This paper presents design, implementation, and testing of NAIS, an artificial immune system for the protection of computer networks. Inspired by the biological innate immune system, NAIS consists of a collection of digital macrophages that scan the network for dangerous non-self processes, and kill them. NAIS is based on the observation that all significant network attacks are preceded by preparatory small-scale intrusions meant to gather the necessary information --- information on servers and operating systems, logins, weak passwords, ill-installed or poorly maintained services, etc. This information is used to bypass the network's defense barriers --- access controls, firewalls --- and to gain access to the machine before it is attacked. Such preparatory intrusions do not generate new processes, however the subsequent, actual intrusion will. Such processes will be recognized as non-self by the digital macrophages run by NAIS, and killed right away, thus defusing the attack. Telling illegal new processes from legal ones is a difficult matter, and amounts to providing a strong definition of non-self process. Our testing of NAIS proved our definition to be quite effective in protecting networks of one-service computers.
展开▼
