A Multi-Layer Network Defense System Based on Artificial Immune System

Abstract

Artificial Immune System (AIS) is a promising computational intelligence system inspired by the biological immunity, it is a growing area of research attempts to bridge the divide between immunology and engineering, it exploits the mechanisms of the natural immune system including functions, principles and models in order to develop problem solving techniques. AIS offering great diversity of problem solving techniques and gaining increasing interest among researchers every day due to its powerful and diverse set of characteristics such as self-organisation, robustness, parallel distribution, feature extraction, diversity, learning, memory and adaptivity. For decades computer and network security systems are facing a challenge of determining the difference between normal and potentially harmful activities. However, the nature of current and future threats in conjunction with ever larger and complicated IT systems urgently requires the development of automated and adaptive defensive tools. A promising solution is emerging in the form of hybrid security systems using biologically inspired computing, in particular artificial immune systems which inspired by the biological immune system detection and protection capabilities. Inspired by many excellent characteristics of biological immune system, more and more computer security researchers integrate biological immune mechanisms into the network detection technologies, the network intrusion detection system (IDS) based on artificial immune system has become one of the focus areas of the intelligent research and achieved many good results in the recent studies. The main contribution of this thesis is the work in progress to design and construct a hybrid intelligent multi-layered defence framework inspired by main AIS detection characteristics including its high abilities of dealing with known and unknown attacks. The second major contribution of this project is the usage of fuzzy expert system for simulating innate immune system response motivated by its low solution cost for complex problems and the ability to translate uncertain expert knowledge into a decision-making process in a fast manner. The proposed framework composed of two main layers using totally different strategies of detection and protection, which are innate and adaptive network defence components. The innate layer as first layer of defence designed and implemented using fuzzy logic expert system, and the adaptive layer as second layer designed using main immune system algorithms i.e. immune network algorithm, clonal selection algorithm and negative selection algorithm. Results show the ability of the system to deal with about 80% of the traffic by the innate component with false positive rate of 1.7% and detection rate of about 97.79%, so the second layer will only deal with about 20% of traffic, this will reduce the overhead of the adaptive layer and the whole system. Results obtained from adaptive layer after co-stimulation check shows excellent results with false positive rate of only 0.78%. This thesis also provides detailed review on AIS research focusing on the main frameworks which are considered as milestones in AIS research history, also provides suggestions extracted from deep study of different conceptual researches on how this rich research area can be improved and reach the equal importance and level of the other computational intelligence techniques.