Abstract
We present ideas about creating a next generation Intrusion Detection System (IDS) based on the latest immunological theories. The central challenge with computer security is determining the difference between normal and potentially harmful activity. For half a century, developers have protected their systems by coding rules that identify and block specific events. However, the nature of current and future threats in conjunction with ever larger IT systems urgently requires the development of automated and adaptive defensive tools. A promising solution is emerging in the form of Artificial Immune Systems (AIS): The Human Immune System (HIS) can detect and defend against harmful and previously unseen invaders, so can we not build a similar Intrusion Detection System (IDS) for our computers? Presumably, those systems would then have the same beneficial properties as HIS like error tolerance, adaptation and self-monitoring. Current AIS have been successful on test systems, but the algorithms rely on self-nonself discrimination, as stipulated in classical immunology. However, immunologist are increasingly finding fault with traditional self-nonself thinking and a new ‘Danger Theory’ (DT) is emerging. This new theory suggests that the immune system reacts to threats based on the correlation of various (danger) signals and it provides a method of ‘grounding’ the immune response, i.e. linking it directly to the attacker. Little is currently understood of the precise nature and correlation of these signals and the theory is a topic of hot debate. It is the aim of this research to investigate this correlation and to translate the DT into the realms of computer security, thereby creating AIS that are no longer limited by self-nonself discrimination. It should be noted that we do not intend to defend this controversial theory per se, although as a deliverable this project will add to the body of knowledge in this area. Rather we are interested in its merits for scaling up AIS applications by overcoming self-nonself discrimination problems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aickelin, U., Cayzer, S.: The Danger Theory and Its Application to AIS. In: 1st International Conference on AIS, pp. 141–148 (2002)
Barcia, R., Pallister, C., Sansom, D., McLeod, J.: Apoptotic response to membrane and soluble CD95-ligand by human peripheral T cells. Immunology 101 S1 77 (2000)
Boulougouris, G., McLeod, J., et al.: IL-2 independent T cell activation and proliferation induced by CD28. Journal of Immunology 163, 1809–1816 (1999)
Cayzer, S., Aickelin, U.: A Recommender System based on the Immune Network. In: Proceedings CEC, pp. 807–813 (2002)
Cayzer, S., Aickelin, U.: Idiotypic Interactions for Recommendation Communities in AIS. In: 1st International Conference on AIS, pp. 154–160 (2002)
Cuppens, F.: Managing Alerts in a Multi Intrusion Detection Environment. In: The 17th Annual Computer Security Applications Conference (2001)
Cuppens, F., et al.: Correlation in an Intrusion Process. In: Internet Security Communication Workshop, SECI 2002 (2002)
Dain, O., Cunningham, R.: Fusing a Heterogeneous Alert Stream into Scenarios. In: Proceeding of the 2001 ACM Workshop on Data Mining for Security Applications, pp. 1–13 (2001)
Dasgupta, D., Gonzalez, F.: An Immunity-Based Technique to Characterize Intrusions in Computer Networks. IEEE Trans. Evol. Comput. 6(3), 1081–1088 (2002)
Debar, H., Wespi, A.: Aggregation and Correlation of Intrusion-Detection Alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)
Dennett, N., Barcia, R., McLeod, J.: Biomarkers of apoptotic susceptibility associated with in vitro ageing. Experimental Gerontology 37, 271–283 (2002)
Esponda, F., Forrest, S., Helman, P.: Positive and Negative Detection. IEEE Transactions on Systems, Man and Cybernetics (2002)
Esponda, F., Forrest, S., Helman, P.: Positive and Negative Detection. IEEE Transactions on Systems, Man and Cybernetics (2002) (Submitted)
