Details

Artificial Immune System


Artificial Immune System

Applications in Computer Security
1. Aufl.

von: Ying Tan

92,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 30.06.2016
ISBN/EAN: 9781119076520
Sprache: englisch
Anzahl Seiten: 208

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

This book deals with malware detection in terms of Artificial Immune System (AIS), and presents a number of AIS models and immune-based feature extraction approaches as well as their applications in computer security<br /> <ul> <li>Covers all of the current achievements in computer security based on immune principles, which were obtained by the Computational Intelligence Laboratory of Peking University, China</li> <li>Includes state-of-the-art information on designing and developing artificial immune systems (AIS) and AIS-based solutions to computer security issues</li> <li>Presents new concepts such as immune danger theory, immune concentration,  and class-wise information gain (CIG) </li> </ul>
<p><b>Preface </b><i>xiii</i></p> <p><b>About Author </b><i>xxi</i></p> <p><b>Acknowledgements </b><i>xxiii</i></p> <p><b>1 Artificial Immune System </b><i>1</i></p> <p>1.1 Introduction <i>1</i></p> <p>1.2 Biological Immune System <i>2</i></p> <p>1.2.1 Overview <i>2</i></p> <p>1.2.2 Adaptive Immune Process <i>3</i></p> <p>1.3 Characteristics of BIS <i>4</i></p> <p>1.4 Artificial Immune System <i>6</i></p> <p>1.5 AIS Models and Algorithms <i>8</i></p> <p>1.5.1 Negative Selection Algorithm <i>8</i></p> <p>1.5.2 Clonal Selection Algorithm <i>9</i></p> <p>1.5.3 Immune Network Model <i>11</i></p> <p>1.5.4 Danger Theory <i>12</i></p> <p>1.5.5 Immune Concentration <i>13</i></p> <p>1.5.6 Other Methods <i>14</i></p> <p>1.6 Characteristics of AIS <i>15</i></p> <p>1.7 Applications of Artificial Immune System <i>16</i></p> <p>1.7.1 Virus Detection <i>16</i></p> <p>1.7.2 Spam Filtering <i>16</i></p> <p>1.7.3 Robots <i>20</i></p> <p>1.7.4 Control Engineering <i>21</i></p> <p>1.7.5 Fault Diagnosis <i>22</i></p> <p>1.7.6 Optimized Design <i>22</i></p> <p>1.7.7 Data Analysis <i>22</i></p> <p>1.8 Summary <i>22</i></p> <p><b>2 Malware Detection </b><i>27</i></p> <p>2.1 Introduction <i>27</i></p> <p>2.2 Malware <i>28</i></p> <p>2.2.1 Definition and Features <i>28</i></p> <p>2.2.2 The Development Phases of Malware <i>29</i></p> <p>2.3 Classic Malware Detection Approaches <i>30</i></p> <p>2.3.1 Static Techniques <i>31</i></p> <p>2.3.2 Dynamic Techniques <i>31</i></p> <p>2.3.3 Heuristics <i>32</i></p> <p>2.4 Immune Based Malware Detection Approaches <i>34</i></p> <p>2.4.1 An Overview of Artificial Immune System <i>34</i></p> <p>2.4.2 An Overview of Artificial Immune System for Malware Detection <i>35</i></p> <p>2.4.3 An Immune Based Virus Detection System Using Affinity Vectors <i>36</i></p> <p>2.4.4 A Hierarchical Artificial Immune Model for Virus Detection <i>38</i></p> <p>2.4.5 A Malware Detection Model Based on a Negative Selection Algorithm with Penalty Factor 2.5 Summary <i>43</i></p> <p><b>3 Immune Principle and Neural Networks Based Malware Detection </b><i>47</i></p> <p>3.1 Introduction <i>47</i></p> <p>3.2 Immune System for Malicious Executable Detection <i>48</i></p> <p>3.2.1 Non-self Detection Principles <i>48</i></p> <p>3.2.2 Anomaly Detection Based on Thickness <i>48</i></p> <p>3.2.3 