Artificial Immune Clonal Selection Classification Algorithms for Classifying Malware and Benign Processes Using API Call Sequences

Machine learning is an important field of artificial intelligence in which models are generated by extracting rules and functions from large datasets. Machine learning includes a diversity of methods and algorithms such as decision trees, lazy learning, knearest neighbors, Bayesian methods, Gaussian processes, artificial neural networks, support vector machines, kernel algorithms, and artificial immune systems (AIS). AIS are computation tools that emulate processes and mechanisms of the biological immune system. AIS use the learning, memory, and optimization capabilities of the immune system to develop computational algorithms for function optimization, pattern recognition, novelty detection, and process control, and classification. There are four main sub fields of research that have emerged in AIS cantered on prominent immunological theories; negative selection algorithms, immune network algorithms, danger theory algorithms, and clonal selection algorithms. In this paper, we will analyze API call sequence of a process to classify it as benign or malicious. We have collected API call traces of real malware and benign processes running on Windows operating system. We will employ eight commonly used clonal selection algorithms: AIRS1, AIRS2, AIRS2 Parallel, CLONALG, CSCA, IMMUNOS-1, IMMUNOS -81, and IMMUNOS -99. We evaluate the accuracy of these algorithms for classifying between malware and benign processes using API call sequences.

[1]  Jonathan Timmis,et al.  Exploiting Parallelism Inherent in AIRS, an Artificial Immune Classifier , 2004, ICARIS.

[2]  Xian-Lun Tang,et al.  A novel intrusion detection method based on clonal selection clustering algorithm , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[3]  Jason Brownlee,et al.  Clonal selection theory and Clonalg: the clonal selection classification algorithm (CSCA) , 2005 .

[4]  Banu Diri,et al.  Investigating the effect of dataset size, metrics sets, and feature selection techniques on software fault prediction problem , 2009, Inf. Sci..

[5]  Somesh Jha,et al.  Testing malware detectors , 2004, ISSTA '04.

[6]  M Damashek,et al.  Gauging Similarity with n-Grams: Language-Independent Categorization of Text , 1995, Science.

[7]  Marc Roper,et al.  Hybridizing Evolutionary Testing with Artificial Immune Systems and Local Search , 2008, 2008 IEEE International Conference on Software Testing Verification and Validation Workshop.

[8]  Muhammad Zubair Shafiq,et al.  A Sense of 'Danger' for Windows Processes , 2009, ICARIS.

[9]  Chao-Zhen Hou,et al.  A clonal selection algorithm by using learning operator , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[10]  David Nemazee,et al.  Antigen receptor selection by editing or downregulation of V(D)J recombination. , 2003, Current opinion in immunology.

[11]  Jonathan Timmis,et al.  Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[12]  Jonathan Timmis,et al.  Artificial Immune Recognition System (AIRS): An Immune-Inspired Supervised Learning Algorithm , 2004, Genetic Programming and Evolvable Machines.

[13]  Leandro Nunes de Castro,et al.  The Clonal Selection Algorithm with Engineering Applications 1 , 2000 .

[14]  A. B. Watkins,et al.  A resource limited artificial immune classifier , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[15]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[16]  Fernando José Von Zuben,et al.  Learning and optimization using the clonal selection principle , 2002, IEEE Trans. Evol. Comput..

[17]  Jiao Licheng,et al.  Immunity clonal strategies , 2003, Proceedings Fifth International Conference on Computational Intelligence and Multimedia Applications. ICCIMA 2003.

[18]  Petr Musílek,et al.  Immune programming , 2006, Inf. Sci..

[19]  W. Lei The Immune Programming , 2000 .

[20]  Jason Brownlee,et al.  Immunos-81 : the misunderstood artificial immune system , 2005 .

[21]  Marcus A. Maloof,et al.  Learning to detect malicious executables in the wild , 2004, KDD.

[22]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).