Title :
An immunological approach to change detection: theoretical results
Author :
D´haeseleer, Patrik
Author_Institution :
Dept. of Comput. Sci., New Mexico Univ., Albuquerque, NM, USA
Abstract :
This paper examines some of the theoretical foundations of the distributable change detection method introduced by S. Forrest et al. (1994), including fundamental bounds on some of its parameters. A short overview is given of the reasoning behind this method, its immunological counterpart and its computer implementation. The amount of information that is lost by splitting a data stream into unordered strings can be estimated, and this estimate can be used to guide the choice of string length. A lower bound on the size of the detector set is derived, based on information-theoretic grounds. The principle of holes (undetectable nonself strings) is illustrated, along with a proof of their existence for a large class of matching rules. The influence of holes on the achievable failure rate is discussed, along with guidelines on how to avoid them
Keywords :
security of data; change detection; holes; immunological approach; lower bound; string length; Computer science; Computer security; Computer viruses; Detectors; Guidelines; Immune system; Invasive software; Protection; Proteins; Skin;
Conference_Titel :
Computer Security Foundations Workshop, 1996. Proceedings., 9th IEEE
Conference_Location :
Kenmare
Print_ISBN :
0-8186-7522-5
DOI :
10.1109/CSFW.1996.503687
