• E-Book

    92,99 €

Artificial Immune System - Ying Tan - E-Book

Artificial Immune System E-Book

Ying Tan

0,0
92,99 €
oder
 
-100%
Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.

Mehr erfahren.
Beschreibung

This book deals with malware detection in terms of Artificial Immune System (AIS), and presents a number of AIS models and immune-based feature extraction approaches as well as their applications in computer security * Covers all of the current achievements in computer security based on immune principles, which were obtained by the Computational Intelligence Laboratory of Peking University, China * Includes state-of-the-art information on designing and developing artificial immune systems (AIS) and AIS-based solutions to computer security issues * Presents new concepts such as immune danger theory, immune concentration, and class-wise information gain (CIG)

Sie lesen das E-Book in den Legimi-Apps auf:

Android
iOS
von Legimi
zertifizierten E-Readern

Seitenzahl: 321

Veröffentlichungsjahr: 2016

Bewertungen
0,0
0
0
0
0
0
Mehr Informationen
Mehr Informationen
Bewertungen werden von Nutzern von Legimi sowie anderen Partner-Webseiten vergeben.
Mehr Informationen
Mehr Informationen
Legimi prüft nicht, ob Rezensionen von Nutzern stammen, die den betreffenden Titel tatsächlich gekauft oder gelesen/gehört haben. Wir entfernen aber gefälschte Rezensionen.

