Synapse : auto correlation and dynamic attack redirection in an immunologically-inspired IDS
Duncombe, David, Mohay, George M., & Clark, Andrew J. (2006) Synapse : auto correlation and dynamic attack redirection in an immunologically-inspired IDS. In Buyya, Rajkumar, Ma, Tianchi, Safavi-Naini, Rei, Steketee, Chris, & Susilo, Willy (Eds.) ACSW frontiers 2006 : proceedings of the Fourth Australasian Symposium on Grid Computing and e-Research (AusGrid 2006) and the Fourth Australasian Information Security Workshop (Network Security) (AISW 2006), Australian Computer Society, Hobart, pp. 135-144.
![[img]](http://eprints.qut.edu.au/style/images/fileicons/application_pdf.png)
Abstract
Intrusion detection systems (IDS) perform an important role in the provision of network security, providing real- time notification of attacks in progress. One promising category of IDS attempts to incorporate into its design properties found in the natural immune system. Although previous attempts to apply immunology to intrusion detection have considered the issue of accuracy, more work still needs to be done. We present an immunologically-inspired intrusion detection model in which the false positive rate is moderated through a process of event correlation between multiple sensors. In addition, the model offers a novel response mechanism. Previous research has flirted with a variety of response mechanisms, including those that are capable of tearing down connections, killing processes and dynamically updating firewall rules. Although such mechanisms may prevent or at least mitigate an attack before its full impact is achieved, they work against the collection of information for investigatory or evidence purposes. To overcome this limitation, a response strategy is proposed in which the attack is dynamically redirected to an isolated host deployed as a honeypot. In this way, it becomes possible to mitigate the effects of the attack while at the same time study the attack itself.
Citations:
Citation countsare sourced monthly from Scopus and Web of Science citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science generally from 1980 onwards.
Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.
Full-text downloads:
Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
| ID Code: | 20892 |
|---|---|
| Item Type: | Conference Paper |
| Keywords: | intrusion detection, alert correlation, immunological |
| ISBN: | 1920682368 |
| Subjects: | Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303) |
| Divisions: | Past > QUT Faculties & Divisions > Faculty of Science and Technology Past > Institutes > Information Security Institute |
| Copyright Owner: | Copyright 2006 Australian Computer Society |
| Copyright Statement: | Reproduction for academic, not-for profit purposes permitted provided this text is included. |
| Deposited On: | 10 Jun 2009 14:20 |
| Last Modified: | 29 Feb 2012 23:18 |
Export: EndNote | Dublin Core | BibTeX
Repository Staff Only: item control page