A Real-Time Dynamic Danger Theory Model for Anomaly Detection in File Systems

In the last few years, researchers have shown great interest in studying biologically inspired systems in the domain of computer science, sociology, economics and so on. Among these, computer science has made significant advances with biologically inspired theories fitted in every branch. The typical bio-inspired systems are artificial neural networks, evolutionary computation, DNA computation, and now artificial immune systems. The immune system is a complex of cells, molecules and organs which has the capability of performing pattern recognition, self-learning, immune-memory, generation of diversity, noise tolerance, variation, distributed detection and optimization. Based on physiological immune principles, new computational techniques are being developed, giving us both a better understanding of the biological system, and solving engineering problems. In this thesis, after a brief introduction to the intrusion detection system, viruses, immune systems, danger theory and some background information, we describe a new model for a danger theory based artificial immune system in intrusion detection, specially, in the domain of anomaly detection of the file systems. We then describe an experiment done to test the correctness and efficiency of one of the lower layers of this model, in a simulated file system. We discover that the model can efficiently and rapidly detect many patterns, with low levels of false positives and false negatives, although it has some weaknesses detecting patterns occurring over a long time distance.