Danger theory and intrusion detection

possibilities and limitations of the analogy

M. Vella, M. Roper, S. Terzis

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

8 Citations (Scopus)

Abstract

Metaphors derived from Danger Theory, a hypothesized model of how the human immune system works, have been applied to the intrusion detection domain. The major contribution in this area, is the dendritic cell algorithm (DCA). This paper presents an in-depth analysis of results obtained from two previous experiments, regarding the suitability of the danger theory analogy in constructing intrusion detection systems for web applications. These detectors would be capable of detecting novel attacks while improving on the limitations of anomaly-based intrusion detectors. In particular, this analysis investigates which aspects of this analogy are suitable for this purpose, and which aspects of the analogy are counterproductive if utilized in the way originally suggested by danger theory. Several suggestions are given for those aspects of danger theory that are identified to require modification, indicating the possibility of further pursuing this approach. These modifications could be realized in terms of developing a robust signal selection schema and a suitable correlation algorithm. This would allow for an intrusion detection approach that has the potential to overcome those limitations presently associated with existing techniques.
Original languageEnglish
Title of host publicationArtificial Immune Systems
Subtitle of host publicationProceedings of the 9th International Conference, ICARIS 2010
EditorsEmma Hart, Chris McEwan, Jon Timmis, Andy Hone
PublisherSpringer
Pages276-289
Number of pages14
ISBN (Print)978-3-642-14546-9
DOIs
Publication statusPublished - 2010
Event9th International Conference, ICARIS 2010 - Edinburgh, United Kingdom
Duration: 26 Jul 201029 Jul 2010

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume6209

Conference

Conference9th International Conference, ICARIS 2010
CountryUnited Kingdom
CityEdinburgh
Period26/07/1029/07/10

Fingerprint

Intrusion detection
Detectors
Immune system
Experiments

Keywords

  • intrusion detection
  • danger theory
  • artificial immune systems

Cite this

Vella, M., Roper, M., & Terzis, S. (2010). Danger theory and intrusion detection: possibilities and limitations of the analogy. In E. Hart, C. McEwan, J. Timmis, & A. Hone (Eds.), Artificial Immune Systems: Proceedings of the 9th International Conference, ICARIS 2010 (pp. 276-289). (Lecture Notes in Computer Science; Vol. 6209). Springer. https://doi.org/10.1007/978-3-642-14547-6_22
Vella, M. ; Roper, M. ; Terzis, S. / Danger theory and intrusion detection : possibilities and limitations of the analogy. Artificial Immune Systems: Proceedings of the 9th International Conference, ICARIS 2010. editor / Emma Hart ; Chris McEwan ; Jon Timmis ; Andy Hone. Springer, 2010. pp. 276-289 (Lecture Notes in Computer Science).
@inproceedings{1b81148f1ec0435db5bcc5b2bbea15dd,
title = "Danger theory and intrusion detection: possibilities and limitations of the analogy",
abstract = "Metaphors derived from Danger Theory, a hypothesized model of how the human immune system works, have been applied to the intrusion detection domain. The major contribution in this area, is the dendritic cell algorithm (DCA). This paper presents an in-depth analysis of results obtained from two previous experiments, regarding the suitability of the danger theory analogy in constructing intrusion detection systems for web applications. These detectors would be capable of detecting novel attacks while improving on the limitations of anomaly-based intrusion detectors. In particular, this analysis investigates which aspects of this analogy are suitable for this purpose, and which aspects of the analogy are counterproductive if utilized in the way originally suggested by danger theory. Several suggestions are given for those aspects of danger theory that are identified to require modification, indicating the possibility of further pursuing this approach. These modifications could be realized in terms of developing a robust signal selection schema and a suitable correlation algorithm. This would allow for an intrusion detection approach that has the potential to overcome those limitations presently associated with existing techniques.",
keywords = "intrusion detection , danger theory, artificial immune systems",
author = "M. Vella and M. Roper and S. Terzis",
year = "2010",
doi = "10.1007/978-3-642-14547-6_22",
language = "English",
isbn = "978-3-642-14546-9",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "276--289",
editor = "Emma Hart and Chris McEwan and Jon Timmis and Andy Hone",
booktitle = "Artificial Immune Systems",