CONTENTS

Cover

IEEE Press Editorial Board

Title Page

Copyright

Dedication

List of Figures

List of Tables

Preface

Acknowledgments

About the Author

Chapter 1: Artificial Immune System

1.1 Introduction

1.2 Biological Immune System

1.3 Characteristics of a Biological Immune System

1.4 Artificial Immune System

1.5 Artificial Immune System Models and Algorithms

1.6 Characteristics of the Artificial Immune System

1.7 Applications of Artificial Immune System

1.8 Summary

References

Chapter 2: Malware Detection

2.1 Introduction

2.2 Malware

2.3 Classic Malware Detection Approaches

2.4 Immune-Based Malware Detection Approaches

2.5 Summary

References

Chapter 3: Immune Principle and Neural Networks-Based Malware Detection

3.1 Introduction

3.2 Immune System for Malicious Executable Detection

3.3 Experimental Dataset

3.4 Malware Detection Algorithm

3.5 Experiment

3.6 Summary

References

Chapter 4: Multiple-Point Bit Mutation Method of Detector Generation

4.1 Introduction

4.2 Current Detector Generating Algorithms

4.3 Growth Algorithms

4.4 Multiple-Point Bit Mutation Method

4.5 Experiments

4.6 Summary

References

Chapter 5: Malware Detection System Using Affinity Vectors

5.1 Introduction

5.2 Malware Detection Using Affinity Vectors

5.3 Evaluation of Affinity Vectors-Based Malware Detection System

5.4 Summary

References

Chapter 6: Hierarchical Artificial Immune Model

6.1 Introduction

6.2 Architecture of HAIM

6.3 Virus Gene Library Generating Module

6.4 Self-Nonself Classification Module

6.5 Simulation Results of Hierarchical Artificial Immune Model

6.6 Summary

References

Chapter 7: Negative Selection Algorithm with Penalty Factor

7.1 Introduction

7.2 Framework of NSAPF

7.3 Malware Signature Extraction Module

7.4 Suspicious Program Detection Module

7.5 Experiments and Analysis

7.6 Summary

References

Chapter 8: Danger Feature-Based Negative Selection Algorithm

8.1 Introduction

8.2 DFNSA for Malware Detection

8.3 Experiments

8.4 Discussions

8.5 Summary

References

Chapter 9: Immune Concentration-Based Malware Detection Approaches

9.1 Introduction

9.2 Generation of Detector Libraries

9.3 Construction of Feature Vector for Local Concentration

9.4 Parameters Optimization Based on Particle Swarm Optimization

9.5 Construction of Feature Vector for Hybrid Concentration

9.6 Experiments

9.7 Summary

References

Chapter 10: Immune Cooperation Mechanism-Based Learning Framework

10.1 Introduction

10.2 Immune Signal Cooperation Mechanism-Based Learning Framework

10.3 Malware Detection Model

10.4 Experiments Using the Malware Detection Model

10.5 Discussion

10.6 Summary

References

Chapter 11: Class-Wise Information Gain

11.1 Introduction

11.2 Problem Statement

11.3 Class-Wise Information Gain

11.4 CIG-Based Malware Detection Method

11.5 Dataset

11.6 Selection of Parameters

11.7 Experimental Results

11.8 Discussion

11.9 Summary

References

Index

End User License Agreement

List of Tables

Table 2.1

Table 2.2

Table 2.3

Table 3.2

Table 3.1

Table 3.3

Table 4.1

Table 4.2

Table 4.3

Table 5.1

Table 5.2

Table 6.1

Table 6.2

Table 6.3

Table 6.4

Table 6.5

Table 7.1

Table 7.2

Table 7.3

Table 7.4

Table 7.5

Table 7.6

Table 7.7

Table 7.8

Table 7.9

Table 7.10

Table 8.1

Table 8.2

Table 8.3

Table 9.1

Table 9.2

Table 9.3

Table 9.4

Table 9.5

Table 9.6

Table 9.7

Table 9.8

Table 9.9

Table 9.10

Table 9.11

Table 10.1

Table 10.2

Table 10.3

Table 10.4

Table 10.5

Table 10.6

Table 11.1

Table 11.2

Table 11.3

Table 11.4

Table 11.5

Table 11.6

Table 11.7

Table 11.8

Table 11.9

List of Illustrations

Figure 1.1

Figure 1.2

Figure 1.3

Figure 1.4

Figure 1.5

Figure 2.1

Figure 2.2

Figure 2.3

Figure 2.4

Figure 2.5

Figure 2.6

Figure 2.7

Figure 2.8

Figure 2.9

Figure 2.10

Figure 3.1

Figure 3.2

Figure 3.3

Figure 3.4

Figure 3.5

Figure 3.6

Figure 4.1

Figure 4.2

Figure 4.3

Figure 4.4

Figure 4.5

Figure 5.1

Figure 5.2

Figure 5.3

Figure 5.4

Figure 5.5

Figure 6.1

Figure 6.2

Figure 6.3

Figure 6.4

Figure 6.5

Figure 7.1

Figure 7.2

Figure 7.3

Figure 7.4

Figure 7.5

Figure 7.6

Figure 7.7

Figure 7.8

Figure 7.9

Figure 8.1

Figure 8.2

Figure 9.1

Figure 9.2

Figure 9.3

Figure 9.4

Figure 9.5

Figure 9.6

Figure 9.7

Figure 9.8

Figure 9.9

Figure 9.10

Figure 9.11

Figure 9.12

Figure 9.13

Figure 9.14

Figure 9.15

Figure 10.1

Figure 10.2

Figure 10.3

Figure 11.1

Figure 11.2

Figure 11.3

Figure 11.4

Figure 11.5

Figure 11.6

Figure 11.7

Figure 11.8

Figure 11.9

Figure 11.10

Figure 11.11

Figure 11.12

Guide

Cover

Table of Contents

Begin Reading

Chapter 1

Pages

ii

iii

iv

v

vi

xiii

xiv

xv

xvi

xvii

xviii

xix

xx

xxi

xxii

xxiii

xxiv

xxv

xxvi

xxvii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

IEEE Press Editorial Board

Tariq Samad,

Editor in Chief

George W. Arnold

Pui-In Mak

Giancarlo Fortino

Jeffrey Nanzer

Dmitry Goldgof

Ray Perez

Ekram Hossain

Linda Shafer

Xiaoou Li

Zidong Wang

Vladimir Lumelsky

MengChu Zhou

Kenneth Moore, Director of IEEE Book and Information Services (BIS)

Technical Reviewers

Guoyin Wang, College of Computer Science and Technology

Chongqing University of Posts and Telecommunications

Yan Pei, University of Aizu, Japan

Suichen Gu, Google, Inc.

About IEEE Computer Society

IEEE Computer Society is the world's leading computing membership organization and the trusted information and career-development source for a global workforce of technology leaders including: professors, researchers, software engineers, IT professionals, employers, and students. The unmatched source for technology information, inspiration, and collaboration, the IEEE Computer Society is the source that computing professionals trust to provide high-quality, state-of-the-art information on an on-demand basis. The Computer Society provides a wide range of forums for top minds to come together, including technical conferences, publications, and a comprehensive digital library, unique training webinars, professional training, and the TechLeader Training Partner Program to help organizations increase their staff's technical knowledge and expertise, as well as the personalized information tool myComputer. To find out more about the community for technology leaders, visit http://www.computer.org.

