Learn More
A method for anomaly detection is introduced in which ``normal'' is defined by short-range correlations in a process' system calls. Initial experiments suggest that the definition is stable during normal behavior for standard UNIX programs. Further, it is able to detect several common intrusions involving sendmail and lpr. This work is part of a research(More)
An artificial immune system (ARTIS) is described which incorporates many properties of natural immune systems, including diversity, distributed computation, error tolerance, dynamic learning and adaptation, and self-monitoring. ARTIS is a general framework for a distributed adaptive system and could, in principle, be applied to many domains. In this paper,(More)
A method is introduced for detecting intrusions at the level of privileged processes. Evidence is given that short sequences of system calls executed by running programs are a good discriminator between normal and abnormal operating characteristics of several common UNIX programs. Normal behavior is collected in two ways: Synthetically, by exercising as(More)
This review describes a body of work on computational immune systems that behave analogously to the natural immune system. These artificial immune systems (AIS) simulate the behavior of the natural immune system and in some cases have been used to solve practical engineering problems such as computer security. AIS have several strengths that can complement(More)
Dedication To the Babs for having such patience when I was so far away, and to my dearest Folks for getting me this far. Abstract This dissertation explores an immunological model of distributed detection, called negative detection , and studies its performance in the domain of intrusion detection on computer networks. The goal of the detection system is to(More)
Natural immune systems provide a rich source of inspiration for computer security in the age of the Internet. Immune systems have many features that are desirable for the imperfect , uncontrolled, and open environments in which most computers currently exist. These include distributability, diversity , disposability, adaptability, autonomy, dynamic coverage(More)
We argue for space-time partitioning (STP) in many-core operating systems. STP divides resources such as cores, cache, and network bandwidth amongst interacting software components. Components are given unrestricted access to their resources and may schedule them in an application-specific fashion, which is critical for good parallel application(More)