Using Sequence Analysis to Perform Application-Based Anomaly Detection within an Artificial Immune System Framework

Author

Larissa A. O'Brien

Date of Award

3-2003

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Gregg H. Gunsch, PhD

Abstract

The Air Force and other Department of Defense (DoD) computer systems typically rely on traditional signature-based network IDSs to detect various types of attempted or successful attacks. Signature-based methods are limited to detecting known attacks or similar variants; anomaly-based systems, by contrast, alert on behaviors previously unseen. The development of an effective anomaly-detecting, application based IDS would increase the Air Force's ability to ward off attacks that are not detected by signature-based network IDSs, thus strengthening the layered defenses necessary to acquire and maintain safe, secure communication capability. This system follows the Artificial Immune System (AIS) framework, which relies on a sense of "self", or normal system states to determine potentially dangerous abnormalities ("non self"). A method for anomaly detection is introduced in which "self' is defined by sequences of events that define an application's execution path. A set of antibodies that act as sequence "detectors" are developed and used to attempt to identify modified data within a synthetic test set.

AFIT Designator

AFIT-GCS-ENG-03-15

DTIC Accession Number

ADA415494

Recommended Citation

O'Brien, Larissa A., "Using Sequence Analysis to Perform Application-Based Anomaly Detection within an Artificial Immune System Framework" (2003). Theses and Dissertations. 4208.
https://scholar.afit.edu/etd/4208