An Immune Network Intrusion Detection System Utilising Correlation Context
Network Intrusion Detection Systems (NIDS) are computer systems which monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDSs rely on having access to a database of known attack signat...
| Main Authors: | , |
|---|---|
| Format: | Conference or Workshop Item |
| Published: |
2006
|
| Online Access: | https://eprints.nottingham.ac.uk/599/ |
| _version_ | 1848790441137274880 |
|---|---|
| author | Tedesco, Gianni Aickelin, Uwe |
| author_facet | Tedesco, Gianni Aickelin, Uwe |
| author_sort | Tedesco, Gianni |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | Network Intrusion Detection Systems (NIDS) are computer systems which monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDSs rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to the IDS problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base. |
| first_indexed | 2025-11-14T18:12:40Z |
| format | Conference or Workshop Item |
| id | nottingham-599 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:12:40Z |
| publishDate | 2006 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-5992020-05-04T20:30:19Z https://eprints.nottingham.ac.uk/599/ An Immune Network Intrusion Detection System Utilising Correlation Context Tedesco, Gianni Aickelin, Uwe Network Intrusion Detection Systems (NIDS) are computer systems which monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDSs rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to the IDS problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base. 2006 Conference or Workshop Item PeerReviewed Tedesco, Gianni and Aickelin, Uwe (2006) An Immune Network Intrusion Detection System Utilising Correlation Context. In: Proceedings of the Workshop on Artificial Immune Systems and Immume System Modelling (AISB 2006), Bristol, UK. |
| spellingShingle | Tedesco, Gianni Aickelin, Uwe An Immune Network Intrusion Detection System Utilising Correlation Context |
| title | An Immune Network Intrusion Detection System Utilising Correlation Context |
| title_full | An Immune Network Intrusion Detection System Utilising Correlation Context |
| title_fullStr | An Immune Network Intrusion Detection System Utilising Correlation Context |
| title_full_unstemmed | An Immune Network Intrusion Detection System Utilising Correlation Context |
| title_short | An Immune Network Intrusion Detection System Utilising Correlation Context |
| title_sort | immune network intrusion detection system utilising correlation context |
| url | https://eprints.nottingham.ac.uk/599/ |