Accession Number:

ADA415494

Title:

Using Sequence Analysis to Perform Application-Based Anomaly Detection Within an Artificial Immune System Framework

Descriptive Note:

Master's thesis

Corporate Author:

AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH SCHOOL OF ENGINEERING AND MANAGEMENT

Personal Author(s):

Report Date:

2003-03-01

Pagination or Media Count:

96.0

Abstract:

The Air Force and other Department of Defense DoD computer systems typically rely on traditional signature-based network IDSs to detect various types of attempted or successful attacks. Signature-based methods are limited to detecting known attacks or similar variants anomaly-based systems, by contrast, alert on behaviors previously unseen. The development of an effective anomaly-detecting, application based IDS would increase the Air Forces ability to ward off attacks that are not detected by signature-based network IDSs, thus strengthening the layered defenses necessary to acquire and maintain safe, secure communication capability. This system follows the Artificial Immune System AIS framework, which relies on a sense of self, or normal system states to determine potentially dangerous abnormalities non self. A method for anomaly detection is introduced in which self is defined by sequences of events that define an applications execution path. A set of antibodies that act as sequence detectors are developed and used to attempt to identify modified data within a synthetic test set.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE