Research Article
Immunity based Virus Detection with Process Call Arguments and User Feedback
@INPROCEEDINGS{10.4108/ICST.BIONETICS2007.2447, author={Zhou Li and Yiwen Liang and Zejun Wu and Chengyu Tan}, title={Immunity based Virus Detection with Process Call Arguments and User Feedback}, proceedings={2nd International ICST Conference on Bio-Inspired Models of Network, Information, and Computing Systems}, proceedings_a={BIONETICS}, year={2008}, month={8}, keywords={Biologically-inspired networking evolutionary and adaptive sensor networks self-organizing sensor networks}, doi={10.4108/ICST.BIONETICS2007.2447} }- Zhou Li
Yiwen Liang
Zejun Wu
Chengyu Tan
Year: 2008
Immunity based Virus Detection with Process Call Arguments and User Feedback
BIONETICS
ICST
DOI: 10.4108/ICST.BIONETICS2007.2447
Abstract
Detecting unknown virus is a challenging task. Most of the current virus detection approaches, such as anti-virus tools, require precognition of virus signatures for detection, but they are hard to detect unknown virus. In this paper, we present a new immunity based virus detection approach. This approach collects arguments of process calls instead of the sequence of process, which obtain more information of process, and then utilizes them to train detectors with Real-valued Negative Selection (RVNS) algorithm. In the stage of testing, user feedback is analyzed to adjust the threshold between normal files and viruses. We took two experiments to evaluate the performance of the approach, and the detection rate achieved is 0.7, which proved this approach could cope with unknown virus.