A Study of Buffer Overflow Attack Detection Using Artifical Immune System Based Danger Theory

摘要

Intrusion attacks are causing major security problems in computer networks. Firewall has been useful for certain attacks but it has its own limitation and can be bypasses. Intrusion detection and prevention is the method of identifying and preventing unauthorized use, misuse and abuse of computer system by both insiders and external attackers. In this approach, the resistant principle of human body is applied to computer security. Existing systems of AIS based IDS suffers lot of drawbacks due to Inefficient Negative Selection algorithm. These systems have high false positive and negative errors as this algorithm mainly detects intrusion based on discrimination of self from non-self. So, Danger theory evolved. According to Danger theory, the immune system does not respond to non-self but to danger. Thus, there is no need to attack everything that is foreign. The foreign entity which causes damage to the cells has to be killed. The proposed system identifies the attack uses this theory. This system runs in a host machine connected to a computer network. Based on this theory, the host machine receives packets from all the nodes connected to a network and analyzes the packets for any dangerous executable components in its payload. If the dangerous executable components are present in the payload it is said to be infected by an intrusion attack and the packet is discarded.