Dendritic Cells for SYN Scan Detection
Artificial immune systems have previously been applied to the problem of intrusion detection. The aim of this research is to develop an intrusion detection system based on the function of Dendritic Cells (DCs). DCs are antigen presenting cells and key to the activation of the human immune system, be...
| Main Authors: | , |
|---|---|
| Format: | Conference or Workshop Item |
| Published: |
2007
|
| Online Access: | https://eprints.nottingham.ac.uk/594/ |
| _version_ | 1848790439694434304 |
|---|---|
| author | Greensmith, Julie Aickelin, Uwe |
| author_facet | Greensmith, Julie Aickelin, Uwe |
| author_sort | Greensmith, Julie |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | Artificial immune systems have previously been applied to the problem of intrusion detection. The aim of this research is to develop an intrusion detection system based on the function of Dendritic Cells (DCs). DCs are antigen presenting cells and key to the activation of the human immune system, behaviour which has been abstracted to form the Dendritic Cell Algorithm (DCA). In algorithmic terms, individual DCs perform multi-sensor data fusion, asynchronously correlating the fused data signals with a secondary data stream. Aggregate output of a population of cells is analysed and forms the basis of an anomaly detection system. In this paper the DCA is applied to the detection of outgoing port scans using TCP SYN packets. Results show that detection can be achieved with the DCA, yet some false positives can be encountered when simultaneously scanning and using other network services. Suggestions are made for using adaptive signals to alleviate this uncovered problem. |
| first_indexed | 2025-11-14T18:12:38Z |
| format | Conference or Workshop Item |
| id | nottingham-594 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:12:38Z |
| publishDate | 2007 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-5942020-05-04T20:28:51Z https://eprints.nottingham.ac.uk/594/ Dendritic Cells for SYN Scan Detection Greensmith, Julie Aickelin, Uwe Artificial immune systems have previously been applied to the problem of intrusion detection. The aim of this research is to develop an intrusion detection system based on the function of Dendritic Cells (DCs). DCs are antigen presenting cells and key to the activation of the human immune system, behaviour which has been abstracted to form the Dendritic Cell Algorithm (DCA). In algorithmic terms, individual DCs perform multi-sensor data fusion, asynchronously correlating the fused data signals with a secondary data stream. Aggregate output of a population of cells is analysed and forms the basis of an anomaly detection system. In this paper the DCA is applied to the detection of outgoing port scans using TCP SYN packets. Results show that detection can be achieved with the DCA, yet some false positives can be encountered when simultaneously scanning and using other network services. Suggestions are made for using adaptive signals to alleviate this uncovered problem. 2007 Conference or Workshop Item PeerReviewed Greensmith, Julie and Aickelin, Uwe (2007) Dendritic Cells for SYN Scan Detection. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2007). |
| spellingShingle | Greensmith, Julie Aickelin, Uwe Dendritic Cells for SYN Scan Detection |
| title | Dendritic Cells for SYN Scan Detection |
| title_full | Dendritic Cells for SYN Scan Detection |
| title_fullStr | Dendritic Cells for SYN Scan Detection |
| title_full_unstemmed | Dendritic Cells for SYN Scan Detection |
| title_short | Dendritic Cells for SYN Scan Detection |
| title_sort | dendritic cells for syn scan detection |
| url | https://eprints.nottingham.ac.uk/594/ |