DOCSLIB.ORG

University of Hawa1'1 Ubra~Y

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
University of Hawa1'1 Ubra~Y UNIVERSITY OF HAWA1'1 UBRA~Y NETWORK THREAT DETECTION UTILIZING ADAPTIVE AND INNATE IMMUNE SYSTEM METAPHORS A DISSERTATION SUBMITTED TO THE GRADUATE DIVISION OF THE UNIVERSITY OF HAW AI 1 IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY IN COMPUTER SCIENCE MAY 2008 By Robert L. Fanelli Dissertation Committee: Kimberly Binsted, Chairperson Edoardo Biagioni David Chin WesJey Peterson Raymond Panko We certify that we have read this dissertation and that, in our opinion, it is satisfactory in scope and quality as a dissertation for the degree of Doctor of Philosophy in Computer Science. DISSERTATION COMMITTEE ~ ~ Chairperson , i Dedication To Lisa, Anne and John. the true Precious. ii Acknowledgements My thanks go to my advisor, Kim Binsted, for her guidance and support throughout the dissertation process. Thanks also go to my committee members, Edo Biagioni, David Chin, Wes Peterson and Ray Panko for their valuable time, sage advice and keen eyes. I'd like to acknowledge the support of the United States Anny in providing the opportunity to pursue this research. Thanks also go to the International Infonnation Systems Security Certification Consortium, (ISC)2, for their support in the conduct of this research. Finally, heartfelt thanks go to my family for their unwavering support and for putting up with distractedness, irritability, missed weekends and all the other features of life in the computer dungeon. The views expressed in this document are those of the author and do not necessarily reflect the official policy or position of the United States Anny, the Department of Defense or the U.S. Government. iii Abstract This dissertation investigates a hybrid model for network threat detection that combines artificial immune system approaches with conventional intrusion detection methods. The research thesis asserts that a model combining artificial immune system and conventional methods can overcome limitations seen in conventional intrusion detection methods, such as false positive detections and difficulty adapting to novel threats. The Network Threat Recognition with Immune Inspired Anomaly Detection (NetTRIIAD) model presented here incorporates conventional intrusion detection and status monitoring methods as input for an artificial immune system based on the immunological Danger Model. This work details implementation of a prototype NetTRIIAD system and experimentation on a series of intrusion detection scenarios including both known and newly created threats. This dissertation makes several contributions to knowledge in the areas of artificial immune systems and information system security. This work presents a novel methodology for applying artificial immune system techniques to a complex information system security problem. It also presents a working model for integrating artificial immune systems and conventional approaches to network threat detection. A further contribution is to the body of knowledge concerning the relatively new field of Danger Model inspired artificial immune systems and its application to solving complex problems. iv The NetTRIIAD prototype demonstrates a reduction in false positive detections and an improvement in positive predictive value, compared to that of a conventional misuse­ based intrusion detection system. The prototype also demonstrates the capacity to detect novel threats. These results support the thesis that the hybrid model can overcome some of the limitations of other intrusion detection approaches. This research points to the usefulness of immune-inspired approaches for problems in the domain of information system security, and represents a step toward providing an immune system for self­ protecting information systems. v Table of Contents Acknowledgements ............................................................................................................ iii Abstract.. ............................................................................................................................ iv List of Tables ..........................................................................................•............•........• xviii List of Figures .................................................................................................................. xix Chapter I Introduction .•.........•............•............................................................................... 1 1.1 Motivation ................................................................................................................. 1 1.2 Research Thesis .....................................................................•......•....••.........•.......•... 3 1.3 Research Goals ...................................••..........•.........•............................................... 3 1.4 Contributions of this Research ...........•............••.......••............................................... 5 1.5 Organization of the Dissertation ............................................................................... 7 Chapter 2 Review of the Literature and Related Work ...................................................... 9 2.1 Introduction ............................................................................................................... 9 2.2 Threat Detection ....................................................................................................... 9 2.2.1 Introduction to Information System Security ......•••.....................•................... 10 2.2.2 Intrusion Detection Systems ....................................................................••...... 11 2.2.3 Intrusion Detection System Models ................................................................. 11 2.2.3.1 Scope ......................................................................................................... 12 2.2.3.2 System Architectures ..................•••........••...........•..................................... 13 2.2.3.3 Misuse Detection ..................................••...........•...................................... 14 2.2.3.4 Anomaly Detection .....................•.........•................................................... 15 2.2.4 Intrusion Detection System Background ......................................................... 18 vi 2.3 The Natural Immune System .................................................................................. 20 2.3.1 The Innate and Adaptive Immune Systems ..................................................... 