A Virus Detection System Based on Artificial Immune System

A virus detection system (VDS) based on artificial immune system (AIS) is proposed in this paper. VDS at first generates the detector set from virus files in the dataset, negative selection and clonal selection are applied to the detector set to eliminate autoimmunity detectors and increase the diversity of the detector set in the non-self space respectively. Two novel hybrid distances called hamming-max and shift r bit-continuous distance are proposed to calculate the affinity vectors of each file using the detector set. The affinity vectors of the training set and the testing set are used to train and test classifiers respectively. VDS compares the detection rates using three classifiers, k-nearest neighbor (KNN), RBF networks and SVM when the length of detectors is 32-bit and 64-bit. The experimental results show that the proposed VDS has a strong detection ability and good generalization performance.

[1]  Kevin P. Anchor,et al.  CDIS: Towards a Computer Immune System for Detecting Network Intrusions , 2001, Recent Advances in Intrusion Detection.

[2]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Ying Tan,et al.  An NN-Based Malicious Executables Detection Algorithm Based on Immune Principles , 2004, ISNN.

[4]  Alexander J. Smola,et al.  Support Vector Regression Machines , 1996, NIPS.

[5]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[6]  P. Marrack,et al.  T cell tolerance by clonal elimination in the thymus , 1987, Cell.

[7]  rey O. Kephart,et al.  Automatic Extraction of Computer Virus SignaturesJe , 2006 .

[8]  Paul Helman,et al.  An immunological approach to change detection: algorithms, analysis and implications , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[9]  Peter J. Bentley,et al.  An evaluation of negative selection in an artificial immune system for network intrusion detection , 2001 .

[10]  V. Vapnik Estimation of Dependences Based on Empirical Data , 2006 .

[11]  Peter J. Bentley,et al.  Negative selection and niching by an artificial immune system for network intrusion detection , 1999 .

[12]  Julie Greensmith,et al.  Immune system approaches to intrusion detection – a review , 2004, Natural Computing.

[13]  Jeffrey O. Kephart,et al.  A biologically inspired immune system for computers , 1994 .

[14]  Alan S. Perelson,et al.  A Change-Detection Algorithm Inspired by the Immune System , 1995 .