Computational Immunology for the Defense of Large Scale Systems
Abstract
This report describes the application of the computational immunology approach to a distributed object systems. The hypothesis tested was that one could characterize normal behavior of the application itself in terms of inter-object messages, and use that characterization to successfully detect rogue client attacks on the application. The goals of the research were to test and demonstrate the feasibility of intrusion detection at the application level in distributed object systems. In particular, we worked with applications built on the Common Object Resource Broker Architecture (CORBA). The report shows that the computational immunology approach reliably detects attacks on the Domain Name Server that seriously disrupt Internet service. The report analyzes the components required for a definition of "self" that is applicable to computer programs. The report also conducts experiments that show that a straightforward definition of "self" can detect rogue client attacks on CORBA systems. The project resulted in building a prototype system to aid in the analysis of experimental data and helped generate descriptions of normal application behavior. The prototype intrusion detection system for CORBA can be used with a broad class of definitions of "self".
Document Details
- Document Type
- Technical Report
- Publication Date
- Jul 01, 2002
- Accession Number
- ADA407600
Entities
People
- Carla Marceau
- Matthew Stillerman
- Maureen Stiliman
- Stephanie Forrest