This Is AuburnElectronic Theses and Dissertations

Show simple item record

Enhancing Host Based Intrusion Detection Systems with Danger Theory of Artificial Immune Systems


Metadata FieldValueLanguage
dc.contributor.advisorHamilton, John
dc.contributor.advisorBiaz, Saaden_US
dc.contributor.advisorChapman, Richarden_US
dc.contributor.advisorYilmaz, Leventen_US
dc.contributor.authorAmer, Suhairen_US
dc.date.accessioned2009-02-23T15:55:52Z
dc.date.available2009-02-23T15:55:52Z
dc.date.issued2008-05-15en_US
dc.identifier.urihttp://hdl.handle.net/10415/1512
dc.description.abstractRather than discriminating activity by belonging to self or non-self, danger theory extends its discrimination to be between non-self but harmless and self but harmful. The danger theory states that the system does not respond only to foreignness (non-self) but to danger signals. In this dissertation, three methods performing host-based anomaly intrusion detection that use trails of system calls have been implemented and investigated. One system (the lookahead-pairs method based IDS) was then enhanced by incorporating danger theory mechanisms to its original design. The research consisted of two stages. In the first stage, three intrusion detection systems (IDSs) have been implemented based on the following methods: the sequence profile method, the lookahead-pairs methods, and overlap-relationship method. All systems were unable to detect the system-call-denial-of-service attack and the lookahead-pairs method had the smallest storage requirements. In the second stage, the lookahead-pairs method based IDS has been enhanced with functionalities of the danger theory. The original lookahead-pairs method based IDS can only detect intrusions resulting from mismatch instances. In addition to detecting mismatches, the enhanced system considered the danger signals resulting from high usages of CPU and memory while in detection mode. Parameters corresponding to danger signals can be easily modified or added to our system. The lookahead pairs method enhanced with danger theory IDS had better detection rate, false positive rate and false negative rate. Both systems finished their detection stage in less than one second. Furthermore, when the lookahead pairs method based IDS is only enhanced with the iDC functionality, it will not experience any significant additional storage costs. However, if the B cell functionality is added, the storage cost would double. The systems were tested against the databases obtained from the university of New Mexico and in specific the datasets of the both the --Y΄login‘ and ΄ps‘ applications. In addition, different test cases were created to test the functionalities of the modified system. The implemented systems were also validated and verified and passed these tests.en_US
dc.language.isoen_USen_US
dc.rightsEMBARGO_NOT_AUBURNen_US
dc.subjectComputer Science and Software Engineeringen_US
dc.titleEnhancing Host Based Intrusion Detection Systems with Danger Theory of Artificial Immune Systemsen_US
dc.typeDissertationen_US
dc.embargo.lengthMONTHS_WITHHELD:36en_US
dc.embargo.statusEMBARGOEDen_US
dc.embargo.enddate2012-02-23en_US

Files in this item

Show simple item record