Fadok, V.A., et al.: Macrophages that have ingested apoptotic cells in vitro inhibit proinflammatory cytokine production through autocrine/paracrine mechanisms involving TGFb, PGE2, and PAF. Journal of Clinical Investigation 101(4), 890–898 (1998)
Gallucci, S., et al.: Natural Adjuvants: Endogenous activators of dendritic cells. Nature Medicine 5(11), 1249–1255 (1999)
Gallucci, S., Matzinger, P.: Danger signals: SOS to the immune system. Current Opinions in Immunology 13, 114–119 (2001)
Hirata, H., et al.: Caspases are activated in a branched protease cascade and control distinct downstream processes in Fas-induced apoptosis. J. Experimental Medicine 187(4), 587–600 (1998)
Hoagland, J., Staniford, S.: Viewing IDS alerts: Lessons from SnortSnarf (2002), http://www.silicondefense.com/software/snortsnarf/
Hofmeyr, S., Forrest, S.: Architecture for an AIS. Evolutionary Computation 7(1), 1289–1296 (2000)
Holler, N., et al.: Fas triggers an alternative, caspase-8-independent cell death pathway using the kinase RIP as effector molecule. Nature Immunology 1(6), 489–495 (2000)
Holzman, D.: New danger theory of immunology challenges old assumptions. Journal Natl. Cancer Inst. 87(19), 1436–1438 (1995)
Inaba, K., et al.: The tissue distribution of the B7-2 costimulator in mice. J. Experimental Medicine 180, 1849–1860 (1994)
Kerr, J.F., et al.: Apoptosis: Its significance in cancer and cancer therapy. British Journal of Cancer 26(4), 239–257 (1972)
Kim, J.: Integrating Artificial Immune Algorithms for Intrusion Detection, PhD Thesis, University College London (2002)
Kim, J., Bentley, P.: The Artificial Immune Model for Network Intrusion Detection. In: 7th European Congress on Intelligent Techniques and Soft Computing, EUFIT 1999 (1999)
Kim, J., Bentley, P.: Evaluating Negative Selection in an AIS for Network Intrusion Detection. In: Genetic and Evolutionary Computation Conference, pp. 1330–1337 (2001)
Kim, J., Bentley, P.: Towards an AIS for Network Intrusion Detection: An Investigation of Dynamic Clonal Selection. The Congress on Evolutionary Computation, 1015–1020 (2002)
Kuby, J.: Immunology. In: Richard, A., et al. (eds.), 5th edn. (2002)
Matzinger, P.: Tolerance Danger and the Extended Family. Annual reviews of Immunology 12, 991–1045 (1994)
Matzinger, P.: The Danger Model: A Renewed Sense of Self. Science 296, 301–305 (2002)
McLeod, J.: Apoptotic capability of ageing T cells. Mechanisms of Ageing and Development 121, 151–159 (2000)
Morrison, T., Aickelin, U.: An AIS as a Recommender System for Web Sites. In: 1st International Conference on AIS, pp. 161–169 (2002)
Ning, P., Cui, Y.: An Intrusion Alert Correlator Based on Prerequisites of Intrusions, TR-2002-01, North Carolina State University (2002)
Ning, P., Cui, Y., Reeves, S.: Constructing Attack Scenarios through Correlation of Intrusion Alerts. In: 9th Conference on Computer & Communications Security, pp. 245–254 (2002)
Sauter, M., et al.: Consequences of cell death: exposure to necrotic tumor cells. Journal of Experimental Medicine 191(3), 423–433 (2001)
Stainford, E., Hogland, J., McAlerney, J.: Practical Automated Detection of Stealthy Portscans. Journal of Computer Security 10(1/2) (2002)
Todryk, S., Melcher, S., Dalgleish, A., et al.: Heat shock proteins refine the danger theory. Immunology 99(3), 334–337 (2000)
Valdes, A., Skinner, K.: Probabilistic Alert Correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)
Vance, R.: Cutting Edge Commentary: A Copernican Revolution? Doubts about the danger theory. j. immunology 165(4), 1725–1728 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aickelin, U., Bentley, P., Cayzer, S., Kim, J., McLeod, J. (2003). Danger Theory: The Link between AIS and IDS?. In: Timmis, J., Bentley, P.J., Hart, E. (eds) Artificial Immune Systems. ICARIS 2003. Lecture Notes in Computer Science, vol 2787. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45192-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-45192-1_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40766-9
Online ISBN: 978-3-540-45192-1
eBook Packages: Springer Book Archive