Synapse : auto correlation and dynamic attack redirection in an immunologically-inspired IDS

Duncombe, David, Mohay, George M., & Clark, Andrew J. (2006) Synapse : auto correlation and dynamic attack redirection in an immunologically-inspired IDS. In Buyya, Rajkumar, Ma, Tianchi, Safavi-Naini, Rei, Steketee, Chris, & Susilo, Willy (Eds.) ACSW frontiers 2006 : proceedings of the Fourth Australasian Symposium on Grid Computing and e-Research (AusGrid 2006) and the Fourth Australasian Information Security Workshop (Network Security) (AISW 2006), Australian Computer Society, Hobart, pp. 135-144.

View at publisher


Intrusion detection systems (IDS) perform an important role in the provision of network security, providing real- time notification of attacks in progress. One promising category of IDS attempts to incorporate into its design properties found in the natural immune system. Although previous attempts to apply immunology to intrusion detection have considered the issue of accuracy, more work still needs to be done. We present an immunologically-inspired intrusion detection model in which the false positive rate is moderated through a process of event correlation between multiple sensors. In addition, the model offers a novel response mechanism. Previous research has flirted with a variety of response mechanisms, including those that are capable of tearing down connections, killing processes and dynamically updating firewall rules. Although such mechanisms may prevent or at least mitigate an attack before its full impact is achieved, they work against the collection of information for investigatory or evidence purposes. To overcome this limitation, a response strategy is proposed in which the attack is dynamically redirected to an isolated host deployed as a honeypot. In this way, it becomes possible to mitigate the effects of the attack while at the same time study the attack itself.

Impact and interest:

1 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

157 since deposited on 10 Jun 2009
2 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 20892
Item Type: Conference Paper
Refereed: Yes
Keywords: intrusion detection, alert correlation, immunological
ISBN: 1920682368
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Divisions: Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
Copyright Owner: Copyright 2006 Australian Computer Society
Copyright Statement: Reproduction for academic, not-for profit purposes permitted provided this text is included.
Deposited On: 10 Jun 2009 04:20
Last Modified: 29 Feb 2012 13:18

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page