Artificial Immune System

Applications in Computer Security

Inbunden, Engelska, 2016

1 599 kr

Beställningsvara. Skickas inom 5-8 vardagar. Fri frakt för medlemmar vid köp för minst 249 kr.

This book deals with malware detection in terms of Artificial Immune System (AIS), and presents a number of AIS models and immune-based feature extraction approaches as well as their applications in computer security Covers all of the current achievements in computer security based on immune principles, which were obtained by the Computational Intelligence Laboratory of Peking University, ChinaIncludes state-of-the-art information on designing and developing artificial immune systems (AIS) and AIS-based solutions to computer security issuesPresents new concepts such as immune danger theory, immune concentration, and class-wise information gain (CIG)

Produktinformation

Utgivningsdatum2016-08-05
Mått158 x 236 x 18 mm
Vikt431 g
FormatInbunden
SpråkEngelska
Antal sidor208
FörlagJohn Wiley and Sons Ltd
ISBN9781119076285

Tillhör följande kategorier

IT-säkerhet inom Data och IT

Ying Tan, PhD, is a Professor of Peking University, China. Dr. Tan is also the director of CIL@PKU. He serves as the editor-in-chief of International Journal of Computational Intelligence and Pattern Recognition, associate editor of IEEE Transactions on Cybernetics, IEEE Transactions on Neural Networks and Learning Systems, and International Journal of Swarm Intelligence Research, and also as an Editor of Springer’s Lecture Notes on Computer Science (LNCS). He is the founder and chair of the ICSI International Conference series. Dr. Tan is a senior member of the IEEE, ACM, and CIE. He has published over two-hundred papers in refereed journals and conferences in areas such as computational intelligence, swarm intelligence, data mining, and pattern recognition for information security.

