Abstract
Generic computer virus detection is the absolute need of the hour as most commercial antivirus products fail to detect unknown and new Windows PE viruses. Motivated by the success of immune-based techniques in intrusion detection systems, recent research in detecting computer viruses is directed towards devising efficient non-signature-based techniques. We observe that each Windows PE virus whether or not it is encrypted must have a relocation module to relocate its variables or constants in the infected programs. Due to its unique characteristic, the virus relocation module can be extracted as an antibody in the immune systems to detect the specific antigens. In this paper, we presented a novel Windows PE virus detection approach that draws inspiration from artificial immune system and the structure of the relocation module of the virus. The structure of Windows PE virus is sufficiently analyzed. The dynamic evolution of self and nonself, the presentation of the antigen, and the generation of the antibody are proposed. The experiment is conducted and its results indicate that this approach not only has relatively higher detection rate of unknown Windows PE virus than the earlier known methods, but also has better capability of self-adaptive and self-learning.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ford, R., Spafford, E.H.: Happy Birthday, Dear Viruses. Science 317, 210–211 (2007)
Balthrop, J., Forrest, S., Newman, M.E.J., et al.: Technological networks and the spread of computer viruses. Science 304, 527–529 (2004)
Xu, J.Y., Sung, A.H., Chavez, P.: Polymorphic malicious executable scanner by API sequence analysis. In: Fourth International Conference on Hybrid Intelligent Systems, pp. 378–383 (2004)
Reddy, D.K.S., Pujari, A.K.: N-gram analysis for computer virus detection. Journal in Computer Virology 2, 231–239 (2006)
Tesauro, G.J., Kephart, J.O., Sorkin, G.B.: Neural networks for computer virus recognition. IEEE Expert 11(4), 5–6 (1996)
Boyun, Z., Jianping, Y., Jingbo, G., Dingxing, Z.: Unknown Computer Virus Detection Based on Multi-naive Bayes Algorithm. Computer Engineering 32(10), 18–21 (2006)
Shuo, W., Ji-liu, Z., Bo, P.: Unknown virus detection based on API sequence and support vector machine. Journal of Computer Applications 27(8), 1942–1943 (2007)
Boyun, Z., Jianping, Y., Dingxing, Z., Jingbo, H.: Unknown Computer Virus Detection Based on K-Nearest Neighbor Algorithm. Computer Engineering and Applications 41(6), 7–10 (2005)
Yueling, C., Xiaozhu, J.: Computer Viruses Detection Method Based on Program Behavior. Journal of Qingdao University (Natural Science Edition) 19(2), 61–65 (2006)
Schultz, M.G., Eskin, E., Zadok, E.: Data Mining Methods for Detection of New Malicious Executables. In: IEEE Symposium on Security and Privacy (2001)
Guojpeng/CVC.GB.: The analysis of Win32 PE viruses (2003), http://www.hynubbs.cn/netstar/news_view.asp?id=61
Forrest, S., Perelson, A.S.: Self-nonself discrimination in a computer. In: IEEE Symposium on Security and Privacy, pp. 202–213 (1994)
VX Heavens, http://vx.netlux.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, Y., Li, T., Sun, J., Qin, R. (2008). A Novel Immune Based Approach for Detection of Windows PE Virus. In: Tang, C., Ling, C.X., Zhou, X., Cercone, N.J., Li, X. (eds) Advanced Data Mining and Applications. ADMA 2008. Lecture Notes in Computer Science(), vol 5139. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88192-6_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-88192-6_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88191-9
Online ISBN: 978-3-540-88192-6
eBook Packages: Computer ScienceComputer Science (R0)