This Is AuburnElectronic Theses and Dissertations

GENERTIA: A System for Vulnerability Analysis, Design and Redesign of Immunity-Based Anomaly Detection System

Date

2006-12-15

Author

Hou, Haiyu

Type of Degree

Dissertation

Department

Computer Science and Software Engineering

Abstract

The principles of immunology have been applied to the design and implementation of artificial systems and algorithms for solving a broad range of mathematical and engineering problems, which results in a new computation paradigm, termed an Artificial Immune System (AIS). This dissertation focuses on the performance improvement of an AIS in its anomaly detection functionality. A typical AIS can be described as having three factors: 1) pattern and detector representations, 2) matching rules that decide the affinity between detectors and patterns, and 3) algorithms that describe the generation, death and regeneration of detectors. Traditional representations and matching rules have been shown to make AIS suffer from a series of problems including poor scalability. This dissertation proposes a constraint-based representation and the corresponding matching rules to address these problems. This dissertation proposes GENERTIA, a system that proactively improves the performance of an AIS by discovering and patching the vulnerabilities. GENERTIA consists of two subsystems: a red team and a blue team. The red team is able to discover the vulnerabilities in the AIS, and the blue team design detectors to patch the discovered vulnerabilities. The two teams effectively strengthen an AIS in an interactive and co-evolutionary fashion. GENERTIA is applied to an AIS-based intrusion detection system (IDS). Experiments show that GENERTIA can effectively increase the detection rate of the IDS with little increase of false positive rate. The GENERTIA blue team provides a novel approach to the generation of a compact and effective detector set. This leads to the proposal of an anomaly detection-based classification system. This classification system consists of multiple subsystems with each subsystem being an AIS that discriminates a class of patterns from other classes. The GENERTIA is also applied to the proposed classification system to improve its classification accuracy by improving the performance of the individual subsystems of the classification system.