Title: Adopting the Danger Model for Anomaly Detection to address existing theoretical and practical limitations on detection-effectiveness


Abstract:

  The human immune system (HIS) is responsible for protecting the human body against harmful infections, by the identification of infectious foreign bodies (pathogens) from the cells of the body. The HIS goal is essentially that of eliminating pathogens by the result of an immune system reaction and avoiding auto-immune system reaction via immune system tolerance to the self cells. Anomaly intrusion detection is based on the discrimination between normal and malicious behavior within a computer system in order to be able to detect intrusions stemming from novel security attacks. Early attempts toward designing anomaly detection seem to be bounded by scalability, false positive and lack of autonomy issues. In contrast, the HIS seems to be able to solve a similar problem to that of anomaly detection, in an efficient and autonomous manner.

  In this report, the nature of anomaly detection as well as the associated limitations are investigated. Once the anomaly detection problem is well defined, a review of immune detection models based on inspiration from the human immune is carried out. These anomaly detection schemes are based on an Artificial Immune System (AIS) and employ metaphors from the three models of the human immune system: Negative Selection, Idiotypic Networks and the Danger Theory. This review is carried out from an intrusion detection point of view, concluding with an analysis of a possible way forward in terms of researching an optimized anomaly detection design.