Biomedical Engineering Reference
In-Depth Information
networked use of computers and their resources. The major technical areas of
computer security are usually represented by the initials confidentiality, integrity,
and authentication or availability. Confidentiality means that information cannot
be access by unauthorized parties. Confidentiality is also known as secrecy or
privacy; breaches of confidentiality range from the embarrassing to the disastrous.
Integrity means that information is protected against unauthorized changes that are
not detectable to authorized users; many incidents of hacking compromise the
integrity of databases and other resources. Authentication means that users are
who they claim to be. Availability means that resources are accessible by autho-
rized parties; ''denial of service'' attacks, which are sometimes the topic of
national news, are attacks against availability. Other important concerns of com-
puter security professionals are access control and no repudiation. The main goal
of intrusion detection is to detect unauthorized use, misuse, and abuse of computer
systems by both system insiders and external intruders. Among automated
intrusion detection systems (IDSs), a particular system for network intrusion
detection, known as a network-based IDS, monitors any number of hosts on a
network by scrutinizing the audit trails of multiple hosts and network traffic. It is
usually comprised of two main components: an anomaly detector and a misuse
detector [
1
,
2
]. The anomaly detector establishes the profiles of normal activities of
users, systems, system resources, network traffic, and/or services and detects
intrusions by identifying significant deviations from the normal behavior patterns
observed from profiles. The misuse detector defines suspicious misuse signatures
based on known system vulnerabilities and a security policy. This component
probes whether these misuse signatures are present or not in the auditing trails.
Currently, many network-based IDSs have been developed using diverse
approaches. Nevertheless, there still remain unresolved problems to build an
effective network-based IDS [
3
]. As one approach of providing the solutions of
these problems, the previous work [
4
] identified a set of general requirements for
successful network-based IDS and three design goals to satisfy these requirements:
being distributed, self-organizing, and lightweight. In addition, [
5
] introduced a
number of remarkable features of human immune systems (HISs) that satisfy these
three design goals. It is anticipated that the adoption of these features should help
the construction of an effective network-based IDS [
6
]. This chapter proposes the
use of negative selection and niching of artificial immune system (AIS) for
developing an effective network-based ID. An overall artificial immune model for
network intrusion detection presented in [
7
] consists of three different evolutionary
stages: negative selection, clonal selection, and gene library evolution. Among
these stages, the first stage, negative selection, is investigated in this chapter. We
present a more efficient implementation of negative selection using a niching
feature of AISs [
8
].
Search WWH ::
Custom Search