Preface xiiiAbout Author xxiAcknowledgements xxiii1 Artificial Immune System 11.1 Introduction 11.2 Biological Immune System 21.2.1 Overview 21.2.2 Adaptive Immune Process 31.3 Characteristics of BIS 41.4 Artificial Immune System 61.5 AIS Models and Algorithms 81.5.1 Negative Selection Algorithm 81.5.2 Clonal Selection Algorithm 91.5.3 Immune Network Model 111.5.4 Danger Theory 121.5.5 Immune Concentration 131.5.6 Other Methods 141.6 Characteristics of AIS 151.7 Applications of Artificial Immune System 161.7.1 Virus Detection 161.7.2 Spam Filtering 161.7.3 Robots 201.7.4 Control Engineering 211.7.5 Fault Diagnosis 221.7.6 Optimized Design 221.7.7 Data Analysis 221.8 Summary 222 Malware Detection 272.1 Introduction 272.2 Malware 282.2.1 Definition and Features 282.2.2 The Development Phases of Malware 292.3 Classic Malware Detection Approaches 302.3.1 Static Techniques 312.3.2 Dynamic Techniques 312.3.3 Heuristics 322.4 Immune Based Malware Detection Approaches 342.4.1 An Overview of Artificial Immune System 342.4.2 An Overview of Artificial Immune System for Malware Detection 352.4.3 An Immune Based Virus Detection System Using Affinity Vectors 362.4.4 A Hierarchical Artificial Immune Model for Virus Detection 382.4.5 A Malware Detection Model Based on a Negative Selection Algorithm with Penalty Factor 2.5 Summary 433 Immune Principle and Neural Networks Based Malware Detection 473.1 Introduction 473.2 Immune System for Malicious Executable Detection 483.2.1 Non-self Detection Principles 483.2.2 Anomaly Detection Based on Thickness 483.2.3 Relationship Between Diversity of Detector Representation and Anomaly Detection Hole 483.3 Experimental Dataset 483.4 Malware Detection Algorithm 493.4.1 Definition of Data Structures 493.4.2 Detection Principle and Algorithm 493.4.3 Generation of Detector Set 503.4.4 Extraction of Anomaly Characteristics 503.4.5 Classifier 523.5 Experiment 523.5.1 Experimental Procedure 533.5.2 Experimental Results 533.5.3 Comparison With Matthew G. Schultz’s Method 553.6 Summary 574 Multiple-Point Bit Mutation Method of Detector Generation 594.1 Introduction 594.2 Current Detector Generating Algorithms 604.3 Growth Algorithms 604.4 Multiple Point Bit Mutation Method 624.5 Experiments 624.5.1 Experiments on Random Dataset 624.5.2 Change Detection of Static Files 654.6 Summary 655 Malware Detection System Using Affinity Vectors 675.1 Introduction 675.2 Malware Detection Using Affinity Vectors 685.2.1 Sliding Window 685.2.2 Negative Selection 685.2.3 Clonal Selection 695.2.4 Distances 705.2.5 Affinity Vector 715.2.6 Training Classifiers with Affinity Vectors 715.3 Evaluation of Affinity Vectors based malware detection System 735.3.1 Dataset 735.3.2 Length of Data Fragment 735.3.3 Experimental Results 735.4 Summary 746 Hierarchical Artificial Immune Model 796.1 Introduction 796.2 Architecture of HAIM 806.3 Virus Gene Library Generating Module 806.3.1 Virus ODN Library 826.3.2 Candidate Virus Gene Library 826.3.3 Detecting Virus Gene Library 836.4 Self-Nonself Classification Module 846.4.1 Matching Degree between Two Genes 846.4.2 Suspicious Program Detection 856.5 Simulation Results of Hierarchical Artificial Immune Model 866.5.1 Data Set 866.5.2 Description of Experiments 866.6 Summary 897 Negative Selection Algorithm with Penalty Factor 917.1 Introduction 917.2 Framework of NSAPF 927.3 Malware signature extraction module 937.3.1 Malware Instruction Library (MIL) 937.3.2 Malware Candidate Signature Library 947.3.3 NSAPF and Malware Detection Signature Library 967.4 Suspicious Program Detection Module 977.4.1 Signature Matching 977.4.2 Matching between Suspicious Programs and the MDSL 977.4.3 Analysis of Penalty Factor 987.5 Experiments and Analysis 997.5.1 Experimental Datasets 997.5.2 Experiments on Henchiri dataset 1007.5.3 Experiments on CILPKU08 Dataset 1037.5.4 Experiments on VX Heavens Dataset 1047.5.5 Parameter Analysis 1047.6 Summary 1058 Danger Feature Based Negative Selection Algorithm 1078.1 Introduction 1078.1.1 Danger Feature 1078.1.2 Framework of Danger Feature Based Negative Selection Algorithm 1078.2 DFNSA for Malware Detection 1098.2.1 Danger Feature Extraction 1098.2.2 Danger Feature Vector 1108.3 Experiments 1118.3.1 Datasets 1118.3.2 Experimental Setup 1118.3.3 Selection of Parameters 1128.3.4 Experimental Results 1138.4 Discussions 1138.4.1 Comparison of Detecting Feature Libraries 1138.4.2 Comparison of Detection Time 1148.5 Summary 1149 Immune Concentration Based Malware Detection Approaches 1179.1 Introduction 1179.2 Generation of Detector Libraries 1179.3 Construction of Feature Vector for Local Concentration 1229.4 Parameters Optimization based on Particle Swarm Optimization 1249.5 Construction of Feature Vector for Hybrid Concentration 1249.5.1 Hybrid Concentration 1249.5.2 Strategies for Definition of Local Areas 1269.5.3 HC-based Malware Detection Method 1279.5.4 Discussions 1289.6 Experiments 1309.6.1 Experiments of Local Concentration 1309.6.2 Experiments of Hybrid Concentration 1389.7 Summary 14210 Immune Cooperation Mechanism Based Learning Framework 14510.1 Introduction 14510.2 Immune Signal Cooperation Mechanism based Learning Framework 14810.3 Malware Detection Model 15110.4 Experiments of Malware Detection Model 15210.4.1 Experimental setup 15210.4.2 Selection of Parameters 15310.4.3 Experimental Results 15310.4.4 Statistical Analysis 15510.5 Discussions 15710.5.1 Advantages 15710.5.2 Time Complexity 15710.6 Summary 15811 Class-wise Information Gain 16111.1 Introduction 16111.2 Problem Statement 16311.2.1 Definition of the Generalized Class 16311.2.2 Malware Recognition Problem 16311.3 Class-wise Information Gain 16411.3.1 Definition 16411.3.2 Analysis 16611.4 CIG-based Malware Detection Method 17011.4.1 Feature Selection Module 17011.4.2 Classification Module 17111.5 Dataset 17211.5.1 Benign Program Dataset 17211.5.2 Malware Dataset 17211.6 Selection of Parameter 17411.6.1 Experimental Setup 17411.6.2 Experiments of Selection of Parameter 17411.7 Experimental Results 17511.7.1 Experiments on the VXHeavens Dataset 17711.7.2 Experiments on the Henchiri Dataset 17911.7.3 Experiments on the CILPKU08 Dataset 18011.8 Discussions 18011.8.1 The Relationship Among IG-A, DFCIG-B and DFCIG-M 18111.8.2 Space Complexity 18211.9 Summary 183Index 185