Host-based intrusion detection systems adapted from agent-based artificial immune systems

Agent-based artificial immune system (ABAIS) is adopted to intrusion detection system (IDS). An agent-based IDS (ABIDS) inspired by the danger theory of human immune system is proposed. Multiple agents are embedded to ABIDS, where agents coordinate one another to calculate mature context antigen val...

Full description

Saved in:
Bibliographic Details
Published in:Neurocomputing (Amsterdam) 2012-07, Vol.88, p.78-86
Main Author: Ou, Chung-Ming
Format: Article
Language:English
Subjects:
Agent
Antigens
Artificial immune system
Computer information security
Danger theory
Dendritic cell algorithm
Direct current
Human
Immune systems
Intrusion
Intrusion detection
Learning
Mathematical analysis
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Agent-based artificial immune system (ABAIS) is adopted to intrusion detection system (IDS). An agent-based IDS (ABIDS) inspired by the danger theory of human immune system is proposed. Multiple agents are embedded to ABIDS, where agents coordinate one another to calculate mature context antigen value (MCAV) and update activation threshold for security responses. The intelligence behind ABIDS is based on the danger theory and the functionalities of dendritic cells in human immune systems, while dendritic cells agents (DC agent) are emulated for innate immune subsystem and artificial T-cell agents (TC agent) are for adaptive immune subsystem. Antigens are profiles of system calls while corresponding behaviors are regarded as signals. This ABIDS is based on the dual detections of DC agents for signals and TC agents for antigens. ABAIS is an intelligent system with learning and memory capabilities. According to MCAVs, immune response to malicious behaviors is activated by either computer host or Security Operating Center. Accordingly, computer hosts met with malicious intrusions can be effectively detected by input signals and temporary output signals such as PAMP, danger and safe signals.
ISSN:0925-2312
1872-8286
DOI:10.1016/j.neucom.2011.07.031