}

Vella, M, Roper, M & Terzis, S 2010, Danger theory and intrusion detection: possibilities and limitations of the analogy. in E Hart, C McEwan, J Timmis & A Hone (eds), Artificial Immune Systems: Proceedings of the 9th International Conference, ICARIS 2010. Lecture Notes in Computer Science, vol. 6209, Springer, pp. 276-289, 9th International Conference, ICARIS 2010, Edinburgh, United Kingdom, 26/07/10. https://doi.org/10.1007/978-3-642-14547-6_22

Danger theory and intrusion detection : possibilities and limitations of the analogy. / Vella, M.; Roper, M.; Terzis, S.

Artificial Immune Systems: Proceedings of the 9th International Conference, ICARIS 2010. ed. / Emma Hart; Chris McEwan; Jon Timmis; Andy Hone. Springer, 2010. p. 276-289 (Lecture Notes in Computer Science; Vol. 6209).

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

TY - GEN

T1 - Danger theory and intrusion detection

T2 - possibilities and limitations of the analogy

AU - Vella, M.

AU - Roper, M.

AU - Terzis, S.

PY - 2010

Y1 - 2010

N2 - Metaphors derived from Danger Theory, a hypothesized model of how the human immune system works, have been applied to the intrusion detection domain. The major contribution in this area, is the dendritic cell algorithm (DCA). This paper presents an in-depth analysis of results obtained from two previous experiments, regarding the suitability of the danger theory analogy in constructing intrusion detection systems for web applications. These detectors would be capable of detecting novel attacks while improving on the limitations of anomaly-based intrusion detectors. In particular, this analysis investigates which aspects of this analogy are suitable for this purpose, and which aspects of the analogy are counterproductive if utilized in the way originally suggested by danger theory. Several suggestions are given for those aspects of danger theory that are identified to require modification, indicating the possibility of further pursuing this approach. These modifications could be realized in terms of developing a robust signal selection schema and a suitable correlation algorithm. This would allow for an intrusion detection approach that has the potential to overcome those limitations presently associated with existing techniques.

AB - Metaphors derived from Danger Theory, a hypothesized model of how the human immune system works, have been applied to the intrusion detection domain. The major contribution in this area, is the dendritic cell algorithm (DCA). This paper presents an in-depth analysis of results obtained from two previous experiments, regarding the suitability of the danger theory analogy in constructing intrusion detection systems for web applications. These detectors would be capable of detecting novel attacks while improving on the limitations of anomaly-based intrusion detectors. In particular, this analysis investigates which aspects of this analogy are suitable for this purpose, and which aspects of the analogy are counterproductive if utilized in the way originally suggested by danger theory. Several suggestions are given for those aspects of danger theory that are identified to require modification, indicating the possibility of further pursuing this approach. These modifications could be realized in terms of developing a robust signal selection schema and a suitable correlation algorithm. This would allow for an intrusion detection approach that has the potential to overcome those limitations presently associated with existing techniques.

KW - intrusion detection

KW - danger theory

KW - artificial immune systems

UR - http://www.scopus.com/inward/record.url?scp=77955885373&partnerID=8YFLogxK

UR - http://www.artificial-immune-systems.org/icaris/2010/

U2 - 10.1007/978-3-642-14547-6_22

DO - 10.1007/978-3-642-14547-6_22

M3 - Conference contribution book

SN - 978-3-642-14546-9

T3 - Lecture Notes in Computer Science

SP - 276

EP - 289

BT - Artificial Immune Systems

A2 - Hart, Emma

A2 - McEwan, Chris

A2 - Timmis, Jon

A2 - Hone, Andy

PB - Springer

ER -

Vella M, Roper M, Terzis S. Danger theory and intrusion detection: possibilities and limitations of the analogy. In Hart E, McEwan C, Timmis J, Hone A, editors, Artificial Immune Systems: Proceedings of the 9th International Conference, ICARIS 2010. Springer. 2010. p. 276-289. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-642-14547-6_22