Date of Award
Master of Science
Department of Electrical and Computer Engineering
Gregg H. Gunsch, PhD
The Air Force and other Department of Defense (DoD) computer systems typically rely on traditional signature-based network IDSs to detect various types of attempted or successful attacks. Signature-based methods are limited to detecting known attacks or similar variants; anomaly-based systems, by contrast, alert on behaviors previously unseen. The development of an effective anomaly-detecting, application based IDS would increase the Air Force's ability to ward off attacks that are not detected by signature-based network IDSs, thus strengthening the layered defenses necessary to acquire and maintain safe, secure communication capability. This system follows the Artificial Immune System (AIS) framework, which relies on a sense of "self", or normal system states to determine potentially dangerous abnormalities ("non self"). A method for anomaly detection is introduced in which "self' is defined by sequences of events that define an application's execution path. A set of antibodies that act as sequence "detectors" are developed and used to attempt to identify modified data within a synthetic test set.
DTIC Accession Number
O'Brien, Larissa A., "Using Sequence Analysis to Perform Application-Based Anomaly Detection within an Artificial Immune System Framework" (2003). Theses and Dissertations. 4208.