| Artificial Immune Systems take inspiration from the immune system found in vertebrates to solve issues in various applications such as autonomic computing. In security, these systems can be used as an intrusion detection/prevention system by distinguishing self-entities from foreign-entities in order to detect malicious events. These systems typically create a binary trust either by only defining self-entities or by defining foreign-entities. Unfortunately, systems often label new information incorrectly. Furthermore outdated or misconfigured systems can open themselves up for attack. In this thesis, a framework is proposed for an artificial immune, active intrusion detection system (AcIDS) that uses fuzzy inference in order to allow for the uncertainty of new information. AcIDS is developed as a loadable kernel module for the Linux operating system written in C. This system resides in the kernel in order to intercept, analyze, learn, and potentially block system calls as they pass through the host. Testing reveals that AcIDS successfully blocks known malicious system calls while learning the benign or malicious nature of new system calls over time through grey listing. Finally, testing reveals that AcIDS performs with acceptable overhead to overall host performance of 24.5%. This increase is incurred during file I/O so could be considered acceptable even in high performance computing environments where file I/O is already a bottleneck. |
