Immune-inspired Network Intrusion Detection System (i-NIDS) 1 Next Generation Intelligent Networks Research Center National University of Computer & Emerging Sciences Islamabad, Pakistan M. Zubair Shafiq 1, Syed Ali Khayam 2, Muddassar Farooq 1 GECCO HUMIES School of Electrical Engineering & Computer Sciences National University of Sciences & Technology Rawalpindi, Pakistan
2 Introduction Simple Human competitive Human^ machine competitive
3 Unfortunately, most computer viruses are not so courteous!
4 Threat numbers show the story of what’s happening?
5 Signature matching!Size of signature database cannot scale!Inability to detect zero-day (novel) attacks! These are Commercial Software…
6 Motivation for current work A self-healing, self-defending and living artificial immune system Proactive defense against zero-day attacks Mapping concepts from A-life and evolution
7 Network Traffic Stream Intelligent Statistical Features 1.Memory of Markov Chain 2.Multi resolution session rate 3.Entropy of IP address 4.Divergence of port distribution Immune inspired Network Intrusion Detection System Alarm Output Adaptive Immune System/ Innate Immune System 1.Negative Selection 2.Dendritic Cell Algorithm
8 Human^ machine Competitive Results DetectorTP rate (%)FP rate (%) [Classical Bio-inspired Detector] Naïve RVNS [Classical Bio-inspired Detector] Naïve DCA [State-of-the-art Statistical Detector] Rate Limiting [State-of-the-art Statistical Detector] Maximum Entropy [Immune inspired NIDS] i-RVNS [Immune inspired NIDS] i-DCA
9 Engineered System Complete version will be ready in 1 year time; free download Patent pending US$200,000 grant to develop the final product from the National ICT R&D fund, Government of Pakistan
10 Why the best? In a nutshell… 1. Hard problem in hard domain; impossible for a human to solve 2. Evolved system better than human developed, commercial anti- virus software 3. Evolved system better than state-of-the-art statistical malware detectors 4. Hybrid of statistical-immune detectors; best of both worlds5. Engineered product; open-source initiative
11 Publications A Comparative Study of Fuzzy Inference Systems, Neural Networks and Adaptive Neuro Fuzzy Inference Systems for Portscan Detection M. Zubair Shafiq, Muddassar Farooq and Syed Ali Khayam In M. Giacobini et al.(Eds.), Proceedings of Applications of Evolutionary Computing, EvoWorkshops 2007 (EuroGP-EvoCoMnet), Volume 4974 of Lecture Notes in Computer Science, pp. 48–57, Springer Verlag, Napoli, Italy, March,2008. (BEST PAPER NOMINATION) Improving the Accuracy of Immune-inspired Malware Detectors by using Intelligent Features M. Zubair Shafiq, Syed Ali Khayam and Muddassar Farooq In Genetic and Evolutionary Conference (GECCO), July, 2008, Atlanta, USA.
12