Abstract
Along with the evolution of computer viruses, the number of file samples that need to be analyzed has constantly increased. An automatic and robust tool is needed to classify the file samples quickly and efficiently. Inspired by the human immune system, we developed a local concentration based virus detection method, which connects a certain number of two-element local concentration vectors as a feature vector. In contrast to the existing data mining techniques, the new method does not remember exact file content for virus detection, but uses a non-signature paradigm, such that it can detect some previously unknown viruses and overcome the techniques like obfuscation to bypass signatures. This model first extracts the viral tendency of each fragment and identifies a set of statical structural detectors, and then uses an information-theoretic preprocessing to remove redundancy in the detectors’ set to generate ‘self’ and ‘nonself’ detector libraries. Finally, ‘self’ and ‘nonself’ local concentrations are constructed by using the libraries, to form a vector with an array of two elements of local concentrations for detecting viruses efficiently. Several standard data mining classifiers, including K-nearest neighbor (KNN), radial basis function (RBF) neural networks, and support vector machine (SVM), are leveraged to classify the local concentration vector as the feature of a benign or malicious program and to verify the effectiveness and robustness of this approach. Experimental results show that the proposed approach not only has a much faster speed, but also gives around 98% of accuracy.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Chao, R., Tan, Y., 2009. A Virus Detection System Based on Artificial Immune System. Int. Conf. on Computational Intelligence and Security, 1:6–10. [doi:10.1109/ CIS.2009.106]
Chen, S., Cowan, C.F., Grant, P.M., 1991. Orthogonal least squares learning algorithm for radial basis function networks. IEEE Trans. Neur. Networks, 2(2):302–309. [doi:10.1109/72.80341]
Christodorescu, M., Jha, S., Kruegel, C., 2007. Mining Specifications of Malicious Behavior. Proc. 6th Joint Meeting of the European Software Engineering Conf. and the ACM SIGSOFT Symp. on the Foundations of Software Engineering, p.5–14. [doi:10.1145/1287624.1287628]
Egele, M., 2008. Behavior-Based Spyware Detection. VDM Verlag, Saarbrucken, Germany.
Henchiri, O., Japkowicz, N., 2006. A Feature Selection and Evaluation Scheme for Computer Virus Detection. Proc. 6th Int. Conf. on Data Mining, p.891–895. [doi:10.1109/ICDM.2006.4]
Hofmeyr, S.A., Forrest, S., Somayaji, A., 1998. Intrusion detection using sequences of system calls. J. Comput. Secur., 6:151–180.
Ilgun, K., Kemmerer, R.A., Porras, P.A., 1995. State transition analysis: a rule-based intrusion detection approach. IEEE Trans. Software Eng., 21(3):181–199. [doi:10.1109/32.372146]
Jacob, G., Debar, H., Filiol, E., 2008. Behavioral detection of malware: from a survey towards an established taxonomy. J. Comput. Virol., 4(3):251–266. [doi:10.1007/s11416-008-0086-0]
Kephart, J.O., 1994. A Biologically Inspired Immune System for Computers. Proc. 4th Int. Workshop on Synthesis and Simulatoin of Living Systems, p.130–139.
Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A., 2006. Behavior-Based Spyware Detection. Proc. 15th Conf. on USENIX Security Symp., p.1–16.
Kolter, J.Z., Maloof, M.A., 2006. Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res., 7:2721–2744.
Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J., 2001. Data Mining Methods for Detection of New Malicious Executables. Proc. IEEE Symp. on Security and Privacy, p.38–49. [doi:10.1109/SECPRI.2001.924286]
Tan, Y., Xiao, Z.M., 2007. Clonal Particle Swarm Optimization and Its Applications. IEEE Congress on Evolutionary Computation, p.2303–2309. [doi:10.1109/CEC. 2007.4424758]
Wang, J., Deng, P.S., Fan, Y., Jaw, L., Liu, Y., 2003. Virus Detection Using Data Mining Techinques. Proc. IEEE 37th Annual Int. Carnahan Conf. on Security Technology, p.71–76. [doi:10.1109/CCST.2003.1297538]
Wang, W., Zhang, P.T., Tan, Y., He, X.G., 2009. A Hierarchical Artificial Immune Model for Virus Detection. Int. Conf. on Computational Intelligence and Security, 1:1–5. [doi:10.1109/CIS.2009.57]
Wang, W., Zhang, P.T., Tan, Y., 2010. An immune concentration based virus detection approach using particle swarm optimization. LNCS, 6145:347–354. [doi:10.1007/978-3-642-13495-1_43]
Author information
Authors and Affiliations
Corresponding author
Additional information
Project supported by the National Natural Science Foundation of China (Nos. 60673020 and 60875080) and the National High-Tech R & D Program of China (No. 2007AA01Z453)
Introducing editorial board member: Professor Xin-gui He is an editorial board member of Journal of Zhejiang University-SCIENCE C (Computers & Electronics). He is a PhD supervisor of computer science at Peking University. He was the dean of School of Electronics Engineering and Computer Science from 2002 to 2006. Professor He received his bachelor degree from Peking University in 1960, and later as a graduate student majored in approximation theory in the same university. He has been a member of the Chinese Academy of Engineering since 2001. His main research interests include fuzzy logic, artificial neural network, evolutionary computation, and database theory.
Rights and permissions
About this article
Cite this article
Wang, W., Zhang, Pt., Tan, Y. et al. Animmune local concentration based virus detection approach. J. Zhejiang Univ. - Sci. C 12, 443–454 (2011). https://doi.org/10.1631/jzus.C1000445
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/jzus.C1000445