Anomaly Detection Using Self/Nonself
Discrimination for the Linux kernel
Author: Lars Olsson, University of Sussex
How should a system be designed in order to survive? If one looks at animals, which are experts at survival, they all seem to share some common design ideas. One of the most important ideas is that of homeostasis. Homeostasis is basically a way of maintaining stability, for example keeping a constant body temperature, through sensors and actuators coupled in feedback loops. One system existing in all mammals is the immune system that can distinguish between cells belonging to the animal (self) and cells not belonging to the animal (nonself). Once a foreign cell is found by the immune system, it is eliminated. The work presented in this paper investigates how ideas taken from biology can be used to create computer systems that can protect themselves with as little human help as possible. More specifically, we describe an extension to the Linux kernel that learns how to distinguish self from nonself.