Artificial Immune Systems, Intrusion Detection and Disruption Tolerant Networks

in security •  8 years ago  (edited)

Introduction

enter image description here
Today we will examine the concept of the artificial immune system. In one of my previous blog posts I discussed biomimicry and how it relates to information security. We will revisit biomimicry in the form of artificial immune systems. I will reveal how DTNs (disruption tolerant network/delay tolerant networks) function and how they may be used to improve security in the Internet of Things. I will discuss a new whitepaper for an in development decentralized application called IOTA which utilizes DAGs. And finally I will combine all of these different technologies into an example of how it might in the near future converge to be used.

“The thesis presents nine design principles for the
second generation’s artificial immune systems. The first
principle is that artificial immune systems are represented
as autonomous agents. The second principle states
problems when AIS are represented as antigens or
external (intrusion) signals. The third principle states that
the aim of the second generation AIS is to maintain
themselves and their environments. The fourth principle
defines the functions of agents being to capture antigens,
to process, to present, to recognize, to monitor, process
and produce signals [4]. The fifth design principle states
that agents have a life cycle. The sixth design principle
states that agents communicate with the environment at
multiple levels. The seventh design principle states that
signals can be externally or internally produced. The eight
design principle states that receptors can be specific,
internal or external signals. Te last principle states that
agents can specialize in specific tasks “ (Singh, 2015).

Using artificial immune systems for intrusion detection

enter image description here
The design principles above show that you can represent an artificial immune system as autonomous agents. In the human body homeostasis must be maintained, and similarly in a network the equivalent of homeostasis must be maintained. Artificial immune systems in the context of network security can be used to detect an anomaly or intrusion (IDS) and then respond to the anomoly or intrusion (IRS). Just like with an immune system in the human body, when an intrusion is detected, then in real time the intrusion response system is activated, and from there an immune sequence takes place to neutralize the threat. In order to follow the architecture illustrated in Singh's paper, it would require a sensor network of secure autonomous agents, which are given the task of performing vulnerability analysis, intrusion detection, incident response and security management.

What are delay tolerant networking / disruption tolerant networks?

enter image description here
To provide clarity, depending on which circle you are in you may have heard DTNs referred to as either delay tolerant networks or disruption tolerant networks. Both of these different acronyms are equivalent in how they function, but disruption tolerant networking is favored by DARPA and connected groups.

Video example:

Disruption tolerant networking was developed for use in space and in military situations where connectivity might vary due to certain conditions, but where the delivery of the message is critical in spite of the fact that connectivity patterns vary. Ad-hoc mobile networks can benefit from a DTN, and these ad-hoc mobile networks can be incredibly resilient as they (the nodes) can be made up of drones, wearable computers, vehicles, all which may constantly be in motion, which have payloads which must wait until a peer is found which is capable of receiving it.

DTNs will be increasingly relevent in the Internet of Things era of computing because MANET (mobile ad-hock networks) and VANETs (vehicle ad-hock networks), will be among the “things” in the IoT.

What is Iota and why is it relevant?

Iota is a design for a micropayment platform. At this time it is unknown whether it will be a success, but from what is known about the project, it uses a DAG (directed acyclic graph) to allow for micropayments without a global blockchain. DAGs (directed acyclic graphs) are used to allow for the transmission of value over the Internet of Things. Iota uses a braid like structure but does not create a tree like structure and in doing this it doesn't require as much resources.

A graph can represent the nodes within an ad-hock network. The DAG can produce a casual graph which can function as an immutable history of the relationships between the nodes. In the case of transactions it may be possible to use a DAG to secure transactions by utilizing “cumulative weights” (Popov, 2015). It must be noted that Iota has not been tested and what is currently presented is theoretical rather than a practical empirical result.

What could we do with these technologies in combination?

Combining DTN, Iota and the artificial immune system approach to secrurity may produce some intriguing results. DTNs are incredibly resilient, useful for mobile networks within a city, and are useful for building ad-hock networks from which to utilize an IoT. Iota with it's experimental micropayments platform could allow for secure payments so that all mobile nodes in the ad-hock network can transmit value to pay a toll for information storage and transmission. The artificial immune system if developed properly could be used to prevent various connected components from being hacked, such as components in a vehicle or inter-connected gadgets. In the case where there is an anonmoly or an intrusion of any of the lesser components in the network, then greater components in the network could theoretically develop an immunity in realtime to contain the threat.

References

Cochran, T. O. (2015). Immunology Inspired Detection of Data Theft from Autonomous Network Activity.

