Intelligent Security Systems Research Laboratory
378 Dunn Hall
Memphis, TN 38152-3240
phone: (901) 678-4147
fax: (901) 678-2480
dasgupta@memphis.edu
- Professor, Department of Computer Science, University of Memphis
- Director, Center for Information Assurance
- Director, Intelligent Security Systems Research Laboratory
Research
Research Interests
- Immune Agent Architecture
- Fuzzy Decision Systems for Intrusion Detection
- Evolving Classifier Rules for Intrusion Detection and Responses
Immune Agent Architecture
In this architecture the immunity-based agents roam around the machines (nodes or routers) and monitor the situation in the network (i.e., look for changes such as malfunctions, faults, abnormalities, misuse, deviations, intrusions, etc.). These agents can mutually recognize each other's activities and can take appropriate actions according to the underlying security policies. Such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions.
Fuzzy Decision Systems for Intrusion Detection
The proposes of this project is to apply artificial immune system techniques to generate a fuzzy classifier that can distinguish between normal behavior and abnormal behavior in a computer system and classify known intrusions. In this way, a fuzzy classifier is a set of m+1 fuzzy rules, where m is the number of different attacks and the extra fuzzy rule is to classify the normal system behavior. As the difference between the normal and the abnormal activities are not distinct, but rather fuzzy, fuzzy logic can reduce the false signal in determining intrusive activities. Currently, genetic algorithms have been used to train the fuzzy classifier. The main idea is to evolve fuzzy rules, one for each known attack.
Evolving Classifier Rules for Intrusion Detection and Responses
The work investigates the use of genetic classifier systems for evolving intrusion/anomaly detection and action rules. A classifier system is a machine-learning system. Any classifier system has a set of condition-action rules called classifiers. The classifier systems learn rules, which guide the system's performance in monitored environment. A classifier system starts with some initial rules that can be given as input and learns new rules. A classifier system takes input from the environment classifies it according to its classifiers and suggests some action, which effects the environment. The environment provides a feedback using which the system learns.