Anomaly-based detection techniques have a high number of false positives, which degrades the detection performance. To address this issue, we propose a distributed intrusion detection system, named ISM-AC, based on anomaly detection using artificial immune system and attack graph correlation. To analyze network traffic, we use negative selection, clonal selection, and immune network algorithms to implement an agent-based detection system. ISM-AC leverages the programmability of software-defined networking to reduce the false positive rate. Our findings show that ISM-AC achieves better detection performance for denial of service, user to root, remote to local, and probe attack classes. Alert correlation plays a key role in this achievement.

ISM-AC: an immune security model based on alert correlation and software-defined networking / Melo, R. V.; de Macedo, D. D. J.; Kreutz, D.; De Benedictis, A.; Fiorenza, M. M.. - In: INTERNATIONAL JOURNAL OF INFORMATION SECURITY. - ISSN 1615-5262. - 21:2(2022), pp. 191-205. [10.1007/s10207-021-00550-x]

ISM-AC: an immune security model based on alert correlation and software-defined networking

De Benedictis A.;
2022

Abstract

Anomaly-based detection techniques have a high number of false positives, which degrades the detection performance. To address this issue, we propose a distributed intrusion detection system, named ISM-AC, based on anomaly detection using artificial immune system and attack graph correlation. To analyze network traffic, we use negative selection, clonal selection, and immune network algorithms to implement an agent-based detection system. ISM-AC leverages the programmability of software-defined networking to reduce the false positive rate. Our findings show that ISM-AC achieves better detection performance for denial of service, user to root, remote to local, and probe attack classes. Alert correlation plays a key role in this achievement.
2022
ISM-AC: an immune security model based on alert correlation and software-defined networking / Melo, R. V.; de Macedo, D. D. J.; Kreutz, D.; De Benedictis, A.; Fiorenza, M. M.. - In: INTERNATIONAL JOURNAL OF INFORMATION SECURITY. - ISSN 1615-5262. - 21:2(2022), pp. 191-205. [10.1007/s10207-021-00550-x]
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/880124
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 4
social impact