An Immunological Approach to Change Detection: Theoretical Results

Patrik D'haeseleer

doi:10.1109/CSFW.1996.503687

C
CSFW
1996
Ninth IEEE Computer Security Foundations Workshop
Abstract - An Immunological Approach to Change Detection: Theoretical Results

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Patrik D'haeseleer

Ninth IEEE Computer Security Foundations Workshop

An Immunological Approach to Change Detection: Theoretical Results

Dromquinna Manor, Kenmare, County Kerry, Ireland

March 10-March 12

ISBN: 0-8186-7522-5

	ASCII Text	x
	Patrik D'haeseleer, "An Immunological Approach to Change Detection: Theoretical Results," Computer Security Foundations Workshop, IEEE, pp. 18, Ninth IEEE Computer Security Foundations Workshop, 1996.

	BibTex	x
	@article{ 10.1109/CSFW.1996.503687, author = {Patrik D'haeseleer}, title = {An Immunological Approach to Change Detection: Theoretical Results}, journal ={Computer Security Foundations Workshop, IEEE}, volume = {0}, year = {1996}, issn = {1063-6900}, pages = {18}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSFW.1996.503687}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Foundations Workshop, IEEE TI - An Immunological Approach to Change Detection: Theoretical Results SN - 1063-6900 SP EP A1 - Patrik D'haeseleer, PY - 1996 KW - Immunology KW - change detection KW - distributed KW - negative selection KW - entropy KW - information loss KW - holes VL - 0 JA - Computer Security Foundations Workshop, IEEE ER -

Patrik D'haeseleer, University of New Mexico patrik@cs.unm.edu

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSFW.1996.503687

This paper examines some of the theoretical foundations of the distributable change detection method introduced by Forrest et al., including fundamental bounds on some of its parameters. A short overview is given of the reasoning behind this method, its immunological counterpart and its computer implementation. The amount of information that is lost by splitting a data stream into unordered strings can be estimated, and this estimate can be used to guide the choice of string length. A lower bound on the size of the detector set is derived, based on information-theoretic grounds. The principle of holes (undetectable nonself strings) is illustrated, along with a proof of their existence for a large class of matching rules. The influence of holes on the achievable failure rate is discussed, along with guidelines on how to avoid them.

Index Terms:

Immunology, change detection, distributed, negative selection, entropy, information loss, holes

Citation:

Patrik D'haeseleer, "An Immunological Approach to Change Detection: Theoretical Results," csfw, pp.18, Ninth IEEE Computer Security Foundations Workshop, 1996

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.