A Danger Feature Based Negative Selection Algorithm

  • Pengtao Zhang
  • Ying Tan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7331)


This paper proposes a danger feature based negative selection algorithm (DFNSA). The DFNSA divides the danger feature space into four parts, and reserves the information of danger features to the utmost extent, laying a good foundation for measuring the danger of a sample. In order to incorporate the DFNSA into the procedure of malware detection, a DFNSA-based malware detection (DFNSA-MD) model is proposed. It maps a sample into the whole danger feature space by using the DFNSA. The danger of a sample is measured precisely in this way and used to classify the sample. Eight groups of experiments on three public malware datasets are exploited to evaluate the effectiveness of the proposed DFNSA-MD model using cross validation. Comprehensive experimental results suggest that the DFNSA is able to reserve as much information of danger features as possible, and the DFNSA-MD model is effective to detect unseen malware. It outperforms the traditional negative selection algorithm based and the negative selection algorithm with penalty factor based malware detection models in all the experiments for about 5.34% and 0.67% on average, respectively.


danger feature negative selection algorithm feature extraction malware detection artificial immune system 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Forrest, S., Perelson, A.S., Allen, L., Rajesh, C.: Self-nonself discrimination in a computer. In: IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, pp. 202–212 (1994)Google Scholar
  2. 2.
    Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix processes. In: IEEE Symposium on Security and Privacy, Oakland, pp. 120–128 (1996)Google Scholar
  3. 3.
    Somayaji, A., Hofmeyer, S., Forrest, S.: Principle of a computer immune system. In: New Security Paradigms Workshop, Cumbria, pp. 75–82 (1998)Google Scholar
  4. 4.
    Matzinger, P.: The danger model: a renewed sense of self. Science’s STKE 296(5566), 301–305 (2002)Google Scholar
  5. 5.
    Aickelin, U., Bentley, P., Cayzer, S., Kim, J., McLeod, J.: Danger Theory: The Link between AIS and IDS? In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 147–155. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Ji, Z., Dasgupta, D.: Real-Valued Negative Selection Algorithm with Variable-Sized Detectors. In: Deb, K., et al. (eds.) GECCO 2004, Part I. LNCS, vol. 3102, pp. 287–298. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Li, Z., Liang, Y.W., Wu, Z.J., Tan, C.Y.: Immunity based virus detection with process call arguments and user feedback. In: Bio-Inspired Models of Network, Information and Computing Systems, Budapest, pp. 57–64 (2007)Google Scholar
  8. 8.
    Li, T.: Dynamic detection for computer virus based on immune system. Sci. China Inf. Sci. 39(4), 422–430 (2009) (in Chinese)Google Scholar
  9. 9.
    Wang, W., Zhang, P.T., Tan, Y., He, X.G.: A hierarchical artificial immune model for virus detection. In: International Conference on Computational Intelligence and Security, Beijing, pp. 1–5 (2009)Google Scholar
  10. 10.
    Wang, W., Zhang, P., Tan, Y.: An Immune Concentration Based Virus Detection Approach Using Particle Swarm Optimization. In: Tan, Y., Shi, Y., Tan, K.C. (eds.) ICSI 2010. LNCS, vol. 6145, pp. 347–354. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Zhang, P.T., Wang, W., Tan, Y.: A malware detection model based on a negative selection algorithm with penalty factor. Sci. China Inf. Sci. 53(12), 2461–2471 (2010)CrossRefGoogle Scholar
  12. 12.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Pengtao Zhang
    • 1
    • 2
  • Ying Tan
    • 1
    • 2
  1. 1.Key Laboratory of Machine Perception (MOE)Peking UniversityBeijingChina
  2. 2.Department of Machine Intelligence, School of Electronics Engineering and Computer SciencePeking UniversityBeijingChina

Personalised recommendations