21 2.3.2 Receptors, Antigens, and Antibodies ............................................................... 23 2.3.3 Self - NonselfDiscrimination ......................................................................... 25 2.3.4 Immune System Components .......................................................................... 25 2.3.4.1 Lymphatic Cells ........................................................................................ 26 2.3.4.2 Antigen Presenting Cells........................................................................... 27 2.3.5 Immune Reactions ........................................................................................... 28 2.3.5.1 T Cell Development and Selection ........................................................... 28 2.3.5.2 T Cell Activation ....................................................................................... 30 2.3.5.3 B Cell Development .................................................................................. 31 2.3.5.4 B Cell Activation ...................................................................................... 31 2.3.5.5 Affinity Maturation ................................................................................... 32 2.3.5 Immune Memol)', Primal)' and Secondal)' Response ...................................... 34 2.3.6 The Danger Model ........................................................................................... 35 2.3.7 Computational Characteristics of the Natural Immune System ....................... 38 2.3.7.1 Pattern Recognition Capability .•............................................................... 38 2.3.7.2 Learning Capability .................................................................................. 39 2.3.7.3 Information Storage Capability.............•................................................... 39 2.3.7.4 Comparison to the Nervous System .......................................................... 40 2.3.8 Conclusion ....................................................................................................... 40 2.4 Artificial Immune Systems ..................................................................................... 41 vii 2.4.1 Artificial Immune System Introduction ........................................................... 41 2.4.1.1 Useful Features Gained from the Immune inspiration ............................. 42 2.4.1.2 The Origins of Artificial Immune Systems ............................................... 43 2.4.1.3 Elements of Artificial Immune Systems ................................................... 44 2.4.2 Artificial Immune System Representation Methods ........................................ 45 2.4.2.1 Antigens and Antibodies .....•..........••........••.....................•......................... 45 2.4.2.2 The Self - NonselfModel .•.................................•..•.................................. 46 2.4.2.3 Shape Spaces ...........................................................................................
Load more

Recommended publications
  • Agent Based System for Realtime Database Audit Monitoring
    UNIVERSITY OF NAIROBI SCHOOL OF COMPUTING AND INFORMATICS AGENT BASED SYSTEM FOR REALTIME DATABASE AUDIT MONITORING BY BONIFACE AKUKU P58/73079/2009 SUPERVISOR MR. CHRISTOPHER MOTURI August 2011 A research report submitted in partial fulfillment for the requirements of Master of Science in Computer Science University of NAIROBI Library 0439225 4 Table of Contents Table of Contents........................................................................................................................................ „... ii Abstract............................................................................................................................................................. iii Dedication......................................................................................................................................................... iv Acknowledgement..............................................................................................................................................v Declaration........................................................................................................................................................ vi Abbreviations...................................................................................................................................................vii List of Tables...................................................................................................................................................viii List of Figures...................................................................................................................................................ix
    [Show full text]
  • Negative Database for Data Security
    Negative Database for Data Security Anup Patel Niveeta Sharma Magdalini Eirinaki Computer Engineering Department San Jose State University [email protected], [email protected], [email protected] Abstract high database security levels. This framework is a collection of some algorithms that manipulate the input Data Security is a major issue in any web-based data and store it in the database. This populated database application. There have been approaches to handle is referred to as the negative database. A negative intruders in any system, however, these approaches are database can be defined as a database that contains huge not fully trustable; evidently data is not totally protected. amount of data which consists of counterfeit data along Real world databases have information that needs to be with the actual data. A few approaches that describe this securely stored. The approach of generating negative concept have been proposed but have not yet been database could help solve such problem. A Negative implemented to work for real world databases [5]. All Database can be defined as a database that contains the proposed algorithms had issues related to the huge amount of data consisting of counterfeit data along reversibility of the data, converting back to the original with the real data. Intruders may be able to get access to form from the negative representations [3] and the fact is such databases, but, as they try to extract information, that they have not yet been implemented. [2, 4]. they will retrieve data sets that would include both the Contrary to previous work, the proposed framework actual and the negative data.
