William Hill Professor in Cyber Security
Director, Center for Information Assurance
This work focuses on investigating immunological principles in designing a multi-agent system for network intrusion detection. In this approach, the immunity-based agents roam around the machines (or nodes or routers), and monitor the situation in the network (i.e. look for changes such as malfunctions, faults, abnormalities, misuse, deviations, intrusions, etc.). These agents can mutually recognize each other's activities and can take appropriate actions according to the security policies. Such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions. This research is the part of an effort to develop a multi-agent detection system that can simultaneously monitor networked computer's activities at different levels, such as packet level, user level, system level, and process level. The proposed intrusion detection system is designed as flexible, extendible, and adaptable in order to meet the needs and preferences of network administrators. A paper describing basic concepts, a general framework and an early prototype of such a system will appear in the proceedings of the 22nd National Information Systems Security Conference (NISSC), October 18-21, 1999.
A summary report on 17th National Computer Security Conference, October 11-14, 1994, Baltimore is also available.