ACIDS: automated co-stimulation based intrusion detection system with a sense of dynamic self

Abstract

Automated Co-stimulation based Intrusion detection system with a sense of Dynamic Self, or ACIDS, is a distributed architecture for intrusion detection systems. Other than the already used aspects of human immune systems like negative selection, clonal selection, gene expression etc., the novelty of ACIDS is that it incorporates two features of the human system not used previously, namely thymus and vaccination. <p/> <p/>Self is defined as the set of normal connections observed on the network. All the existing systems are modeling the self as a static entity, when it should have been otherwise. Also, human immune system needs two disparate signals before taking some action against the antigen. The first signal is generated at the point of attack and stimulates the immune system for rigorous detection. The second signal is known as co-stimulation, and it stimulates the immune system for taking the action against an antigen. All the existing artificial immune models are also seeking co-stimulation, but it is generated through human intervention. This makes them unusable in real time. Another drawback in the existing systems is that they start from the scratch, i.e. they do not derive knowledge from the existing data of the intrusions. <p/> <p/>ACIDS aims to overcome the above drawbacks of existing models. It includes a module called thymus that dynamically updates the self’s definition of the system. To best of our knowledge, this concept is being used for the first time in intrusion detection systems. In CIDS, hosts are monitored at two levels, network level and operating system level. Whenever an anomaly is detected at the network level, ACIDS monitors the activity of the processes in the host. If anomaly is detected there, system automatically generates the co-stimulation.