SANA - Security Analysis in Internet Traffic

My research work is concerned with computer network/internet security and the design of intelligent components against destructive intrusions, e.g. worms, viruses and spam. Whereas in current research works the protection of network systems is mainly realized through a centralised classification approach consuming lots of computational power, the intended idea of SANA is to use the human immune system as a natural archetype for the design and implementation of an artificial simulation system. The implementation of SANA is characterized through a distributed, efficient and artificial way consisting of autonomous and light-weighted artificial cells with a certain amount of intelligence; artificial Cells flow through the network and check internet packets autonomously. They work independently, they are dynamic and adaptive, and deal with network packages that were identified as to be malicious in order to secure the network. Artificial Cells simulate T- and B-cells of the human immune system.

All components of SANA are motivated by the immune system: there exist e.g. fast and efficient packet-filters in each network-node which check all packets against basic intrusions – modelling the innate immune system – and the artificial Cells which check all packets against complex intrusions – modelling the adaptive immune system. Furthermore, with the environment of SANA, it is possible to model nearly all immunological processes.

First results are auspicious; SANA classifies about 85% of the intrusion test data correctly; and prevents the test system against these attacks. This classification rate will be improved by the adaptive improvement of classification patterns.
The rules how to identify an intrusion are stored in a novel adaptive, efficient system which is easy-to-use. Furthermore, SANA is highly adaptive because it identifies previous known attacks, attacks which are similar to the stored (finding mutations of attacks) as well as complete new attacks using monitoring the network-traffic and finding abnormal behaviour.
Current Research is about the Cooperation of artificial Cells. Therefore, the Communication of Cells in the Human Body is analysed and these Techniques will be reused for the Collaboration of artificial Cells. First Techniques are already implemented, e.g. the idea of local Cooperation (cp. paracrine Cytokines) or the Second Signal (two artificial Cells must identify a Packet as malicious before the artificial immune system will disinfect it).

SANA is a highly interdisciplinary project providing deep cooperation between researchers of different areas like computer science, biology and medicine. SANA is associated with the research project INTRA that is currently performed at the Intelligent and Adaptive Systems Group, University of Luxembourg. The research work is supervised by Prof. Dr. Christoph Schommer; first results are published at international conferences in Slovenia and Australia.

"Summary SANA" is mentioned on: SANA