Posted on September 15, 2005 by Ronald London

Human Immune System as Model for Intrusion Detection

  • Email This
  • Print
  • Comments
  • Share Link

SearchSecurity.com is reporting on a novel method of fighting attacks on computer systems that borrows a page from the human body's own immune system.

The research into cutting-edge Intrusion Detection Systems (IDS) is being led by Uwe Aickelin, a professor at the University of Nottingham in the United Kingdom.

According to the article, Dr. Aickelin's research focuses on what is known as "danger theory", an immunology theory which argues that rather than the simple self/non-self distinction that immunologists have traditionally believed controlled immune cell's reaction to foreign bodies, the immune system actually reacts to a "complex system of signals and weighs the danger depending on their origin, seriousness and frequency." Applying this to computer security, Dr. Aickelin's team, including lead research associate Jamie Twycross, is developing software that

controls an input/output device akin to an artificial dendric cell and a system call serving as an antigen. Then the I/O device can be programmed to treat system calls more seriously than other types of traffic. "The challenge is to figure out the receptors and how to weigh potential threats," [Twycross] says.


By taking the data generated by a mixture of DCs with cells in varying states of decay, such as cells that are stressed or inflamed, Twycross and Aickelin were able to map these conditions to data points such as CPU load, disk usage and signals from standard off-the-shelf IDS software packages.

We at the Privacy & Security Law Blog found this concept fascinating, and we followed up with Dr. Aickelin as to the reasons his research may prove especially important at this moment in time. He noted that

classic IDS are failing more and more due to their inability to recognise day zero threats. So I think there is an urgent need for a new angle on this, which perhaps immune systems can provide due to their inherent ability to recognise never before seen threats. Whether they can do this without increasing false positives is at the heart of our research and the answer is still outstanding.

Posted by Lance Koonce
Tags:
Trackbacks (0) Links to blogs that reference this article Trackback URL
Comments (0) Read through and enter the discussion with the form at the end
Post A Comment / Question Use this form to add a comment to this entry.







Remember personal info?
Send To A Friend Use this form to send this entry to a friend via email.