IEEE/Wiley Partnership

The IEEE Computer Society and Wiley partnership allows the CS Press authored book program to produce a number of exciting new titles in areas of computer science, computing, and networking with a special focus on software engineering. IEEE Computer Society members continue to receive a 15% discount on these titles when purchased through Wiley or at wiley.com/ieeecs.

To submit questions about the program or send proposals, please contact Mary Hatcher, Editor, Wiley-IEEE Press: Email: [email protected], Telephone: 201-748-6903, John Wiley & Sons, Inc., 111 River Street, MS 8-01, Hoboken, NJ 07030-5774.

Artificial Immune System

Applications in Computer Security

Ying Tan

Copyright © 2016 by the IEEE Computer Society, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data is available.

ISBN: 978-1-119-07628-5

Dedication

This book is dedicated to my wife, Chao Dengand my daughter, Fei Tan

List of Tables

2.1

The Relationship of BIS and CAMS

2.2

The Test Data Sets in The Experiments

2.3

Experimental Results Obtained by HAIM

3.1

Comparisons of Experimental Data Sets

3.2

Generation of Detectors

3.3

Comparison of Computational Complexities of Two Algorithms

4.1

Computational Complexity Comparisons for 16-Bit Dataset

4.2

Computational Complexity Comparisons for 24-Bit Dataset

4.3

Results of Anomaly Numbers for File Comparison (First Sub-Column of Last Column), and Anomaly Detection (Second Sub-Column of Last Column)

5.1

The Number of Files in Each Dataset in Our Experiment

5.2

The Average Detection Rate of SVM when

L

= 32 and

L

= 64. The Files are Randomly Selected from the Dataset.

6.1

R-Continuous Matching

6.2

Similarity Value with Matching Length

6.3

Experimental Results of Class 1

6.4

Experimental Results of Class 2

6.5

Experimental Results of Class 3

7.1

Henchiri Dataset

7.2

CILPKU08 Dataset

7.3

Benign Programs in VX Heavens Dataset

7.4

Malware in VX Heavens Dataset

7.5

Experimental Results on the Training Set

7.6

Experimental Results on the Test Set

7.7

Experimental Results of Henchiri

7.8

Experimental Results on the Test Set

7.9

Experimental Results on the VX Heavens Dataset

7.10

Experimental Results Obtained by Tabish

8.1

Experimental Platform

8.2

Experimental Results

8.3

The Composition of the DFLs of the Three Models

9.1

The Classification Table of the GCMD, LCMD, and HCMD Methods

9.2

The Test Platform

9.3

Average Detection Rate by SVM when

L

= 64

9.4

Average Detection Rate by SVM when L = 32

9.5

Average Detection Rates on the Detecting Set with Empirical and Optimized Classification Designs Under Optimum Conditions by SVM

9.6

Average Detection Rates on the Detecting Set with Empirical and Optimized Classification Designs Under Optimum Conditions by KNN

9.7

Experimental Platform

9.8

Experimental Results of the HCMD Method

9.9

Experimental Results of the GCMD Method

9.10

Experimental Results of the LCMD Method

9.11

Comparisons of the Detecting Time (in Second)

10.1

The mapping between the BIS and the ICL framework

10.2

The experimental platform

10.3

The AUCs of the

M

1

,

M

2

,

M

1∪2

, and the ICL-MD model

10.4

The AUCs of the GC-MD approach and LC-MD approach

10.5

The ANOVA/P-value table

10.6

The average detecting time for a sample (seconds)

11.1

Benign Program Dataset

11.2

VXHeavens Dataset

11.3

Henchiri Dataset

11.4

CILPKU08 Dataset

11.5

Experimental Results of the Method Using IG-A

11.6

Experimental Results of the Method Using DFCIG-B

11.7

Experimental Results of the Method Using DFCIG-M

11.8

The Relationship Among IG-A, DFCIG-B, and DFCIG-M

11.9

The Proportion of 4-Gram in the Experiments

Preface

The most terrible threats to the security of computers and networking systems are the so-called computer virus and unknown intrusion. The rapid development of evasion techniques used in viruses invalidate the well-known signature-based computer virus detection techniques, so a number of novel virus detection approaches have been proposed to cope with this vital security issue. Because the natural similarities between the biological immune system (BIS) and computer security system, the artificial immune system (AIS) has been developed as a new field in the community of anti-virus researches. The various principles and mechanisms in BIS provide unique opportunities to build novel computer virus detection models with abilities of robustness and adaptiveness in detecting the known and unknown viruses.

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!