Relationship Between Diversity of Detector Representation and Anomaly Detection Hole <i>48</i></p> <p>3.3 Experimental Dataset <i>48</i></p> <p>3.4 Malware Detection Algorithm <i>49</i></p> <p>3.4.1 Definition of Data Structures <i>49</i></p> <p>3.4.2 Detection Principle and Algorithm <i>49</i></p> <p>3.4.3 Generation of Detector Set <i>50</i></p> <p>3.4.4 Extraction of Anomaly Characteristics <i>50</i></p> <p>3.4.5 Classifier <i>52</i></p> <p>3.5 Experiment <i>52</i></p> <p>3.5.1 Experimental Procedure <i>53</i></p> <p>3.5.2 Experimental Results <i>53</i></p> <p>3.5.3 Comparison With Matthew G. Schultz’s Method <i>55</i></p> <p>3.6 Summary <i>57</i></p> <p><b>4 Multiple-Point Bit Mutation Method of Detector Generation </b><i>59</i></p> <p>4.1 Introduction <i>59</i></p> <p>4.2 Current Detector Generating Algorithms <i>60</i></p> <p>4.3 Growth Algorithms <i>60</i></p> <p>4.4 Multiple Point Bit Mutation Method <i>62</i></p> <p>4.5 Experiments <i>62</i></p> <p>4.5.1 Experiments on Random Dataset <i>62</i></p> <p>4.5.2 Change Detection of Static Files <i>65</i></p> <p>4.6 Summary <i>65</i></p> <p><b>5 Malware Detection System Using Affinity Vectors </b><i>67</i></p> <p>5.1 Introduction <i>67</i></p> <p>5.2 Malware Detection Using Affinity Vectors <i>68</i></p> <p>5.2.1 Sliding Window <i>68</i></p> <p>5.2.2 Negative Selection <i>68</i></p> <p>5.2.3 Clonal Selection <i>69</i></p> <p>5.2.4 Distances <i>70</i></p> <p>5.2.5 Affinity Vector <i>71</i></p> <p>5.2.6 Training Classifiers with Affinity Vectors <i>71</i></p> <p>5.3 Evaluation of Affinity Vectors based malware detection System <i>73</i></p> <p>5.3.1 Dataset <i>73</i></p> <p>5.3.2 Length of Data Fragment <i>73</i></p> <p>5.3.3 Experimental Results <i>73</i></p> <p>5.4 Summary <i>74</i></p> <p><b>6 Hierarchical Artificial Immune Model </b><i>79</i></p> <p>6.1 Introduction <i>79</i></p> <p>6.2 Architecture of HAIM <i>80</i></p> <p>6.3 Virus Gene Library Generating Module <i>80</i></p> <p>6.3.1 Virus ODN Library <i>82</i></p> <p>6.3.2 Candidate Virus Gene Library <i>82</i></p> <p>6.3.3 Detecting Virus Gene Library <i>83</i></p> <p>6.4 Self-Nonself Classification Module <i>84</i></p> <p>6.4.1 Matching Degree between Two Genes <i>84</i></p> <p>6.4.2 Suspicious Program Detection <i>85</i></p> <p>6.5 Simulation Results of Hierarchical Artificial Immune Model <i>86</i></p> <p>6.5.1 Data Set <i>86</i></p> <p>6.5.2 Description of Experiments <i>86</i></p> <p>6.6 Summary <i>89</i></p> <p><b>7 Negative Selection Algorithm with Penalty Factor </b><i>91</i></p> <p>7.1 Introduction <i>91</i></p> <p>7.2 Framework of NSAPF <i>92</i></p> <p>7.3 Malware signature extraction module <i>93</i></p> <p>7.3.1 Malware Instruction Library (MIL) <i>93</i></p> <p>7.3.2 Malware Candidate Signature Library <i>94</i></p> <p>7.3.3 NSAPF and Malware Detection Signature Library <i>96</i></p> <p>7.4 Suspicious Program Detection Module <i>97</i></p> <p>7.4.1 Signature Matching <i>97</i></p> <p>7.4.2 Matching between Suspicious Programs and the MDSL <i>97</i></p> <p>7.4.3 Analysis of Penalty Factor <i>98</i></p> <p>7.5 Experiments and Analysis <i>99</i></p> <p>7.5.1 Experimental Datasets <i>99</i></p> <p>7.5.2 Experiments on Henchiri dataset <i>100</i></p> <p>7.5.3 Experiments on CILPKU08 Dataset <i>103</i></p> <p>7.5.4 Experiments on VX Heavens Dataset <i>104</i></p> <p>7.5.5 