Back to Search
Start Over
ISM-AC: an immune security model based on alert correlation and software-defined networking
- Source :
- International Journal of Information Security. 21:191-205
- Publication Year :
- 2021
- Publisher :
- Springer Science and Business Media LLC, 2021.
-
Abstract
- Anomaly-based detection techniques have a high number of false positives, which degrades the detection performance. To address this issue, we propose a distributed intrusion detection system, named ISM-AC, based on anomaly detection using artificial immune system and attack graph correlation. To analyze network traffic, we use negative selection, clonal selection, and immune network algorithms to implement an agent-based detection system. ISM-AC leverages the programmability of software-defined networking to reduce the false positive rate. Our findings show that ISM-AC achieves better detection performance for denial of service, user to root, remote to local, and probe attack classes. Alert correlation plays a key role in this achievement.
- Subjects :
- 021110 strategic, defence & security studies
Artificial immune system
Computer Networks and Communications
Computer science
business.industry
ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS
0211 other engineering and technologies
Denial-of-service attack
Network security
02 engineering and technology
Computer security model
Correlation
Anomaly
Key (cryptography)
False positive paradox
Intrusion detection
Anomaly detection
False positive rate
Safety, Risk, Reliability and Quality
Software-defined networking
business
Software
Information Systems
Computer network
Subjects
Details
- ISSN :
- 16155270 and 16155262
- Volume :
- 21
- Database :
- OpenAIRE
- Journal :
- International Journal of Information Security
- Accession number :
- edsair.doi.dedup.....bd24263f10e316c194eb00081bf93190