Information Technology Reference
In-Depth Information
Fig. 3.
Contrived attack graph used for experimental purposes
Run #1 is performed on a quiescent network, run #2 is with background
trac as described above.
Table 1.
Accuracy of Algorithm with and without Background Trac
Run Total Packets Ag Packets Output Packets FP Rate FN Rate
#1
3,000
975
18
94%
0%
#2
18,000
8,000
30
96%
0%
The table shows that the packets of interest are extracted (eg. 975 / 3000)
and that after further processing this is reduced to a mere handful of packets
(eg. 18). Overall the detection rate is good, despite the high false positive rates
(eg. 94%) which are inherent in the problem.
5
Conclusions and Future Work
In summation, a novel intrusion detection algorithm was presented drawing on
theoretical models of innate immunity. The algorithm incorporates within it ex-
isting IDS algorithms, but expands on their capability in a limited area, detection
of unknown (or 0-day) attacks which are based on other attacks that are previ-
ously known to the IDS. The AIS neatly interfaces with the problem domain by
treating internal IDS data structures as an artificial tissue environment. Finally
the algorithm was evaluated in terms of how accurately the novel variations can
be identified.
