skip to main content
10.1145/1143997.1144016acmconferencesArticle/Chapter ViewAbstractPublication PagesgeccoConference Proceedingsconference-collections
Article

A retrovirus inspired algorithm for virus detection & optimization

Published: 08 July 2006 Publication History

Abstract

In the search for a robust and efficient algorithm to be used for computer virus detection, we have developed an artificial immune system genetic algorithm (REALGO) based on the human immune system's use of reverse transcription ribonucleic acid (RNA). The REALGO algorithm provides memory such that during a complex search the algorithm can revert back to and attempt to mutate in a different "direction" in order to escape local minima. In lieu of non-existing virus generic templates, validation is addressed by using an appropriate variety of function optimizations with landscapes believed to be similar to that of virus detection. It is empirically shown that the REALGO algorithm finds "better" solutions than other evolutionary strategies in four out of eight test functions and finds equally "good" solutions in the remaining four optimization problems.

References

[1]
T. Bäck, Evolutionary Algorithms in Theory and Practice. Oxford University Press. New York 1996.
[2]
Cert Coordination Center Website www.cert.org as of 16 Aug 2005.
[3]
D. Dasgupta, An Immunity-Based Technique to Characterize Intrusions in Computer Networks, IEEE Transactions on Evolutionary Computation, Vol 6, No. 3, June 2002.
[4]
D. Dasgupta, Artificial Immune Systems and Their Applications. Springer. New York, 1999.
[5]
L. de Castro and J. Timmis. Artificial Immune Systems: A New Computational Intelligence Approach, Springer-Verlag. 2002
[6]
L. Eshelman, Genetic Algorithms. Evolutionary Computation 1: Basic Algorithms and Operators. Bäck, Fogel, & Michalewicz (eds.) Bristol, Institute of Physics, 2000
[7]
S. Forrest and S. Hofmeyr, Immunology as Information Processing. Design Principles for Immune System & Other Distributed Autonomous Systems. Segel and Cohen, eds. Oxford University Press, 2000. pp 361--387.
[8]
S. M. Garrett, How Do We Evaluate Artificial Immune Systems?, Evolutionary Computation, 13(2), pp 145--178, 2005.
[9]
S. Gordon and R. Ford. Real world anti-virus product reviews and evaluations - the current state of affairs. In Proceedings of the 19th National Information Systems Security Conference (NISSC'96), pages 526--538, Baltimore, MD, USA, Oct. 1996. National Institute of Standards and Technology (NIST).
[10]
P. K. Hammer, and G. B. Lamont, An Agent based Architecture for a Computer Virus Immune Systems, Proceedings of Artificial Immune System Workshop, Proceedings of 2000 Genetic and Evolutionary Computation Conference.
[11]
P. K. Harmer, P. D. Williams, C. H. Gunsch, G. B. Lamont, An Artificial Immune System Architecture for Computer Security Applications, IEEE Transactions on Evolutionary Computation, 6(3):252--280, 2002.
[12]
S. Hofmeyer and S. Forrest, Architecture for an Artificial Immune System,. Evolutionary Computation, Vol 8, No. 4, pp 443--473, 2000.
[13]
S. Hofmeyer, An Immunological Model of Distributed Detection and Its Application to Computer Security. PhD Dissertation. University of New Mexico. 1999.
[14]
S. B. Kleiboeker, Applications of Competitor RNA in Diagnostic Reverse Transcription-PCR, Journal of Clinical Microbiology, May 2003, p. 2055--2061, Vol. 41, No. 5.
[15]
R. Kohavi, A study of cross-validation and bootstrap for accuracy estimation and model selection, IJCAI, 1995.
[16]
G. B. Lamont, R. Marmelstein, D. Van Veldhuizen, A Distributed Architecture for a Self-Adaptive Computer Virus Immune System, in New Ideas in Optimization, eds. Corne, Dorigo, and Glover, McGraw Hill, 1999.
[17]
Lecture notes from School of Molecular and Microbial Sciences. University of Sydney, Australia. www.biochem.usyd.edu.au/MBLG2001/BMedSci/lecture%2013_Transcription.ppt as of 30 Aug 2005.
[18]
T. Okamoto and Y. Ishida, A Distributed Approach to Computer Virus Detection and Neutralization by Autonomous and Heterogeneous Agents, Proceedings of the ISADS 1999 pp. 328--331.
[19]
J. Percus, O. Percus, A. Perelson, Predicting the Size of the T-Cell Receptor and Antibody Combining Region from Consideration of Efficient Self-Nonself Discrimination, Proceedings of the National Academy of Sciences of the United States of America, Vol. 90, No. 5 (Mar. 1, 1993), pp. 1691--1695.
[20]
M. Schultz, E. Eskin, E. Zadok, S. Stolfo. Data mining Methods for Detection of New Malicious Executables. Proceedings on the IEEE Symposium on Security and Privacy, 2001.
[21]
J. Shapiro, G. B. Lamont, and G. L. Peterson, An Evolutionary Algorithm to Generate Hyper-Ellipsoid Detectors for Negative Selection, Proceedings of 2005 Genetic and Evolutionary Computation Conference.
[22]
P. Szor. The Art of Computer Virus Research and Defense. Addison-Wesley. New Jersey 2005.
[23]
A. J. Timmis, T. Knight, L. N. De Castro, and E. Hart, An overview of artificial immune systems in R. Paton, H. Bolouri, M. Holcombe, J. H. Parish, and R. Tateson, editors, "Computation in Cells and Tissues: Perspectives and Tools for Thought", Natural Computation Series, pages 51--86. Springer, November 2004.
[24]
P. D. Williams, K. Anchor, J. Bebo, G. Gunsch, G. Lamont, Warthog: Towards a Computer Immune System for Detecting "Low and Slow" Information System Attacks, Recent Advances in Intrusion Detection, RAID, 2001.
[25]
X. Yao and Y. Liu, Fast Evolution Strategies, Control & Cybernetics., vol. 26, no. 3, pp. 467--496, 1997.

