Our previously described framework for an artificial immune server protects servers on the Internet against cyber attacks. The prototype of this artificial immune server adaptively acquired immunity against cyber attacks that exploit server vulnerabilities. This study describes our implementation of mechanisms of protection against denial of service (DoS) attacks, and their incorporation into the prototype system. Performance tests showed that, once the prototype system learned a certain DoS attack, it was able to cause DoS due to false detections. To reduce these false detections, we examined detection performance using simulated machine learning techniques. Random forest and extra trees classifiers were able to determine almost the highest true negative rate, achieving compatibility between a higher true positive rate and a faster learning speed. These findings indicated that these classifiers are suitable for mission-critical servers where high availability, including a high true negative rate and fast learning speed, is required.
Tarao, M., & Okamoto, T. (2016). Toward an Artificial Immune Server against Cyber Attacks: Enhancement of Protection against DoS Attacks. In Procedia Computer Science (Vol. 96, pp. 1137–1146). Elsevier B.V. https://doi.org/10.1016/j.procs.2016.08.156