An Approach for Adaptive Intrusion Prevention Based on The Danger

Abstract

Current approaches to intrusion detection are generally based on the observation of only one source of information such as network traffic, system calls, resource usage etc. However, we would get a more precise conclusion about the incident of intrusion if we used the entire available information. We are going to present an approach to an intrusion prevention system (IPS) which is inspired by the danger theory of immunology and tries to solve this problem by analyzing more sources of information. In this paper we will show how to link the entities which participate in the interactions described by this theory with components of the operating system for synthesizing of IPS. Well also introduce a technique inspired by the clonal selection mechanism of the human immune system which links the anomaly behavior of system processes with received network traffic and can generate new signatures of network intrusions on the fly