Using Sequence Analysis to Perform Application-Based Anomaly Detection Within an Artificial Immune System Framework

Abstract

The Air Force and other Department of Defense (DoD) computer systems typically rely on traditional signature-based network IDSs to detect various types of attempted or successful attacks. Signature-based methods are limited to detecting known attacks or similar variants; anomaly-based systems, by contrast, alert on behaviors previously unseen. The development of an effective anomaly-detecting, application based IDS would increase the Air Force's ability to ward off attacks that are not detected by signature-based network IDSs, thus strengthening the layered defenses necessary to acquire and maintain safe, secure communication capability. This system follows the Artificial Immune System (AIS) framework, which relies on a sense of "self", or normal system states to determine potentially dangerous abnormalities ("non self"). A method for anomaly detection is introduced in which "self' is defined by sequences of events that define an application's execution path. A set of antibodies that act as sequence "detectors" are developed and used to attempt to identify modified data within a synthetic test set.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2003
Accession Number
ADA415494

Entities

People

  • Larissa A. O'brien

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Sensors
  • Weapons Technologies

DTIC Thesaurus Topics

  • Air Force
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • Detection
  • Detectors
  • Experimental Design
  • Genetics
  • Information Systems
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Machine Learning
  • Operating Systems
  • Software Development

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Neural Network Machine Learning.