    [Show full text]
  • Security Implementation on EAV Model Using Negative Database and Shuffling
    Pooja Vartak. Int. Journal of Engineering Research and Application www.ijera.com ISSN: 2248-9622, Vol. 7, Issue 8, (Part -6) August 2017, pp.56-60 RESEARCH ARTICLE OPEN ACCESS Security Implementation on EAV model using Negative database and Shuffling. Pooja Vartak*, Prof. Amarja Adgaonkar** *(Department of Computer Engineering, L R Tiwari College of Engineering, Mumbai University, India ** (Department of Computer Engineering, K C College of Engineering and Technology, Thane Mumbai University, India Corresponding Author: Pooja Vartak ABSTRACT This Paper presents an improvised security mechanism for EAV (Entity Attribute Value) data model. EAV data model for data storage has been used in various information systems now days as it gives an advantage of data flexibility and addition and modification of new data without changing the physical database schema. In EAV (Entity Attribute Value) model uses only three columns to store the data where first column stores entity, second column stores attribute and third column stores the value of the attribute for particular entity and single generic table is used to the data. As data security and database flexibility is important in this paper we are proposing security mechanism for existing databases using concept of negative database and shuffling. Keywords: EAV Model, Negative Database, Information Security, Shuffling. -------------------------------------------------------------------------------------------------------------------------------------- Date of Submission: 11-08-2017 Date of acceptance:
    [Show full text]
  • Self-Protection Against Insider Threats in DBMS Through Policies Implementation
    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 8, No. 3, 2017 Self-Protection against Insider Threats in DBMS through Policies Implementation Farukh Zaman, Basit Raza Ahmad Kamran Malik, Adeel Anjum Department of Computer Science Department of Computer Science COMSATS Institute of Information Technology COMSATS Institute of Information Technology Islamabad, Pakistan Islamabad, Pakistan Abstract—In today’s world, information security of an Firewall, network traffic monitoring, enforcing password organization has become a major challenge as well as a critical mechanism and penetration testing [4]. However, it’s difficult business issue. Managing and mitigating these internal or to monitor insider’s intent. According to CERT survey, more external security related issues, organizations hire highly than 700 cases were caused by the insider threats [6]. To knowledgeable security expert persons. Insider threats in protect against these threats database should have some extra database management system (DBMS) are inherently a very hard features of Autonomic Computing like self-protection. We problem to address. Employees within the organization carry out first provide an introduction to Autonomic computing and its or harm organization data in a professional manner. To protect components. and monitor organization information from insider user in DBMS, the organization used different techniques, but these Autonomic computing has the ability to self-manage its techniques are insufficient to secure their data.
