Immune-inspired Network Intrusion Detection System ( i -NIDS)

Immune-inspired Network Intrusion Detection System

(i-NIDS)

1 Next Generation Intelligent Networks Research CenterNational University of Computer & Emerging Sciences

Islamabad, Pakistanhttp://www.nexginrc.org

M. Zubair Shafiq1, Syed Ali Khayam2, Muddassar Farooq1

GECCO HUMIES - 2008

2 School of Electrical Engineering & Computer SciencesNational University of Sciences & Technology

Rawalpindi, Pakistanhttp://wisnet.niit.edu.pk

2

Introduction

Simple Human competitive

Human^ machine

competitive

3

Unfortunately, most computer viruses are not so courteous!

4

Threat numbers show the story of what’s happening?

5

These are Commercial Software…

6

Motivation for current work

7

Network Traffic Stream

Intelligent Statistical Features1.Memory of Markov Chain2.Multi resolution session rate3.Entropy of IP address4.Divergence of port distribution

Immune inspired Network Intrusion Detection System

Alarm Output

Adaptive Immune System/Innate Immune System1.Negative Selection2.Dendritic Cell Algorithm

8

Human^machine Competitive Results

Detector TP rate (%) FP rate (%)[Classical Bio-inspired Detector]

Naïve RVNS53.5 7.9

[Classical Bio-inspired Detector]Naïve DCA

61.6 5.8

[State-of-the-art Statistical Detector] Rate Limiting

84.4 1.4

[State-of-the-art Statistical Detector] Maximum Entropy

83.1 4.2

[Immune inspired NIDS] i-RVNS

94.9 0.2

[Immune inspired NIDS] i-DCA

94.6 0.1

9

Engineered System

Network Protocol Stack

(Client Machine)

PBTSApplication

Layer

PBTSTransport Layer

PBTSNetwork Layer

PBTSDatalink Layer

WBFCApplication

Layer

WBFCTransport Layer

WBFCNetwork Layer

WBFCDatalink Layer

BCMApplication

Layer

BCMTransport Layer

BCMNetwork Layer

BCMDatalink Layer

PBSP-App Features-App

PBSP-Trans Features-Trans

PBSP-Net Features-Net

PBSP-DL Features-DL

Decision Feedback

Decision Feedback

Decision Feedback

Traffic

Traffic

Traffic

Traffic

Decision Feedback

Keys : PBTS : Policy Based Traffic SnifferWBFC : Window Based Feature ComputersBCM : Binary Classifier Module

Complete version will be ready in 1 year time; free download

Patent pending

US$200,000 grant to develop the final product from the National ICT R&D fund, Government of Pakistan

10

Why the best? In a nutshell…

11

Publications

A Comparative Study of Fuzzy Inference Systems, Neural Networks and Adaptive Neuro Fuzzy Inference Systems for Portscan Detection

M. Zubair Shafiq, Muddassar Farooq and Syed Ali Khayam

In M. Giacobini et al.(Eds.), Proceedings of Applications of Evolutionary Computing, EvoWorkshops 2007 (EuroGP-EvoCoMnet), Volume 4974 of Lecture Notes in Computer Science, pp. 48–57, Springer Verlag, Napoli, Italy, March,2008. (BEST PAPER NOMINATION)

Improving the Accuracy of Immune-inspired Malware Detectors by using Intelligent Features

M. Zubair Shafiq, Syed Ali Khayam and Muddassar Farooq

In Genetic and Evolutionary Conference (GECCO), July, 2008, Atlanta, USA.

12