Network threat detection utilizing adaptive and innate immune system metaphors

• Main Author: Fanelli, Robert L
• Language: en-US
• Published: 2011
• Online Access: http://hdl.handle.net/10125/20512

Thesis (Ph.D.)--University of Hawaii at Manoa, 2008. === The NetTRIIAD prototype demonstrates a reduction in false positive detections and an improvement in positive predictive value, compared to that of a conventional misuse-based intrusion detection system. The prototype also demonstrates the capacity to detect novel threats. These results support the thesis that the hybrid model can overcome some of the limitations of other intrusion detection approaches. This research points to the usefulness of immune-inspired approaches for problems in the domain of information system security, and represents a step toward providing an immune system for self-protecting information systems. === This dissertation investigates a hybrid model for network threat detection that combines artificial immune system approaches with conventional intrusion detection methods. The research thesis asserts that a model combining artificial immune system and conventional methods can overcome limitations seen in conventional intrusion detection methods, such as false positive detections and difficulty adapting to novel threats. The Network Threat Recognition with Immune Inspired Anomaly Detection (NetTRIIAD) model presented here incorporates conventional intrusion detection and status monitoring methods as input for an artificial immune system based on the immunological Danger Model. This work details implementation of a prototype NetTRIIAD system and experimentation on a series of intrusion detection scenarios including both known and newly created threats. === This dissertation makes several contributions to knowledge in the areas of artificial immune systems and information system security. This work presents a novel methodology for applying artificial immune system techniques to a complex information system security problem. It also presents a working model for integrating artificial immune systems and conventional approaches to network threat detection. A further contribution is to the body of knowledge concerning the relatively new field of Danger Model inspired artificial immune systems and its application to solving complex problems. === Includes bibliographical references (leaves253-269). === Also available by subscription via World Wide Web === 268 leaves, bound 29 cm