    [Show full text]
  • Leveraging Positive and Negative Representations of Information
    Leveraging Positive and Negative Representations of Information by Eric Delarosa Trias B.S., Computer Science, University of California, Davis, 1988 M.S., Computer Engineering, Air Force Institute of Technology, 2002 DISSERTATION Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy Computer Science The University of New Mexico Albuquerque, New Mexico December, 2008 c 2008, Eric Delarosa Trias iii Dedication Sa aking pamilia, mga kaibigan at guro na tumulong para ako’y magtagumpay. iv Acknowledgments First and foremost, I thank God for his countless blessings and for giving me the strength to persevere. I also know that I couldn’t have done this without the support of my wife and children. They sacrificed much for me to finish. I was fortunate to have dedicated collaborators who were essential to this research. I would like to thank Fernando Esponda for his help and inspiration. To Elena S. Ackley, your enthusiasm and hard work gave life to our research. To Jorge Navas, your partnership was invaluable to this work. I heartily acknowledge Prof. Stephanie Forrest, my advisor and dissertation chair, for her guidance and encouragement. I also thank my committee members, Prof. Greg Heileman, Prof. Terran Lane, and Prof. Jedidiah Crandall. Finally, I thank the U.S. Air Force and the Air Force Institute of Technology for providing this fellowship opportunity. The views expressed in this article are those of the author and do not reflect the official policy or position of the United States Air Force, Department
    [Show full text]
  • Adding Belief Annotations to Databases
    Believe It or Not: Adding Belief Annotations to Databases Wolfgang Gatterbauer, Magdalena Balazinska, Nodira Khoussainova, and Dan Suciu Department of Computer Science and Engineering, University of Washington, Seattle, WA, USA fgatter, magda, nodira, [email protected] ABSTRACT As the community accumulates knowledge and the data- We propose a database model that allows users to anno- base content evolves over time, it may contain conflict- tate data with belief statements. Our motivation comes ing information and members may disagree on the in- from scientific database applications where a commu- formation it should store. Relational database man- nity of users is working together to assemble, revise, agement systems (DBMSs) today can help these com- and curate a shared data repository. As the commu- munities manage their shared data, but provide limited nity accumulates knowledge and the database content support for managing conflicting facts and conflicting evolves over time, it may contain conflicting informa- opinions about the correctness of the stored data. tion and members can disagree on the information it The recent concept of database annotations aims to should store. For example, Alice may believe that a tu- address this need: annotations are commonly seen as su- ple should be in the database, whereas Bob disagrees. perimposed information that helps to explain, correct, He may also insert the reason why he thinks Alice be- or refute base information [36] without actually chang- lieves the tuple should be in the database, and explain ing it. Annotations have been recognized by scientists as what he thinks the correct tuple should be instead. an essential feature for new generation database man- We propose a formal model for Belief Databases that agement systems [4, 8, 18], and efficient management interprets users' annotations as belief statements.
    [Show full text]
  • Adding Belief Annotations to Databases
    Believe It or Not: Adding Belief Annotations to Databases Wolfgang Gatterbauer, Magdalena Balazinska, Nodira Khoussainova, and Dan Suciu Department of Computer Science and Engineering, University of Washington, Seattle, WA, USA fgatter, magda, nodira, [email protected] ABSTRACT As the community accumulates knowledge and the data- We propose a database model that allows users to anno- base content evolves over time, it may contain conflict- tate data with belief statements. Our motivation comes ing information and members may disagree on the in- from scientific database applications where a commu- formation it should store. Relational database man- nity of users is working together to assemble, revise, agement systems (DBMSs) today can help these com- and curate a shared data repository. As the commu- munities manage their shared data, but provide limited nity accumulates knowledge and the database content support for managing conflicting facts and conflicting evolves over time, it may contain conflicting informa- opinions about the correctness of the stored data. tion and members can disagree on the information it The recent concept of database annotations aims to should store. For example, Alice may believe that a tu- address this need: annotations are commonly seen as su- ple should be in the database, whereas Bob disagrees. perimposed information that helps to explain, correct, He may also insert the reason why he thinks Alice be- or refute base information [36] without actually chang- lieves the tuple should be in the database, and explain ing it. Annotations have been recognized by scientists as what he thinks the correct tuple should be instead. an essential feature for new generation database man- We propose a formal model for Belief Databases that agement systems [4, 8, 19], and efficient management interprets users' annotations as belief statements.