Popov, S. (n.d.). The tangle. Retrieved November 24, 2015, from http://188.138.57.93/tangle.pdf

Singh, A. (2015). Incorporation of Human Resistant System and Network Security System to improve Computer Security.

If you like this article, check out of my other posts

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

@dana-edwards This isn't a rebuttal but it is a different perspective.

I read the IOTA whitepaper awhile back and had some talks via email with the members of the IOTA team. The concept is nice but there is no solution to doing double spends that doesn't fall down horribly once you follow it to it's logical conclusion. Basically you have to trust that you are getting valid information on the fly from your nearest neighbors because there is no "blockchain" to download and validate. Instead it's a graph. Also I'm not so sure it really qualifies as a directed acylical graph, seemed to me more like a 2 way response request graph. Like a giant distributed mempool.

This allows the system to be fault tolerant and easier to deploy because you don't need a copy of every transaction since the beginning of time. You can just ask your neighbors who ask their neighbors and eventually you get a more complete picture as to the history of that spend.

However it means you have to trust your nearest neighbor despite having no reason to. A malicious attacker could control the entire network with less than 10% of the total nodes. Their answer is to build it into enough devices that it becomes impractical to obtain that necessary 10%.

I wish them the best of luck, but I'm not bagholdin that one

DTNs are already an important part of the world. The internet itself is a DTN. The TCP/IP protocol was the worlds first wide scale implementation of a DTN. The theory being that if the soviets bombed our infrastructure into the stoneage our military would still be able to communicate and mount an appropriate response.

It does this by detecting damage and routing around it. Having been here on the internet for most of it's life, I always find it amusing when people try to reinvent it.

Old grey beard saying, "Those who fail to understand TCP/IP are doomed to re-implement it... poorly".

I do like this topic though. TCP/IP is one example , the old usenet "store and forward" method is another.

I am having a hard time relating your concept of an artificial immune system to the topics though. This seems to me to be just an natural advancement of current security hardening techniques. Or am I missing the point?

If your neighbors are household devices then what is the issue? For an IoT it could work because you don't really need a blockchain for your devices, machine to machine. Of course I could be wrong.

As far as DTN goes, the DTN is a more resilient way of doing things. TCP/IP does have some properties for that built into the protocol but we are talking about IoT and TCP/IP alone is not good enough for moving devices.

Artificial immune systems relate not only to this topic but also to Steemit. If you look at the bot issue then you might be able to solve it by creating an artificial immune system which functions to keep the entire ecosystem of bots in a sort of delicate balance. It relates to one of your own posts about bots.

And a bot is just at best an autonomous agent. So when we are talking about autonomous agents we could be talking about bots or drones. In the context of an intrusion detection system you can use an artificial immune system to provide a layer of security for an IoT, but I'll have to provide more details about how that is possible in a future post.

If you want to investigate on your own, consider looking into how an artificial immune system can benefit Steemit in an environment with swarms of bots, and consider the vulnerabilities an IoT network could have in the context of a smart home for example and how an artificial immune system could function to detect intrusions, or hostile changes.

Please promise me we aren't ushering in this...


What I think of when I hear "internet of things"!

I need sleep, been up all night on steemit again. Will re-read your stuff and comment again in the morning.

Loading...

this is what i need :) some knowledge in STEEMIT XD thanks @dana-edwards

wow cool
vote done @dana-edwards
@stellabelle nice

I really try to read but I didn't understand any thing

ha ha! Hilarious confession.

I'm just honest guy @stellabelle

Sorry, it's not geared toward the general audience but more for people deeply interested in information security and new technologies like Iota. It's also cutting edge because it cites academic literature which is not well known even among some information security experts.

now I understand what you say, thank you for explaining

I guess that explains the downvote.

This is really fascinating. I learned a lot from the first video. I appreciate your high-quality content very much. I'll need to spend several weeks digesting all your information. Great job.

I gotta read it again to fully understand it.

For a summary and review of some of dana-edwards' articles, see The best of @dana-edwards: Summary and Analysis of Swarm AI.

You mention the IoT as a carrier of information (value) in your post. You seem well versed in blockchain tech, do you see the IoT / Cloud / Fog / Mist taking up the blockchain in tangible user experiences anytime soon?

Are we going toward an era where our mirror will give us a push notification and integrate with the Steemit chain while we brush our hair?

I can't predict the future of IOT or of Steemit. I can say the future is currently looking very bright for both, as long as it's not over regulated.

  ·  8 years ago Reveal Comment