Abstract
This paper proposes a danger feature based negative selection algorithm (DFNSA). The DFNSA divides the danger feature space into four parts, and reserves the information of danger features to the utmost extent, laying a good foundation for measuring the danger of a sample. In order to incorporate the DFNSA into the procedure of malware detection, a DFNSA-based malware detection (DFNSA-MD) model is proposed. It maps a sample into the whole danger feature space by using the DFNSA. The danger of a sample is measured precisely in this way and used to classify the sample. Eight groups of experiments on three public malware datasets are exploited to evaluate the effectiveness of the proposed DFNSA-MD model using cross validation. Comprehensive experimental results suggest that the DFNSA is able to reserve as much information of danger features as possible, and the DFNSA-MD model is effective to detect unseen malware. It outperforms the traditional negative selection algorithm based and the negative selection algorithm with penalty factor based malware detection models in all the experiments for about 5.34% and 0.67% on average, respectively.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Forrest, S., Perelson, A.S., Allen, L., Rajesh, C.: Self-nonself discrimination in a computer. In: IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, pp. 202–212 (1994)
Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix processes. In: IEEE Symposium on Security and Privacy, Oakland, pp. 120–128 (1996)
Somayaji, A., Hofmeyer, S., Forrest, S.: Principle of a computer immune system. In: New Security Paradigms Workshop, Cumbria, pp. 75–82 (1998)
Matzinger, P.: The danger model: a renewed sense of self. Science’s STKE 296(5566), 301–305 (2002)
Aickelin, U., Bentley, P., Cayzer, S., Kim, J., McLeod, J.: Danger Theory: The Link between AIS and IDS? In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 147–155. Springer, Heidelberg (2003)
Ji, Z., Dasgupta, D.: Real-Valued Negative Selection Algorithm with Variable-Sized Detectors. In: Deb, K., et al. (eds.) GECCO 2004, Part I. LNCS, vol. 3102, pp. 287–298. Springer, Heidelberg (2004)
Li, Z., Liang, Y.W., Wu, Z.J., Tan, C.Y.: Immunity based virus detection with process call arguments and user feedback. In: Bio-Inspired Models of Network, Information and Computing Systems, Budapest, pp. 57–64 (2007)
Li, T.: Dynamic detection for computer virus based on immune system. Sci. China Inf. Sci. 39(4), 422–430 (2009) (in Chinese)
Wang, W., Zhang, P.T., Tan, Y., He, X.G.: A hierarchical artificial immune model for virus detection. In: International Conference on Computational Intelligence and Security, Beijing, pp. 1–5 (2009)
Wang, W., Zhang, P., Tan, Y.: An Immune Concentration Based Virus Detection Approach Using Particle Swarm Optimization. In: Tan, Y., Shi, Y., Tan, K.C. (eds.) ICSI 2010. LNCS, vol. 6145, pp. 347–354. Springer, Heidelberg (2010)
Zhang, P.T., Wang, W., Tan, Y.: A malware detection model based on a negative selection algorithm with penalty factor. Sci. China Inf. Sci. 53(12), 2461–2471 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, P., Tan, Y. (2012). A Danger Feature Based Negative Selection Algorithm. In: Tan, Y., Shi, Y., Ji, Z. (eds) Advances in Swarm Intelligence. ICSI 2012. Lecture Notes in Computer Science, vol 7331. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30976-2_35
Download citation
DOI: https://doi.org/10.1007/978-3-642-30976-2_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30975-5
Online ISBN: 978-3-642-30976-2
eBook Packages: Computer ScienceComputer Science (R0)