Parameter Analysis <i>104</i></p> <p>7.6 Summary <i>105</i></p> <p><b>8 Danger Feature Based Negative Selection Algorithm </b><i>107</i></p> <p>8.1 Introduction <i>107</i></p> <p>8.1.1 Danger Feature <i>107</i></p> <p>8.1.2 Framework of Danger Feature Based Negative Selection Algorithm <i>107</i></p> <p>8.2 DFNSA for Malware Detection <i>109</i></p> <p>8.2.1 Danger Feature Extraction <i>109</i></p> <p>8.2.2 Danger Feature Vector <i>110</i></p> <p>8.3 Experiments <i>111</i></p> <p>8.3.1 Datasets <i>111</i></p> <p>8.3.2 Experimental Setup <i>111</i></p> <p>8.3.3 Selection of Parameters <i>112</i></p> <p>8.3.4 Experimental Results <i>113</i></p> <p>8.4 Discussions <i>113</i></p> <p>8.4.1 Comparison of Detecting Feature Libraries <i>113</i></p> <p>8.4.2 Comparison of Detection Time <i>114</i></p> <p>8.5 Summary <i>114</i></p> <p><b>9 Immune Concentration Based Malware Detection Approaches </b><i>117</i></p> <p>9.1 Introduction <i>117</i></p> <p>9.2 Generation of Detector Libraries <i>117</i></p> <p>9.3 Construction of Feature Vector for Local Concentration <i>122</i></p> <p>9.4 Parameters Optimization based on Particle Swarm Optimization <i>124</i></p> <p>9.5 Construction of Feature Vector for Hybrid Concentration <i>124</i></p> <p>9.5.1 Hybrid Concentration <i>124</i></p> <p>9.5.2 Strategies for Definition of Local Areas <i>126</i></p> <p>9.5.3 HC-based Malware Detection Method <i>127</i></p> <p>9.5.4 Discussions <i>128</i></p> <p>9.6 Experiments <i>130</i></p> <p>9.6.1 Experiments of Local Concentration <i>130</i></p> <p>9.6.2 Experiments of Hybrid Concentration <i>138</i></p> <p>9.7 Summary <i>142</i></p> <p><b>10 Immune Cooperation Mechanism Based Learning Framework </b><i>145</i></p> <p>10.1 Introduction <i>145</i></p> <p>10.2 Immune Signal Cooperation Mechanism based Learning Framework <i>148</i></p> <p>10.3 Malware Detection Model <i>151</i></p> <p>10.4 Experiments of Malware Detection Model <i>152</i></p> <p>10.4.1 Experimental setup <i>152</i></p> <p>10.4.2 Selection of Parameters <i>153</i></p> <p>10.4.3 Experimental Results <i>153</i></p> <p>10.4.4 Statistical Analysis <i>155</i></p> <p>10.5 Discussions <i>157</i></p> <p>10.5.1 Advantages <i>157</i></p> <p>10.5.2 Time Complexity <i>157</i></p> <p>10.6 Summary <i>158</i></p> <p><b>11 Class-wise Information Gain </b><i>161</i></p> <p>11.1 Introduction <i>161</i></p> <p>11.2 Problem Statement <i>163</i></p> <p>11.2.1 Definition of the Generalized Class <i>163</i></p> <p>11.2.2 Malware Recognition Problem <i>163</i></p> <p>11.3 Class-wise Information Gain <i>164</i></p> <p>11.3.1 Definition <i>164</i></p> <p>11.3.2 Analysis <i>166</i></p> <p>11.4 CIG-based Malware Detection Method <i>170</i></p> <p>11.4.1 Feature Selection Module <i>170</i></p> <p>11.4.2 Classification Module <i>171</i></p> <p>11.5 Dataset <i>172</i></p> <p>11.5.1 Benign Program Dataset <i>172</i></p> <p>11.5.2 Malware Dataset <i>172</i></p> <p>11.6 Selection of Parameter <i>174</i></p> <p>11.6.1 Experimental Setup <i>174</i></p> <p>11.6.2 Experiments of Selection of Parameter <i>174</i></p> <p>11.7 Experimental Results <i>175</i></p> <p>11.7.1 Experiments on the VXHeavens Dataset <i>177</i></p> <p>11.7.2 Experiments on the Henchiri Dataset <i>179</i></p> <p>11.7.3 Experiments on the CILPKU08 Dataset <i>180</i></p> <p>11.8 Discussions <i>180</i></p> <p>11.8.1 The Relationship Among IG-A, DFCIG-B and DFCIG-M <i>181</i></p> <p>11.8.2 Space Complexity <i>182</i></p> <p>11.9 Summary <i>183</i></p> <p><b>Index </b><i>185</i></p>
