Integrated Negative Selection Algorithm and Positive Selection Algorithm for malware detection

Run-time malware detection strategies are efficient and robust, which get more and more attention. In this paper, we use I/O Request Package (IRP) sequences for malware detection. N-gram will be used to analyze IRP sequences for feature extraction. Integrated Negative Selection Algorithm (NSA) and Positive Selection Algorithm (PSA), through a selection of n-gram sequences which only exist in malware IRP sequences, we have more than 96% true positive rate and 0% false positive rate.

[1]  Zhou Li,et al.  Immunity based virus detection with process call arguments and user feedback , 2007, 2007 2nd Bio-Inspired Models of Network, Information and Computing Systems.

[2]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  M Damashek,et al.  Gauging Similarity with n-Grams: Language-Independent Categorization of Text , 1995, Science.

[4]  Salvatore J. Stolfo,et al.  Modeling system calls for intrusion detection with dynamic window sizes , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[5]  Muhammad Zubair Shafiq,et al.  A Sense of 'Danger' for Windows Processes , 2009, ICARIS.

[6]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[7]  FuYong Zhang,et al.  MBMAS: A System for Malware Behavior Monitor and Analysis , 2009, 2009 International Symposium on Computer Network and Multimedia Technology.

[8]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[9]  Md. Rafiqul Islam,et al.  Hybrids of support vector machine wrapper and filter based framework for malware detection , 2016, Future Gener. Comput. Syst..

[10]  Stephanie Forrest,et al.  The Evolution of System-Call Monitoring , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[11]  Kwee-Bo Sim,et al.  Modeling of Positive Selection for the Development of a Computer Immune System and a Self-Recognition Algorithm , 2003 .

[12]  Fabio A. González,et al.  Anomaly Detection Using Real-Valued Negative Selection , 2003, Genetic Programming and Evolvable Machines.

[13]  Fabio A. González,et al.  A Randomized Real-Valued Negative Selection Algorithm , 2003, ICARIS.