Intrusion Detection and Prevention: Immunologically Inspired Approaches

by Devid Pipa

Abstract:

Computer security can be viewed as a process of discrimination between authorized
actions, legitimate users, etc, and intrusions such as viruses, trojans, etc. The
immune system of the human body has been performing such an action for a much longer
time and it is very likely that it has developed a set of techniques and mechanisms
that are, in comparison, a great deal better than the ones used in the current 
computer security systems. And it certainly has, as in the opposite case, the human
race would be extinguished by now.

The immune system of the human body is a collection of mechanisms and techniques that
offer an overall defense for the organism in a both distributed and localized manner. 
These are specific and non specific mechanisms. The specific ones offer a level of 
defense against one single type of threat, whereas the non specific ones have a more 
wide range. This is much like the defense mechanism in the information security 
world such as specific ones, through virus signatures and non specific ones such as 
firewalls and encryption mechanisms. The specific ones, are a good way of defense 
towards known and previously encountered attacks, for which a signature as been 
developed. These however have a difficulty in keeping up with the dynamically 
changing attacks. The non specific ones, do offer a good level of general defense,
however they are static. They form a preventive barrier in the prospect of intrusion 
and are not able to detect a currently ongoing intrusion.

The immune system offers levels of defense for the organism that are very dynamic.
They prevent known intrusions and are also able to dynamically adapt themselves in
order to detect ongoing ones. This latter concept is the one of interest to this
study. The idea of applying immunological principles to the systems of computer
security was introduced in 1994 by Jeffrey Kephart in the design for an immune system 
for computers and networks.