This book deals with malware detection in terms of Artificial Immune System (AIS), and presents a number of AIS models and immune-based feature extraction approaches as well as their applications in computer security
* Covers all of the current achievements in computer security based on immune principles, which were obtained by the Computational Intelligence Laboratory of Peking University, China
* Includes state-of-the-art information on designing and developing artificial immune systems (AIS) and AIS-based solutions to computer security issues
* Presents new concepts such as immune danger theory, immune concentration, and class-wise information gain (CIG)
Autorentext
Ying Tan, PhD, is a Professor of Peking University, China. Dr. Tan is also the director of CIL@PKU. He serves as the editor-in-chief of International Journal of Computational Intelligence and Pattern Recognition, associate editor of IEEE Transactions on Cybernetics, IEEE Transactions on Neural Networks and Learning Systems, and International Journal of Swarm Intelligence Research, and also as an Editor of Springer's Lecture Notes on Computer Science (LNCS). He is the founder and chair of the ICSI International Conference series. Dr. Tan is a senior member of the IEEE, ACM, and CIE. He has published over two-hundred papers in refereed journals and conferences in areas such as computational intelligence, swarm intelligence, data mining, and pattern recognition for information security.
Klappentext
This book provides state-of-the-art information on the use, design, and development of the Artificial Immune System (AIS) and AIS-based solutions to computer security issues.
Artificial Immune System: Applications in Computer Security focuses on the technologies and applications of AIS in malware detection proposed in recent years by the Computational Intelligence Laboratory of Peking University (CIL@PKU). It offers a theoretical perspective as well as practical solutions for readers interested in AIS, machine learning, pattern recognition and computer security.
The book begins by introducing the basic concepts, typical algorithms, important features, and some applications of AIS. The second chapter introduces malware and its detection methods, especially for immune-based malware detection approaches. Successive chapters present a variety of advanced detection approaches for malware, including Virus Detection System, K-Nearest Neighbour (KNN), RBF networks, and Support Vector Machines (SVM), Danger theory, Negative Selection Algorithms (NSA), Immune concentration, and immune cooperative mechanism based learning (ICL) framework. The book concludes by presenting a new statistic named Class-Wise Information Gain (CIG), which can select features with the highest information content for a specific class in a problem, as well as efficiently detect malware loaders and infected executables in the wild.
Important features of this book:
- Presents established and developed immune models for malware detection
- Includes state-of-the-art malware detection techniques
- Covers all of the current achievements in computer security based on immune principles, which were obtained by CIL@PKU, China
This book is designed for a professional audience who wish to learn about state-of-the-art AIS and AIS-based malware detection approaches.
Inhalt
Preface xiii
About Author xxi
Acknowledgements xxiii
1 Artificial Immune System 1
1.1 Introduction 1
1.2 Biological Immune System 2
1.2.1 Overview 2
1.2.2 Adaptive Immune Process 3
1.3 Characteristics of BIS 4
1.4 Artificial Immune System 6
1.5 AIS Models and Algorithms 8
1.5.1 Negative Selection Algorithm 8
1.5.2 Clonal Selection Algorithm 9
1.5.3 Immune Network Model 11
1.5.4 Danger Theory 12
1.5.5 Immune Concentration 13
1.5.6 Other Methods 14
1.6 Characteristics of AIS 15
1.7 Applications of Artificial Immune System 16
1.7.1 Virus Detection 16
1.7.2 Spam Filtering 16
1.7.3 Robots 20
1.7.4 Control Engineering 21
1.7.5 Fault Diagnosis 22
1.7.6 Optimized Design 22
1.7.7 Data Analysis 22
1.8 Summary 22
2 Malware Detection 27
2.1 Introduction 27
2.2 Malware 28
2.2.1 Definition and Features 28
2.2.2 The Development Phases of Malware 29
2.3 Classic Malware Detection Approaches 30
2.3.1 Static Techniques 31
2.3.2 Dynamic Techniques 31
2.3.3 Heuristics 32
2.4 Immune Based Malware Detection Approaches 34
2.4.1 An Overview of Artificial Immune System 34
2.4.2 An Overview of Artificial Immune System for Malware Detection 35
2.4.3 An Immune Based Virus Detection System Using Affinity Vectors 36
2.4.4 A Hierarchical Artificial Immune Model for Virus Detection 38
2.4.5 A Malware Detection Model Based on a Negative Selection Algorithm with Penalty Factor 2.5 Summary 43
3 Immune Principle and Neural Networks Based Malware Detection 47
3.1 Introduction 47
3.2 Immune System for Malicious Executable Detection 48
3.2.1 Non-self Detection Principles 48
3.2.2 Anomaly Detection Based on Thickness 48
3.2.3 Relationship Between Diversity of Detector Representation and Anomaly Detection Hole 48
3.3 Experimental Dataset 48
3.4 Malware Detection Algorithm 49
3.4.1 Definition of Data Structures 49
3.4.2 Detection Principle and Algorithm 49
3.4.3 Generation of Detector Set 50
3.4.4 Extraction of Anomaly Characteristics 50
3.4.5 Classifier 52
3.5 Experiment 52
3.5.1 Experimental Procedure 53
3.5.2 Experimental Results 53
3.5.3 Comparison With Matthew G. Schultz's Method 55
3.6 Summary 57
4 Multiple-Point Bit Mutation Method of Detector Generation 59
4.1 Introduction 59
4.2 Current Detector Generating Algorithms 60
4.3 Growth Algorithms 60
4.4 Multiple Point Bit Mutation Method 62
4.5 Experiments 62
4.5.1 Experiments on Random Dataset...