Artificial Cells are a component of the
Artificial Immune System and are comparable with mobile Agents. The cells perform the security-tasks like Packet-Checking, identification of infected nodes, and data collection. Therefore, the cells move through the network and it performs that task autonomously. Thus, the cell decides which task has to be done at which time. In addition, the artificial cell is not dependent on other components and especially not on centralised systems. This is important because otherwise could the adversarial break down the centralised system and the artificial cells stop doing their tasks. Furthermore, the artificial cells are lightweighted and highly-specialised so that they can easily move to another node and do not require many bandwidth.
Features of artifical Cells
-
Autonomous Workflow
-
Mobile
-
Highly-Specialised/Lightweighted
Allowed Tasks of an artificial Cell
-
Movement: the cell can move to other nodes.
-
Packet-Checking: the cell receives each packet and evaluates whether it is malicious or not.
-
Packet-Changing: the cell can change and remove packets in order to eliminate intrusions. However, the cell must not prove that the packet contains an intrusion.
-
Access of Files: the cell has read-only and sometimes read/write access to the files on the node.
-
Self-Propagation: the cell can self-propagate itself. In this process, the new cell can be mutated or changed compared to the original cell.
-
Shutdown of the artificial cell: after some time, the cell shuts down. With this, the cell-population is kept up-to-date due to the release of novel cells.
-
Communication with other Components: using the artificial Cell Communication, the cells and other components communicate and cooperate. Therefore, the artificial receptors describe the type and status of the cell and the cells communicate using substances. Using the communication, the cells can inform other cells about events, e.g. the first cell identifies an infected node and the second cell starts the disinfection process.
For the description of the artificial Cells in the
artificial Cell Communication please see
here
Example of an artificial Cell for Intrusion Detection
In Intrusion Detection, a dataset describes how intrusions can be detected and how to proceed if an intrusion is identified. In the signature-based approach, the description is a string/pattern for each intrusion. In the behaviour-based approach, the behaviour of an intrusion describes how to identify it. Furthermore, the security component (here: artificial cell) can e.g. disinfect the packet from the intrusion or remove the whole packet.
The artificial cell consists of three parts:
-
Behaviour: this describes the behaviour of the cell. The movement, shutdown, and propagation behaviour consists to the behaviour. In addition, some communication definition can be done in the behaviour.
-
Knowledge: this is the knowledge of the artificial cell, e.g. about the network topology or information about other artificial cells and their tasks.
-
Dataset of known Intrusions: how to identify and how to remove an intrusion is identified in this dataset. The responses to an intrusions are e.g. removing the packet, disinfection of a packet, or information of other components (e.g. also Administrator) about the identified intrusion.
The Workflow:
-
The cell checks each packet and if it identifies an intrusion, the response saved in the dataset is done.
-
After some time or after an event moves the cell to another node as defined in the Behaviour.
-
After some time or after an event shuts the cell down.
-
If defined in the Behaviour or in the Dataset of known Intrusions, the cell uses the artificial cell communication in order to communicate with other security components.
"Description Artificial Cell" is mentioned on: SANA-Project in Detail