<p><b>Ying Tan</b>, PhD, is a Professor of Peking University, China. Dr. Tan is also the director of CIL@PKU. He serves as the editor-in-chief of International Journal of Computational Intelligence and Pattern Recognition, associate editor of IEEE Transactions on Cybernetics, IEEE Transactions on Neural Networks and Learning Systems, and International Journal of Swarm Intelligence Research, and also as an Editor of Springer’s Lecture Notes on Computer Science (LNCS). He is the founder and chair of the ICSI International Conference series. Dr. Tan is a senior member of the IEEE, ACM, and CIE. He has published over two-hundred papers in refereed journals and conferences in areas such as computational intelligence, swarm intelligence, data mining, and pattern recognition for information security.</p>
<p><b>This book provides state-of-the-art information on the use, design, and development of the Artificial Immune System (AIS) and AIS-based solutions to computer security issues.</b></p> <p><i>Artificial Immune System: Applications in Computer Security</i> focuses on the technologies and applications of AIS in malware detection proposed in recent years by the Computational Intelligence Laboratory of Peking University (CIL@PKU). It offers a theoretical perspective as well as practical solutions for readers interested in AIS, machine learning, pattern recognition and computer security.</p> <p>The book begins by introducing the basic concepts, typical algorithms, important features, and some applications of AIS. The second chapter introduces malware and its detection methods, especially for immune-based malware detection approaches. Successive chapters present a variety of advanced detection approaches for malware, including Virus Detection System, K-Nearest Neighbour (KNN), RBF networks, and Support Vector Machines (SVM), Danger theory, Negative Selection Algorithms (NSA), Immune concentration, and immune cooperative mechanism based learning (ICL) framework. The book concludes by presenting a new statistic named Class-Wise Information Gain (CIG), which can select features with the highest information content for a specific class in a problem, as well as efficiently detect malware loaders and infected executables in the wild.</p> <p>Important features of this book:</p> <ul> <li>Presents established and developed immune models for malware detection</li> <li>Includes state-of-the-art malware detection techniques</li> <li>Covers all of the current achievements in computer security based on immune principles, which were obtained by CIL@PKU, China</li> </ul> <p>This book is designed for a professional audience who wish to learn about state-of-the-art AIS and AIS-based malware detection approaches.</p>

Diese Produkte könnten Sie auch interessieren:

MDX Solutions
MDX Solutions
von: George Spofford, Sivakumar Harinath, Christopher Webb, Dylan Hai Huang, Francesco Civardi
PDF ebook
53,99 €
Concept Data Analysis
Concept Data Analysis
von: Claudio Carpineto, Giovanni Romano
PDF ebook
107,99 €
Handbook of Virtual Humans
Handbook of Virtual Humans
von: Nadia Magnenat-Thalmann, Daniel Thalmann
PDF ebook
150,99 €