    [Show full text]
  • Negative Representations of Information
    Negative Representations of Information by Carlos Fernando Esponda Darlington B.S., Instituto Tecnol´ogico Aut´onomo de M´exico, 1995 DISSERTATION Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy Computer Science The University of New Mexico Albuquerque, New Mexico December 2005 c 2005, Carlos Fernando Esponda Darlington iii Dedication Para mi Luciernaga preciosa. iv Acknowledgments I would like to thank my Dad, Mom and Sister; Mom, Dad and Sister; Sister, Mom and Dad; Mom, Sister and Dad; Dad, Sister and Mom; Sister, Dad and Mom in no particular order and with all my heart. I want to thank and acknowledge Stephanie Forrest mentor, collaborator and friend, Paul Helman who taught me a lot and whose input made this work robust, and Elena Ackley for helping me make it real. Throughout the years the people at the adaptive computation laboratory have listened and provided input, in particular Todd Kaplan, Dennis Chao, Anil Somayaji, Matt Glickman, Josh Karlin, Rob Abbott, Ken Ingham, Hajime Inoue, Gabriela Barrantes, Haixia Jia, Justin Balthrop and Ryan Gerety. Terran Lane, professor and committee member continually poses challenges that enrich my research (thanks). I thank Nitant Kenkre for being in my committee and providing a different perspective on things. My friends Gerardo, Horacio, Vladimir, Todd, Dennis, Lucinda and Alejandro (Barru) have provided input and support that is impossible to quantify. My sisters Le, Gaby, Susi and Flor have been my strong advocates and have always helped me along the way. In particular, I want to thank Gaby and Xavier for always making my trips back home pleasurable.
    [Show full text]
  • U Niversal I Ntegration a Rchitecture for H
    U NIVERSAL I NTEGRATION A RCHITECTURE FOR H ETEROGENEOUS D ATASOURCES AND O PTIMISATION M ETHODS UNIWERSALNA ARCHITEKTURA INTEGRACYJNA DLA HETEROGENICZNYCH ZRÓDEŁ´ DANYCH I METOD OPTYMALIZACJI THIS DISSERTATION IS SUBMITTED FOR THE DEGREE OF Doctor of Philosophy BY MICHAŁ CHROMIAK FACULTY OF MATHEMATICS, PHYSICS AND COMPUTER SCIENCE, Maria Curie-Skłodowska University, Lublin ADVISOR: prof. dr hab. Krzysztof Stencel INSTITUTEOF FUNDAMENTAL TECHNOLOGICAL RESEARCH, POLISH ACADEMYOF SCIENCES WARSAW 2015 Table of Contents Page LISTINGS ............................................... 5 LISTOF FIGURES ........................................... 6 LISTOF TABLES ........................................... 8 ABSTRACT .............................................. 9 CHAPTER 1. INTRODUCTION ................................... 19 1.1 Motivation . 19 1.2 Considerations, Objectives and the Thesis . 20 1.3 History and Related Work . 22 1.4 Thesis Outline . 23 CHAPTER 2. THE STATE OF THE ART AND THE RELATED WORKS . 25 2.1 Integrity - the Philosophy of Integration . 25 2.2 Integration - Cure for Chaos of Multiplicity, General Considerations . 27 2.2.1 At the beginning there was a relation . 28 2.2.2 Revolution - the Web changes everything ................... 30 2.2.3 Integration - Principia and Taxonomy . 35 2.2.4 Data Integration Practices . 38 2.2.5 Integration Theory . 42 2.2.6 Data Integration Issues . 47 2.3 Data Stores - the Integration Targets . 51 2.3.1 Database modelling - persistence . 51 2.3.2 Relational Model . 51 2.3.3 Object-oriented Database Model . 55 2.3.4 Column-oriented Relational Database Model (CORDB) – Relational Ap- proach . 56 2.3.5 NoSQL – Distributed Storage Services . 57 2.3.6 NewSQL . 63 2.3.7 Big Data - all or nothing . 66 2.3.8 After SQL Era . 68 2.3.9 Database taxonomy .
