UL | CSC | ILIAS | MINE


Home

: Our Team
: Teaching
: Publications
: Research
: Conferences
: Events
: NEW: Open Theses
: NEW: Jobs
: Contact

: mics
: binfo
: ilias
: uni gr

internal only

Goethe AG
SANA-Project in Detail

This page provides an overview about the research which was and is done in the SANA-Project. This research is divided in several sub-project.

Description: Artificial Immune System

This is a short introduction and overview about artificial immune systems.

Description: Artificial Cell

Description of the artificial Cell with allowed Tasks and Security.

Description: Network Intrusion Detection Systems

This is a brief description of Network Intrusion Detection Systems.

Example: Worm-Attack

This is an example where a Worm infects a Part of the Network and SANA disinfects the Network.

Sub-Project: SANA - An artificial immune System for Network Intrusion Detection

In this project, I introduce a new framework in order to model an artificial immune system. The novel approach is to design a framework in which nearly all immunological process can be modeled. The global aim of the artificial immune system is to secure the network using lightweighted, autonomous and adaptive artificial cells. These artificial cells flows through the network and perform different tasks, e.g. packet checking, indentification of infections, etc. The advantages are that every node will be secured against attacks and the computational power is shared over the whole network. For more information, please visit the Description of the SANA-AIS.

Sub-Project: ANIMA-ID - ANIMA for Network Intrusion Detection

Christoph Schommer introduces and Ben Schroeder enhances ANIMA in order to find associations rules in data streams with an online approach. Now, I use this idea in order to store bad-signatures of computer network intrusions and in order to check packets whether a packet is bad or not. Consequently, I design an online-system which is easy to administrate, adaptive and efficient. I call this ANIMA-system ANIMA-ID bellow. ANIMA-ID will be used in the aritficial immune system as one type of artificial cell which evaluates whether a packet contains an attack or not. More information on this Page.

Sub-Project: ANIMA-AD ANIMA for Anomaly Detection

In this project, I try to use ANIMA for anomaly detection. Anomaly detection is storing normal network traffic (does not contain any attacks) and thereafter checking all network traffic is normal (similar to the stored traffic) or abnormal (different to the stored traffic). Out of this approach, I have to train my system with training-data containing no attacks and thereafter I can check set of packets in order to evaluate whether the traffic contains attacks or not. The shortcut for this approach is ANIMA-AD. More information on this Page.


Sub-Project: AGNOSCO- AGents for the ideNtification of infected cOmputers uSing ant COlonies

A major problem in network security is to identify infected network nodes. There exist some techniques using statistically analysis of the internet traffic as well as checking the whole network node (e.g. virus-scanner). Unfortunately, the former system needs a lot of computational power and reacts slowly to a new infection of a node. The latter technique needs plenty of computational power in the node and the infection must be known by the scanner.
AGNOSCO is an approach in order to indentify infected nodes using artificial ant colonies. The system does not need either plenty of computational power nor plenty of communication. More information on this Page.


Sub-Project: Cell Communication for Computer Science

The artificial Cells in SANA work autonomously and use little local communication. For several basic attacks this is sufficient. In order to secure the network against complex attacks, which e.g. assault several nodes using an attack consisting of lots of packets, cooperation and collaboration between agents is needed. Unfortunately, if a message-system is used, there is a lot of communication and infrastructure needed only to guarantee that the messages reach the right agent. Thus, new approaches are needed which can be biological inspired (e.g. modelling the cytokines or hormones) or inspired by cooperation of humans (e.g. agent-families or –societies). The goal of this project is to define a communication and collaboration structure for SANA without loosing that the agents are autonomous and without the need of plenty of additional communication. More information on this Page.

Sub-Project: Self-Management of an artificial Immune System

Artificial Immune Systems belong either to the class of Multi-Agent Systems or to the class of Complex Adaptive Systems (CAS). With the high amount of artificial Cells and the highly Specialisation, SANA belongs to the class of Complex Adaptive Systems. This class reaches the goals while each component performs basic tasks. Unfortunately, the CAS does not provide any guarantee that the goal is reached. Thus, we want to introduce a Self-Management of the CAS in order to provide Guarantees; however, this Self-Management must be distributed and does not have any centralised System. More information on this Page.

Sub-Project: Theoretical Comparison of centralised and distributed Network Intrusion Detection Systems

In this project, I compare the two different approaches of NIDS:
  • Centralised NIDS secure one node in the network and check each packet which is routed over this node.
  • Distributed NIDS secure each node in the network where each node provide some (e.g. 10%) of the computational power for the checking of packets.
The goal of this project is to show or even to prove when a distributed NIDS performs better than a centralised one.

"SANA-Project in Detail" is mentioned on: SANA
Printable Version
VeryQuickWiki - HTML Export
Version: 2.7.1 (UniLux: 1.15.0 2006-01-19)
Modified: 2006-10-07 10:54:37
Exported: 2012-02-09 01:31:35