A malware detection system inspired on the human immune system

Malicious programs (malware) can cause severe damage on computer systems and data. The mechanism that the human immune system uses to detect and protect from organisms that threaten the human body is efficient and can be adapted to detect malware attacks. In this paper we propose a system to perform malware distributed collection, analysis and detection, this last inspired by the human immune system. After collecting malware samples from Internet, they are dynamically analyzed so as to provide execution traces at the operating system level and network flows that are used to create a behavioral model and to generate a detection signature. Those signatures serve as input to a malware detector, acting as the antibodies in the antigen detection process. This allows us to understand the malware attack and aids in the infection removal procedures. © 2012 Springer-Verlag.

Keywords

data mining, human immune system, malicious code, Antigen detections, Behavioral model, Execution trace, Human bodies, Human immune systems, Malicious codes, Malware attacks, Malware detection, Malwares, Network flows, Chemical detection, Computer aided network analysis, Computer crime, Data mining, Detectors, Network security, Immunology

Language

English

Citation

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), v. 7336 LNCS, n. PART 4, p. 286-301, 2012.