International Journal of Information Security ( IF 2.4 ) Pub Date : 2021-05-03 , DOI: 10.1007/s10207-021-00550-x Roberto Vasconcelos Melo , Douglas D. J. de Macedo , Diego Kreutz , Alessandra De Benedictis , Mauricio Martinuzzi Fiorenza
Anomaly-based detection techniques have a high number of false positives, which degrades the detection performance. To address this issue, we propose a distributed intrusion detection system, named ISM-AC, based on anomaly detection using artificial immune system and attack graph correlation. To analyze network traffic, we use negative selection, clonal selection, and immune network algorithms to implement an agent-based detection system. ISM-AC leverages the programmability of software-defined networking to reduce the false positive rate. Our findings show that ISM-AC achieves better detection performance for denial of service, user to root, remote to local, and probe attack classes. Alert correlation plays a key role in this achievement.
中文翻译:
ISM-AC:基于警报关联和软件定义网络的免疫安全模型
基于异常的检测技术具有大量的误报,这会降低检测性能。为了解决这个问题,我们提出了一种分布式入侵检测系统,称为ISM-AC,它基于使用人工免疫系统和攻击图相关性的异常检测。为了分析网络流量,我们使用否定选择,克隆选择和免疫网络算法来实现基于代理的检测系统。ISM-AC利用软件定义网络的可编程性来降低误报率。我们的发现表明,ISM-AC在拒绝服务,用户到root,远程到本地以及探测攻击类别方面具有更好的检测性能。警报关联在此成就中起关键作用。