Scheduled System Maintenance on May 29th, 2015:
IEEE Xplore will be upgraded between 11:00 AM and 10:00 PM EDT. During this time there may be intermittent impact on performance. We apologize for any inconvenience.
By Topic

Extended thymus action for improving response of AIS based NID system against malicious traffic

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Shafiq, M.Z. ; Nat. Univ. of Sci. & Technol., Rawaplindi ; Kiani, M. ; Hashmi, B. ; Farooq, M.

Artificial immune systems (AISs) are being increasingly utilized to develop network intrusion detection (NID) systems. The fundamental reason for their success in NID is their ability to learn normal behavior of a network system and then differentiate it from an anomalous behavior. As a result, they can detect a majority of innovative attacks. In comparison, classical signature based systems fail to detect innovative attacks. Light Weight Intrusion Detection System (LISYS) provides the basic framework for AIS based NID systems. This framework has been improved incrementally, including incorporation of thymus action, since it was first developed. In this paper, we have extended the basic thymus action model, which provides immature detectors with multiple chances to develop tolerization to normal. However, AIS is prone to successful attacks by malicious traffic which appears similar to the normal traffic. This results in high number of false positives. In this paper, we present a mathematical model of malicious traffic for TCP-SYN flood based distributed denial of services (DDoS) attacks. This model is used to generate different sets of malicious traffic. These sets are used for performance comparison of the proposed extended thymus action with the simple thymus action model. The results of our experiments demonstrate that the extended model has significantly reduced the number of false positives.

Published in:

Evolutionary Computation, 2007. CEC 2007. IEEE Congress on

Date of Conference:

25-28 Sept. 2007