    [Show full text]
  • Database Repairing and Consistent Query Answering
    BERTOSSI SeriesSeriesSeries ISSN: ISSN:ISSN: 2153-5418 2153-54182153-5418 BERTOSSI BERTOSSI MMM MorganMorganMorgan & & & ClaypoolClaypoolClaypool PublishersPublishersPublishers SSSYNTHESISYNTHESISYNTHESIS L LLECTURESECTURESECTURES ON ONON D DDATAATAATA M MMANAGEMENTANAGEMENTANAGEMENT &&&CCC SeriesSeriesSeries Editor: Editor:Editor: M. M.M. Tamer TamerTamer Özsu, Özsu,Özsu, University UniversityUniversity of ofof Waterloo WaterlooWaterloo DATABASE REPAIRING AND CONSISTENT QUERYDATABASE ANSWERING DATABASE REPAIRING AND CONSISTENT QUERYDATABASE ANSWERING REPAIRING AND CONSISTENT QUERYDATABASE ANSWERING DatabaseDatabaseDatabase Repairing RepairingRepairing and andand Consistent ConsistentConsistent DatabaseDatabaseDatabase RepairingRepairingRepairing QueryQueryQuery Answering AnsweringAnswering LeopoldoLeopoldoLeopoldo Bertossi, Bertossi,Bertossi, Carleton CarletonCarleton University, University,University, Ottowa, Ottowa,Ottowa, Canada CanadaCanada andandand ConsistentConsistentConsistent QueryQueryQuery IntegrityIntegrityIntegrity constraints constraintsconstraints are areare semantic semanticsemantic conditions conditionsconditions that thatthat a a adatabase databasedatabase should shouldshould satisfy satisfysatisfy in inin order orderorder to toto be bebe an anan appropriate appropriateappropriate model modelmodel ofofof external externalexternal reality. reality.reality. In InIn practice, practice,practice, and andand for forfor many manymany reasons, reasons,reasons, a a adatabase databasedatabase may maymay not notnot satisfy satisfysatisfy
    [Show full text]
  • Data Exfiltration a Review of External Attack Vectors And
    Author’s Accepted Manuscript Data Exfiltration: A Review of External Attack Vectors and Countermeasures Faheem Ullah, Matthew Edwards, Rajiv Ramdhany, Ruzanna Chitchyan, M. Ali Babar, Awais Rashid www.elsevier.com/locate/jnca PII: S1084-8045(17)30356-9 DOI: https://doi.org/10.1016/j.jnca.2017.10.016 Reference: YJNCA1996 To appear in: Journal of Network and Computer Applications Received date: 8 August 2017 Revised date: 18 October 2017 Accepted date: 28 October 2017 Cite this article as: Faheem Ullah, Matthew Edwards, Rajiv Ramdhany, Ruzanna Chitchyan, M. Ali Babar and Awais Rashid, Data Exfiltration: A Review of External Attack Vectors and Countermeasures, Journal of Network and Computer Applications, https://doi.org/10.1016/j.jnca.2017.10.016 This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting galley proof before it is published in its final citable form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. Data Exfiltration: A Review of External Attack Vectors and Countermeasures Faheem Ullah1, Matthew Edwards2, Rajiv Ramdhany2, Ruzanna Chitchyan3, M. Ali Babar1, 4, Awais Rashid2 1University of Adelaide, Australia & 4IT University of Copenhagen, Denmark 2Security Lancaster, School of Computing and Communications, Lancaster University, UK, 3Department of Computer Science, University of Leicester, UK ABSTRACT Context: One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity.
    [Show full text]