• DocumentCode
    1842433
  • Title

    An immunological approach to change detection: theoretical results

  • Author

    D´haeseleer, Patrik

  • Author_Institution
    Dept. of Comput. Sci., New Mexico Univ., Albuquerque, NM, USA
  • fYear
    1996
  • fDate
    10-12 Jun 1996
  • Firstpage
    18
  • Lastpage
    26
  • Abstract
    This paper examines some of the theoretical foundations of the distributable change detection method introduced by S. Forrest et al. (1994), including fundamental bounds on some of its parameters. A short overview is given of the reasoning behind this method, its immunological counterpart and its computer implementation. The amount of information that is lost by splitting a data stream into unordered strings can be estimated, and this estimate can be used to guide the choice of string length. A lower bound on the size of the detector set is derived, based on information-theoretic grounds. The principle of holes (undetectable nonself strings) is illustrated, along with a proof of their existence for a large class of matching rules. The influence of holes on the achievable failure rate is discussed, along with guidelines on how to avoid them
  • Keywords
    security of data; change detection; holes; immunological approach; lower bound; string length; Computer science; Computer security; Computer viruses; Detectors; Guidelines; Immune system; Invasive software; Protection; Proteins; Skin;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Workshop, 1996. Proceedings., 9th IEEE
  • Conference_Location
    Kenmare
  • ISSN
    1063-6900
  • Print_ISBN
    0-8186-7522-5
  • Type

    conf

  • DOI
    10.1109/CSFW.1996.503687
  • Filename
    503687
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1842433