Information Technology Reference
In-Depth Information
Signals
antigen
iDC
Seen
Unseen
Signals
Signals
smDC
mDC
Match antigen
Match antigen
nTC
nTC
If Match
If Match
aTC
nTC
Figure 7.7
Systematic overview of the TLR algorithm.
9. Migrated smDCs and mDCs present their antigen and try and match
nTCs.
10. If an mDC expresses an antigen that matches an nTC receptor, then this
turns the nTC into an activated T cell (aTC) and we have an anomaly.
11. If an smDC expresses an antigen that matches an nTC receptor, then this
kills the nTC to reduce false-positives.
12. Migrated smDCs and mDCs and killed nTCs are replaced with new cells as
per points 4 and 5 (Figure 7.7).
h ere are some similarities between the DCA and TLR algorithms; both perform a
type of temporal correlation between signals and an antigen. However, TLR defi nes
interactions between both T cells and DCs, which is more complex than the single
cell and multiple-signal model employed by the DCA.
Yeom (2007) extended a DT-based approach for network anomaly detection,
where input signals are combined with some information such as data length, name
or identifi cation (ID), or process/program service ID. Here, data is combined with
Search WWH ::
Custom Search