Implementation and evaluation of an immunity-enhancing module for ISC BIND9

摘要

This study focuses on an immunity-enhancing security module to protect Internet servers against cyberattacks. This security module consists of innate and adaptive immune functions. The innate immune function detects known and unknown cyberattacks, whereas the adaptive immune function learns and detects the cyberattacks detected by the innate immune function. We previously showed that this security module adaptively detected and prevented known and unknown cyberattacks on our original web server application. This paper describes our implementation of this module for ISC BIND9, evaluating its compatibility with a server application commonly used on the Internet. Performance was tested by attacking two known vulnerabilities, CVE-2015-5477 and CVE-2016-2776. Results showed that the detection accuracy of the module was 96.87% (true negative rate: 99.25%, true positive rate: 94.49%), whereas the overhead of the module was 10.81%.