Intrusion detection system using optimum-path forest

Intrusion detection systems that make use of artificial intelligence techniques in order to improve effectiveness have been actively pursued in the last decade. Neural networks and Support Vector Machines have been also extensively applied to this task. However, their complexity to learn new attacks has become very expensive, making them inviable for a real time retraining. In this research, we introduce a new pattern classifier named Optimum-Path Forest (OPF) to this task, which has demonstrated to be similar to the state-of-the-art pattern recognition techniques, but extremely more efficient for training patterns. Experiments on public datasets showed that OPF classifier may be a suitable tool to detect intrusions on computer networks, as well as allow the algorithm to learn new attacks faster than the other techniques. © 2011 IEEE.

On data-centric misbehavior detection in VANETs

Detecting misbehavior (such as transmissions of false information) in vehicular ad hoc networks (VANETs) is a very important problem with wide range of implications, including safety related and congestion avoidance applications. We discuss several limitations of existing misbehavior detection schemes (MDS) designed for VANETs. Most MDS are concerned with detection of malicious nodes. In most situations, vehicles would send wrong information because of selfish reasons of their owners, e.g. for gaining access to a particular lane. It is therefore more important to detect false information than to identify misbehaving nodes. We introduce the concept of data-centric misbehavior detection and propose algorithms which detect false alert messages and misbehaving nodes by observing their actions after sending out the alert messages. With the data-centric MDS, each node can decide whether an information received is correct or false. The decision is based on the consistency of recent messages and new alerts with reported and estimated vehicle positions. No voting or majority decisions is needed, making our MDS resilient to Sybil attacks. After misbehavior is detected, we do not revoke all the secret credentials of misbehaving nodes, as done in most schemes. Instead, we impose fines on misbehaving nodes (administered by the certification authority), discouraging them to act selfishly. This reduces the computation and communication costs involved in revoking all the secret credentials of misbehaving nodes. © 2011 IEEE.

A malware detection system inspired on the human immune system

Malicious programs (malware) can cause severe damage on computer systems and data. The mechanism that the human immune system uses to detect and protect from organisms that threaten the human body is efficient and can be adapted to detect malware attacks. In this paper we propose a system to perform malware distributed collection, analysis and detection, this last inspired by the human immune system. After collecting malware samples from Internet, they are dynamically analyzed so as to provide execution traces at the operating system level and network flows that are used to create a behavioral model and to generate a detection signature. Those signatures serve as input to a malware detector, acting as the antibodies in the antigen detection process. This allows us to understand the malware attack and aids in the infection removal procedures. © 2012 Springer-Verlag.