Enhancing Malware Detection using Innate Immunization

IT Convergence and Security 2012, 2013

Artificial immune system (AIS) is a computational system inspired by the principles and processes of the Biological immune system which has the capabilities to learn, adapt, self tolerance and memories actions, which make it a good example that we can take for solving some major problems in many fields, including the problem of malware detection in the field of computer security. The main idea is to detect any type of files that trying to harm the computer system by infecting some executable software when these files running, spread it to other files or computers. In this paper, we proposed a framework to detect malware using the innate immune system combined with danger theory to eliminate tow major drawbacks of current malware detection methods; detection accuracy and high false positive alarms.

Proceedings of the International Conference on IT …, 2012

Using artificial immune system techniques for malware detection has two major benefits. First, increasing the ability to come over some of the traditional detector's drawbacks, like dealing with the new and polymorphic malware and the increased number of false alarms caused by wrong decision. Second take advantages of the capabilities to learn, adapt, self-tolerance and memories actions, which make it a good example that we can take for solving some major problems in many fields, including the problem of malware detection in computer security which suffering from the rapid increasing in the malware and the problem of false positive alarms. In this paper, we try to highlight the recent techniques applied in malware detection using the artificial immune system from two points of view: self-nonself theory, danger theory.

2008 Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, 2008

Malicious code is a threat to computer systems globally. In this paper, we outline the evolution of malicious code attacks. The threat is evolving, leaving challenges for attackers to improve attack techniques and for researchers and security specialists to improve detection accuracy. We present a novel architecture for an effective defense against malicious code attack, inspired by the human immune system. We introduce two phases of program execution: Adolescent and Mature Phase. The first phase uses a malware profile matching mechanism, whereas the second phase uses a program profile matching mechanism. Both mechanisms are analogous to the innate immune system.

International Journal of Computing, 2014

This paper presents an approach for solving unknown computer viruses detection problem based on the Artificial Immune System (AIS) method, where immune detectors represented neural networks. The AIS is the biologically-inspired technique which have powerful information processing capabilities that makes it attractive for applying in computer security systems. Computer security systems based on AIS principles allow detect unknown malicious code. In this work we are describing model build on the AIS approach in which detectors represent the Learning Vector Quantization (LVQ) neural networks. Basic principles of the biological immune system (BIS) and comparative analysis of unknown computer viruses detection for different antivirus software and our model are presented.

IJCSIS, 2012

Most signature−based antivirus products are effective to detect known malwares but not unknown malwares or malwares' variants, which make them often lag behind malwares. Also most antivirus approaches are complex for two reasons. First, lots of malicious and benign codes as training dataset are difficult to collect. Second, they would consume lots of times when training classifiers. Immunity PE Malware Detection System (IPEMDS) was designed to give computer systems PE homeostatic capabilities analogous to those of the human immune system. Because the constraints of living and computational systems are very different, however, we cannot create a useful computer security mechanism by merely imitating biology. IPEMDS approach has been first to choose a set of requirements similar to those of the immune system. It then created abstractions that captured some of the important characteristics of biological homeostatic systems and then used these abstractions to guide the design of two levels of defense called them IPEMDS. The goal of IPEMDS are to obtain high detection rate and a very low false positive. IPEMDS enter in a challenge to a chief this goal from depending only on a finite numbers of benign files to classify between a new benign and malware executable files, and both of them unseen before by IPEMDS.

In this paper we present the basic principles of the evolution of detectors in intelligent malware detection system. This system based on integration of both AI methods: artificial neural networks and artificial immune systems. The goal of the evolution is adaptation of detectors to new, unknown malicious code for increasing of quality of detection.

This paper presents a structure, learning rule and functioning of immune detectors based on artificial neural network. Neuronet immune detectors are key elements of neuronet artificial immune system for malware detection. Combinations of artificial immune system method and artificial neural network methot make it possible to construct security system of next generation.

IJCSNS, 2010

2009

Abstract A virus detection system (VDS) based on artificial immune system (AIS) is proposed in this paper. VDS at first generates the detector set from virus files in the dataset, negative selection and clonal selection are applied to the detector set to eliminate autoimmunity detectors and increase the diversity of the detector set in the non-self space respectively. Two novel hybrid distances called hamming-max and shift r bit-continuous distance are proposed to calculate the affinity vectors of each file using the detector set.

Computing Research Repository, 2010

The analysis of system calls is one method employed by anomaly detection systems to recognise malicious code execution. Similarities can be drawn between this process and the behaviour of certain cells belonging to the human immune system, and can be applied to construct an artificial immune system. A recently developed hypothesis in immunology, the Danger Theory, states that our immune