Date of Award


Document Type


Degree Name

Master of Science


Department of Electrical and Computer Engineering

First Advisor

Gregg H. Gunsch, PhD


The Air Force and other Department of Defense (DoD) computer systems typically rely on traditional signature-based network IDSs to detect various types of attempted or successful attacks. Signature-based methods are limited to detecting known attacks or similar variants; anomaly-based systems, by contrast, alert on behaviors previously unseen. The development of an effective anomaly-detecting, application based IDS would increase the Air Force's ability to ward off attacks that are not detected by signature-based network IDSs, thus strengthening the layered defenses necessary to acquire and maintain safe, secure communication capability. This system follows the Artificial Immune System (AIS) framework, which relies on a sense of "self", or normal system states to determine potentially dangerous abnormalities ("non self"). A method for anomaly detection is introduced in which "self' is defined by sequences of events that define an application's execution path. A set of antibodies that act as sequence "detectors" are developed and used to attempt to identify modified data within a synthetic test set.

AFIT Designator


DTIC Accession Number