Abstract
More and more unknown malware that hide itself in the operating system kernel make the traditional antivirus difficult to detect. Inspired by the biological immune system, we proposed a novel immunity-inspired model for malware detection—IMD. The IMD model extracts the I/O Request Packets (IRPs) sequence produced by the process running in kernel mode as antigen, defines the normal benign programs as self programs, and defines the malwares as nonself programs. By the process behavior monitoring and the family gene analysis, the model can monitor the evolution of malware. The model generates the immature antibodies by vaccination, produces mature antibodies by clonal selection and gene evolution, and then learns and evolutionary identifies the unknown malware by the mature antibodies. Experiments show that the proposed model for unknown malware detection has high detection rate, low false-positive rate, and low omission rate.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
William, A.W., Anita, K.J.: Reflections on Cybersecurity. Science 13(26), 943–944 (2009)
Richard, F., Eugene, H.S.: Happy birthday, dear viruses. Science 13(317), 210–211 (2007)
Chang, F.R.: Is Your Computer Secure? Science 31(325), 550–551 (2009)
Li, T.: Computer Immunology. Publishing House of Electronics Industry, Beijing (2004)
Forrest, S., Perelson, A.S., Allen, L., et al.: Self-Nonself Discrimination in a Computer. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, USA (1994)
Kephart, J.O.: A Biologically Inspired Immune System for Computers. In: Proceedings on the 4th International Workshop on the Systhesis and Simulation of Living Systems and Artificial Life, pp. 130–139. MIT Press, Cambridge (1994)
Harmer, P.K., Paul, D.W., Gregg, H.G., et al.: An artificial immune system architecture for computer security applications. IEEE Transactions on Evolutionary Computation 6, 252–280 (2002)
Li, T.: Dynamic Detection for Computer Virus based on Immune System. Science In China Series F: Information Science 51, 1475–1486 (2008)
IRP (2010), http://en.wikipedia.org/wiki/I/O_request_packet
The WildList Organization International (2010), http://www.wildlist.org
VX Heavens (2010), http://vx.netlux.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, Y., Wu, L., Xia, F., Liu, X. (2010). Immunity-Based Model for Malicious Code Detection. In: Huang, DS., Zhao, Z., Bevilacqua, V., Figueroa, J.C. (eds) Advanced Intelligent Computing Theories and Applications. ICIC 2010. Lecture Notes in Computer Science, vol 6215. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14922-1_49
Download citation
DOI: https://doi.org/10.1007/978-3-642-14922-1_49
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14921-4
Online ISBN: 978-3-642-14922-1
eBook Packages: Computer ScienceComputer Science (R0)