Synthesizing of intrusion prevention system based on the association of human immune system and operating system

Current approaches to intrusion detection are generally based on the observation of only one source of information such as network traffic, resource usage, logs etc. In this paper we would get a more precise conclusion about the incident of intrusion if we used all the available information. In this paper we are going to present an approach to an Intrusion Prevention System (IPS) which tries to solve this problem and trigger an active response exclusively for dangerous security events. We will show how to link The Danger Theory of immunology with components of the operating system for the synthesizing of intrusion prevention system. We'll also propose a technique inspired by the clonal selection mechanism of the immune system which links the anomaly behavior of system processes with received network traffic and can generate new signatures of network intrusions on the fly. We'll discuss an implementation of this approach based on the example of a developed prototype which works in the kernel space of Linux. Our IPS combines signature and anomaly based approaches and balances between corresponding modules using several methods.