Employing Artificial Immunology and Approximate Reasoning Models for Enhanced Network Intrusion Detection

With the massive connectivity provided by modern computer networks, more and more systems are subject to attack by intruders. The creativity of attackers, the complexities of host computers, along with the increasing prevalence of distributed systems and insecure networks such as the Internet have contributed to the difficulty in effectively identifying and counteracting security breaches. As such, while it is critical to have the mechanisms that are capable of preventing security violations, complete prevention of security breaches does not appear to be practical. Intrusion detection can be regarded as an alternative, or as a compromise to this situation. Several techniques for detecting intrusions are already well developed. But given their shortcomings, other approaches are being proposed and studied by many researchers. This paper discusses the shortcomings of some of the more traditional approaches used in intrusion detection systems. It argues that some of the techniques that are based on the traditional views of computer security are not likely to fully succeed. An alternative view that may provide better security systems is based on adopting the design principles from the natural immune systems, which in essence solve similar types of problems in living organisms. Furthermore, in any of these methodologies, the need for exploiting the tolerance for imprecision and uncertainty to achieve robustness and low solution costs is evident. This work reports on the study of the implications and advantages of using artificial immunology concepts for handling intrusion detection through approximate reasoning and approximate matching. Key-Words: Intrusion detection, Natural immune system, Soft computing, Approximate reasoning.