Solving inherent problems of Anomaly Detection by Cooperation

Abstract

Anomaly detection compensates shortcomings of signature-based detection such as protecting against Zero-Day exploits. However, Anomaly Detection can be resourceintensive and is plagued by a high false-positive rate. In this work, we address these problems by presenting a Cooperative Intrusion Detection approach for the AIS, the Artificial Immune System, as an example for an anomaly detection approach. In particular we show, how the cooperative approach reduces the false-positive rate of the detection and how the overall detection process can be organized to account for the resource constraints of the participating devices. Evaluations are carried out with the novel network simulation environment NeSSi as well as formally with an extension to the epidemic spread model SIR.

@TECHREPORT{bye:2009:tr_09_02_01,
author = {Rainer Bye and Katja Luther and Ahmet Camtepe and Sahin Albayrak},
title = {{S}olving {I}nherent {P}roblems of {A}nomaly {D}etection by {C}ooperation},
institution = {Technische Universit{"a}t Berlin - DAI-Labor},
year = {2009},
number = {TUB-DAI 02/09-01},
month = jan,
note = {http://www.dai-labor.de/fileadmin/files/publications/TRCoop0209-01.pdf}
}
Authors:
Rainer Bye, Katja Luther, Seyit Ahmet Camtepe, Sahin Albayrak
Category:
Technical Report
Year:
2009