ISM-AC: an immune security model based on alert correlation and software-defined networking

ISM-AC: an immune security model based on alert correlation and software-defined networking

Anomaly-based detection techniques have a high number of false positives, which degrades the detection performance. To address this issue, we propose a distributed intrusion detection system, named ISM-AC, based on anomaly detection using artificial immune system and attack graph correlation. To ana...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of information security 2022-04, Vol.21 (2), p.191-205
Hauptverfasser: Melo, Roberto Vasconcelos, de Macedo, Douglas D. J., Kreutz, Diego, De Benedictis, Alessandra, Fiorenza, Mauricio Martinuzzi
Format: Artikel
Sprache:eng
Schlagworte:
Algorithms
Anomalies
Artificial intelligence
Coding and Information Theory
Communications Engineering
Communications traffic
Computer Communication Networks
Computer Science
Cryptology
Cybersecurity
Denial of service attacks
Immune system
Intrusion detection systems
Management of Computing and Information Systems
Networks
Operating Systems
Regular Contribution
Software-defined networking
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Anomaly-based detection techniques have a high number of false positives, which degrades the detection performance. To address this issue, we propose a distributed intrusion detection system, named ISM-AC, based on anomaly detection using artificial immune system and attack graph correlation. To analyze network traffic, we use negative selection, clonal selection, and immune network algorithms to implement an agent-based detection system. ISM-AC leverages the programmability of software-defined networking to reduce the false positive rate. Our findings show that ISM-AC achieves better detection performance for denial of service, user to root, remote to local, and probe attack classes. Alert correlation plays a key role in this achievement.
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-021-00550-x