  7. Cuppens, F., et al.: Correlation in an Intrusion Process. In: Internet Security Communication Workshop, SECI 2002 (2002)

    Google Scholar 

  8. Dain, O., Cunningham, R.: Fusing a Heterogeneous Alert Stream into Scenarios. In: Proceeding of the 2001 ACM Workshop on Data Mining for Security Applications, pp. 1–13 (2001)

    Google Scholar 

  9. Dasgupta, D., Gonzalez, F.: An Immunity-Based Technique to Characterize Intrusions in Computer Networks. IEEE Trans. Evol. Comput. 6(3), 1081–1088 (2002)

    Google Scholar 

  10. Debar, H., Wespi, A.: Aggregation and Correlation of Intrusion-Detection Alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  11. Dennett, N., Barcia, R., McLeod, J.: Biomarkers of apoptotic susceptibility associated with in vitro ageing. Experimental Gerontology 37, 271–283 (2002)

    Article  Google Scholar 

  12. Esponda, F., Forrest, S., Helman, P.: Positive and Negative Detection. IEEE Transactions on Systems, Man and Cybernetics (2002)

    Google Scholar 

  13. Esponda, F., Forrest, S., Helman, P.: Positive and Negative Detection. IEEE Transactions on Systems, Man and Cybernetics (2002) (Submitted)

    Google Scholar 

  14. Fadok, V.A., et al.: Macrophages that have ingested apoptotic cells in vitro inhibit proinflammatory cytokine production through autocrine/paracrine mechanisms involving TGFb, PGE2, and PAF. Journal of Clinical Investigation 101(4), 890–898 (1998)

    Article  Google Scholar 

  15. Gallucci, S., et al.: Natural Adjuvants: Endogenous activators of dendritic cells. Nature Medicine 5(11), 1249–1255 (1999)

    Article  Google Scholar 

  16. Gallucci, S., Matzinger, P.: Danger signals: SOS to the immune system. Current Opinions in Immunology 13, 114–119 (2001)

    Article  Google Scholar 

  17. Hirata, H., et al.: Caspases are activated in a branched protease cascade and control distinct downstream processes in Fas-induced apoptosis. J. Experimental Medicine 187(4), 587–600 (1998)

    Article  MathSciNet  Google Scholar 

  18. Hoagland, J., Staniford, S.: Viewing IDS alerts: Lessons from SnortSnarf (2002), http://www.silicondefense.com/software/snortsnarf/

  19. Hofmeyr, S., Forrest, S.: Architecture for an AIS. Evolutionary Computation 7(1), 1289–1296 (2000)

    Google Scholar 

  20. Holler, N., et al.: Fas triggers an alternative, caspase-8-independent cell death pathway using the kinase RIP as effector molecule. Nature Immunology 1(6), 489–495 (2000)

    Article  Google Scholar 

  21. Holzman, D.: New danger theory of immunology challenges old assumptions. Journal Natl. Cancer Inst. 87(19), 1436–1438 (1995)

    Article  Google Scholar 

  22. Inaba, K., et al.: The tissue distribution of the B7-2 costimulator in mice. J. Experimental Medicine 180, 1849–1860 (1994)

    Article  Google Scholar 

  23. Kerr, J.F., et al.: Apoptosis: Its significance in cancer and cancer therapy. British Journal of Cancer 26(4), 239–257 (1972)

    Article  Google Scholar 

  24. Kim, J.: Integrating Artificial Immune Algorithms for Intrusion Detection, PhD Thesis, University College London (2002)

    Google Scholar 

  25. Kim, J., Bentley, P.: The Artificial Immune Model for Network Intrusion Detection. In: 7th European Congress on Intelligent Techniques and Soft Computing, EUFIT 1999 (1999)

    Google Scholar 

  26. Kim, J., Bentley, P.: Evaluating Negative Selection in an AIS for Network Intrusion Detection. In: Genetic and Evolutionary Computation Conference, pp. 1330–1337 (2001)

    Google Scholar 

  27. Kim, J., Bentley, P.: Towards an AIS for Network Intrusion Detection: An Investigation of Dynamic Clonal Selection. The Congress on Evolutionary Computation, 1015–1020 (2002)

    Google Scholar 

  28. Kuby, J.: Immunology. In: Richard, A., et al. (eds.), 5th edn. (2002)

    Google Scholar 

  29. Matzinger, P.: Tolerance Danger and the Extended Family. Annual reviews of Immunology 12, 991–1045 (1994)

    Article  Google Scholar 

  30. Matzinger, P.: The Danger Model: A Renewed Sense of Self. Science 296, 301–305 (2002)

    Article  Google Scholar 

  31. McLeod, J.: Apoptotic capability of ageing T cells. Mechanisms of Ageing and Development 121, 151–159 (2000)

    Article  Google Scholar 

  32. Morrison, T., Aickelin, U.: An AIS as a Recommender System for Web Sites. In: 1st International Conference on AIS, pp. 161–169 (2002)

    Google Scholar 

  33. Ning, P., Cui, Y.: An Intrusion Alert Correlator Based on Prerequisites of Intrusions, TR-2002-01, North Carolina State University (2002)

    Google Scholar 

  34. Ning, P., Cui, Y., Reeves, S.: Constructing Attack Scenarios through Correlation of Intrusion Alerts. In: 9th Conference on Computer & Communications Security, pp. 245–254 (2002)

    Google Scholar 

  35. Sauter, M., et al.: Consequences of cell death: exposure to necrotic tumor cells. Journal of Experimental Medicine 191(3), 423–433 (2001)

    Article  MathSciNet  Google Scholar 

  36. Stainford, E., Hogland, J., McAlerney, J.: Practical Automated Detection of Stealthy Portscans. Journal of Computer Security 10(1/2) (2002)

    Google Scholar 

  37. Todryk, S., Melcher, S., Dalgleish, A., et al.: Heat shock proteins refine the danger theory. Immunology 99(3), 334–337 (2000)

    Article  Google Scholar 

  38. Valdes, A., Skinner, K.: Probabilistic Alert Correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  39. Vance, R.: Cutting Edge Commentary: A Copernican Revolution? Doubts about the danger theory. j. immunology 165(4), 1725–1728 (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Bradford,  

    U. Aickelin

  2. University College London,  

    P. Bentley

  3. HP Labs Bristol,  

    S. Cayzer

  4. King’s College London,  

    J. Kim

  5. University of the West of England,  

    J. McLeod

Authors
  1. U. Aickelin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. P. Bentley
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. Cayzer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. J. Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. J. McLeod
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electronics, University of York, YO10 5DD, Heslington, York, UK

    Jon Timmis

  2. Computer Science Department, University College London, London, UK

    Peter J. Bentley

  3. Napier University, Edinburgh, Scotland

    Emma Hart

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Aickelin, U., Bentley, P., Cayzer, S., Kim, J., McLeod, J. (2003). Danger Theory: The Link between AIS and IDS?. In: Timmis, J., Bentley, P.J., Hart, E. (eds) Artificial Immune Systems. ICARIS 2003. Lecture Notes in Computer Science, vol 2787. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45192-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-45192-1_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40766-9

  • Online ISBN: 978-3-540-45192-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation