×

Dynamic detection for computer virus based on immune system. (English) Zbl 1210.94091

Summary: Inspired by biological immune system, a new dynamic detection model for computer virus based on immune system is proposed. The quantitative description of the model is given. The problem of dynamic description for self and nonself in a computer virus immune system is solved, which reduces the size of self set. The new concept of dynamic tolerance, as well as the new mechanisms of gene evolution and gene coding for immature detectors is presented, improving the generating efficiency of mature detectors, reducing the false-negative and false-positive rates. Therefore, the difficult problem, in which the detector training cost is exponentially related to the size of self-set in a traditional computer immune system, is thus overcome. The theory analysis and experimental results show that the proposed model has better time efficiency and detecting ability than the classic model ARTIS.

MSC:

94A60 Cryptography
68P25 Data encryption (aspects in computer science)
92B20 Neural networks for/in biological studies, artificial life and related topics
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Forrest S, Perelson A S, Allen L, et al. Self-nonself discrimination in a computer. In: Proceeding of the IEEE Symposium on Research in Security and Privacy. Oakland: IEEE, 1994. 202-212
[2] Li T. Dynamic detection for computer virus based on immune system. Sci China Ser F-Inf Sci, 2008, 51: 1475-1486 · Zbl 1210.94091
[3] Stibor T, Timmis J, Eckert C. On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system. In: Proceedings of IEEE Evolutionary Computation. Edinburgh: IEEE Computer Society Press, 2005. 995-1002
[4] Kim J, Peter J B. An evaluation of negative selection in an artificial immune system for network intrusion detection. In: Proceeding of GECCO. San Francisco: Morgan Kaufmann, 2001. 199-213
[5] Li T. Computer Immunology (in Chinese). Beijing: Publishing House of Electronics Industry, 2004. 55-56
[6] Gonzalez F, Dasgupta D, Nino L F. A randomized real-valued negative selection algorithm. In: Proceeding of ICARIS. Edinburgh, 2003. 261-272
[7] Gonzalez F, Dasgupta D. Anomaly detection using real-valued negative selection. Genet Progr Evolv Mach, 2003, 4: 383-403
[8] Zhou J, Dasgupta D. Real-valued negative selection algorithm with variable-sized detectors. In: Proceedings of GECCO. Seattle: Springer, 2004. 287-298
[9] Zhou J, Dasgupta D. V-detector: an efficient negative selection algorithm with probably adequate detector coverage. Inform Sciences, 2009, 19: 1390-1406
[10] Edgar C, Gonzalo N. Measuring the Dimensionality of General Metric Spaces. Technical Report TR/DCC-00-1. 2000 · Zbl 1042.68038
[11] Skala M. Measuring the difficulty of distance-based indexing. LNCS, 2005, 3772: 103-114
[12] Perelson A S, Weisbuch G. Immunology for physicists. Rev Mod Phys, 1997, 69: 1219-1267
[13] Han B R, Herrin B R, Cooper M D. Antigen recognition by variable lymphocyte receptors. Science, 2008, 321: 1834-1837
[14] Mullighan C G, Philips L A, Su X P. Genomic analysis of the colonel origins of relapsed acute lymphoblastic leukemia. Science, 2008, 322: 1377-1380
[15] Huang Y D, Di C N, Zhu S X. The Matrix Theory and Application (in Chinese). Hefei: Press of University of Science and Technology of China, 1995. 27-28
[16] Stibor T, Philipp M, Jonathan T. Is negative selection appropriate for anomaly detection? In: Proceeding of ACM GECCO. Edinburgh: IEEE Computer Society Press, 2005. 569-576
[17] Timmis J, Hone A, Stibor T, et al. Theoretical advances in artificial immune systems. Theor Comput Sci, 2008, 403: 11-32 · Zbl 1155.68087
[18] Li T. An immunity based network security risk estimation. Sci China Ser F-Inf Sci, 2005, 48: 557-578 · Zbl 1161.68356
[19] Sun C Y,
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.