Distributed Network Intrusion Detection An Immunological Approach Steven Hofmeyr Stephanie Forrest Patrik Díhaeseleer Dept. of Computer Science University of New Mexico Albuquerque, NM {steveah, forrest, patrik}@cs.unm.edu http://cs.unm.edu/~steveah/research.html


Background: Defining Self

The Biological Viewpoint

How the Immune System Distributes Detection

The Negative Selection Algorithm

Applying Negative Detection to Network Traffic

PPT Slide

Experimental Setup

Experimental Results

The Problem of Incomplete Self Sets (Suppose the training set is incomplete)

Experimental Results Intrusions with and without permutation masks

Experimental and Theoretical Results: Permutation Masks Overcome the Hole Limit

Pushing the Immune Metaphor