New Approaches to Computer Security: Immunology and Intrusion Detection

Monday, October 19, 1998 - 2:30pm - 3:40pm
Keller 3-180
Stephanie Forrest (University of New Mexico)
Natural immune systems are sophisticated information processors. They learn to recognize relevant patterns, they remember patterns that have been seen previously, and they use combinatorics to construct pattern detectors efficiently. Further, the individual cells and molecules that comprise the immune system are distributed throughout our bodies, encoding and controlling the system in parallel with no central control mechanism.

The talk will describe a project that is incorporating principles and mechanisms from immunology into computer security. It will emphasize recent work on a lightweight intrusion-detection system for networked computers. In this system, normal behavior is defined by short-range correlations in a process's system calls---a much simpler approach than that used previously. Initial experiments suggest that the definition is stable during normal behavior and that it is sensitive to several common intrusions.