The analysis of system calls is one method employed by anomaly detectionsystems to recognise malicious code execution. Similarities can be drawnbetween this process and the behaviour of certain cells belonging to the humanimmune system, and can be applied to construct an artificial immune system. Arecently developed hypothesis in immunology, the Danger Theory, states that ourimmune system responds to the presence of intruders through sensing moleculesbelonging to those invaders, plus signals generated by the host indicatingdanger and damage. We propose the incorporation of this concept into aresponsive intrusion detection system, where behavioural information of thesystem and running processes is combined with information regarding individualsystem calls.
展开▼