Cited By

View all
  • (2020)A self-adaptive virus optimization algorithm for continuous optimization problemsSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-020-04730-024:17(13147-13166)Online publication date: 1-Sep-2020
  • (2019)Nowhere Metamorphic Malware Can Hide - A Biological Evolution Inspired Detection SchemeDependability in Sensor, Cloud, and Big Data Systems and Applications10.1007/978-981-15-1304-6_29(369-382)Online publication date: 5-Nov-2019
  • (2017)Evolutionary computation in network management and securityProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3067695.3067726(1094-1112)Online publication date: 15-Jul-2017
  • Show More Cited By

Recommendations

Reviews

Cheer-Sun Yang

Virus attacks are a fatal threat to all computing systems. Currently, most virus detection methods are based on searching for a virus signature in a suspicious file, to determine if the file contains a specific virus. However, if the signature is mutated, the virus cannot be detected without additional work. This paper focuses on the additional work required. This research is known as clone selection with functional optimization, and is in the area of artificial intelligence (AI). Since every virus signature must be stored and compared to every computer input file, this process of machine learning is time critical. The actual contribution of this paper is in the improvement of a classical approach with a backtracking known as reverse transcription, with the goal of improving the performance to search for a mature clone. For beginners in this area, this paper is not a good start, for three main reasons. First, since the authors’ work strongly depends on the work of others, they refer readers to other papers, without discussing them. Second, the convergence of the authors’ method is not discussed. Last, the concept of “searching with backtracking” is only tested with benchmarks for proving function optimizations; the effectiveness of detecting new viruses is not tested. However, that seems to be the status quo on anti-virus systems research. In summary, this work is a small step toward an ultimate goal of creating an immune system against computer viruses. It is an advanced reference on applied research into anti-virus methods. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
GECCO '06: Proceedings of the 8th annual conference on Genetic and evolutionary computation
July 2006
2004 pages
ISBN:1595931864
DOI:10.1145/1143997
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 July 2006

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. RNA
  2. computer virus
  3. detection
  4. function optimization
  5. genetic algorithms
  6. memetic
  7. security

Qualifiers

  • Article

Conference

GECCO06
Sponsor:
GECCO06: Genetic and Evolutionary Computation Conference
July 8 - 12, 2006
Washington, Seattle, USA

Acceptance Rates

GECCO '06 Paper Acceptance Rate 205 of 446 submissions, 46%;
Overall Acceptance Rate 1,669 of 4,410 submissions, 38%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2020)A self-adaptive virus optimization algorithm for continuous optimization problemsSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-020-04730-024:17(13147-13166)Online publication date: 1-Sep-2020
  • (2019)Nowhere Metamorphic Malware Can Hide - A Biological Evolution Inspired Detection SchemeDependability in Sensor, Cloud, and Big Data Systems and Applications10.1007/978-981-15-1304-6_29(369-382)Online publication date: 5-Nov-2019
  • (2017)Evolutionary computation in network management and securityProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3067695.3067726(1094-1112)Online publication date: 15-Jul-2017
  • (2017)Can genetic algorithms help virus writers reshape their creations and avoid detection?Journal of Experimental & Theoretical Artificial Intelligence10.1080/0952813X.2017.135407829:6(1297-1310)Online publication date: 19-Jul-2017
  • (2017)Combining the big data analysis and the threat intelligence technologies for the classified protection modelCluster Computing10.1007/s10586-017-0813-820:2(1035-1046)Online publication date: 1-Jun-2017
  • (2017)Feature Creation Using Genetic Algorithms for Zero False Positive Malware ClassificationEVOLVE - A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation VI10.1007/978-3-319-69710-9_6(82-93)Online publication date: 11-Nov-2017
  • (2016)Malware DetectionArtificial Immune System Applications in Computersecurity10.1002/9781119076582.ch2(26-45)Online publication date: Jul-2016
  • (2015)Feature Extraction Using Genetic Programming with Applications in Malware DetectionProceedings of the 2015 17th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)10.1109/SYNASC.2015.43(224-231)Online publication date: 21-Sep-2015
  • (2013)Virus detection using clonal selection algorithm with Genetic Algorithm (VDC algorithm)Applied Soft Computing10.1016/j.asoc.2012.08.03413:1(239-246)Online publication date: 1-Jan-2013
  • (2012)A brief taxonomy of intrusion detection strategies2012 IEEE National Aerospace and Electronics Conference (NAECON)10.1109/NAECON.2012.6531064(255-263)Online publication date: Jul-2012
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media