AIS ON COMPUTER SECURITY

7/29/2019 AIS ON COMPUTER SECURITY

1/14

Artificial Immune Systemfor

Computer SecuritySweta leena panda (Student , 7th semester)


2/14

The threats and intrusions in IT systems can basically be compared to human diseases with the

difference that the human body has an effective way to deal with them, what still need to be

designed for IT systems. The human immune system (HIS) can detect and defend against yet

unseen intruders, is distributed, adaptive and multilayered to name only a few of itsfeatures. Our immune system incorporates a powerful and diverse set of characteristics which are

very interesting to use in AIS . in AIS I am working on computer security . as I think security should

be our first priority.

WHAT IS AIS

Artificial Immune Systems (AIS) is a branch of biologically inspired computation focusing on many

aspects of immune systems. AIS development can be seen as having two target domains: the

provision of solutions to engineering problems through the adoption of immune system inspired

concepts; and the provision of models and simulations with which to study immune system

theories.

KEY WORDS

AIS , immunue system , artificial immune system, virus, negative selection model , Hierarchical

Artificial Immune Model

How AIS related with biological immune system

In medical science, historically, the term immunity refers to the condition in which an organism can

resist disease, more specifically infectious disease. However, a broader definition of immunity is areaction to foreign (or dangerous) substances.

Immunology concerns the study of the immune system and the effects of its operation on the body.The immune system is normally defined in relation to its perceived function: a defence system that

has evolved to protect its host from pathogens (harmful micro-organisms such as bacteria, viruses

and parasites) [Goldsby et al. 2003]. It comprises a variety of specialised cells that circulate and

monitor the body, various extra-cellular molecules, and immune organs that provide an

environment for immune cells to interact, mature and respond. The collective action of immune

cells and molecules forms a complex network leading to the detection and recognition of pathogens

within the body. This is followed by a specific effector response aimed at

eliminating the pathogen. This recognition and response process is vastly complicated with many of

the details not yet properly understood.

Human Immune System Components

Bio and Artificial Immune mapping

Biological Immune

System

Artificial Immune System


3/14

Human Body Computer networkOrganisms/ Organs Nodes / FilesAntibodies Mobile AgentsAntigens Software VirusImmunity, Suppression Immunity, ToleranceNeural Controller ServerImmune memory Look up TableTraining patterns Virus SignaturesReceptors DetectorsBio Connectivity Wireless/ Wired LinkOrgan address IP Address

Time of Attack Time of Virus DetectionCloning Agent Replication

Recovery Time Agent Life Time

Natural Immunity Builtin SecurityAcquired Immunity Agent based Security

Natural Death Dead PC

Fig shows -The Process By Which T Cells And B Cells Interact With Antigens


4/14

Graphical Representation of the Life Cycle of T Cells and B Cells and Their

Interactions with Antigens.From University of Hartford, Department of Mathematics, Epidemics and AIDS web page.


5/14

What Motivated Them?

Why is it that engineers are attracted to the immune system for inspiration? The immune system

exhibits several properties that engineers recognise as being desirable in their systems. [Timmis &

Andrews 2007, Timmis et al. 2008a, de Castro & Timmis 2002a] have identified these as:-


6/14

1)Distribution and self-organization:-

The behavior of the immune system is deployed through the actions of billions of agents (cells and

molecules) distributed throughout the body. Their collective effects can be highly complex with no

central controller. An organised response emerges as a system wide property derived from the low

level agent behaviours. These immune agents act concurrently making immune processes naturally

parallised.

2)Learning, adaption, and memory.

The immune system is capable of recognizing previously unseen pathogens, thus exibits the ability

to learn. Learning implies the presence of memory, which is present in the immune system enabling

it to remember previously encounted pathogens. This is encapsuatled by the phenomenon of

primary and secondary responses: the first time a pathogen is encountered an immune response

(the primary response) is elicited. The next time that pathogen is encounted a faster and often more

aggressive response is mounted (the secondary response).

3)Pattern recognition.

Through its various receptors and molecules the immune system is capable of recognising a diverse

range of patterns. This is accomplished through receptors that perceive antigenic materials in

differing contexts (processed molecules, whole molecules, additional signals etc). Receptors of the

innate immune system vary little, whilst receptors of the adaptive immune system, such as as

antibodies and T-cell receptors are subject to huge diversity.

4)Classification

The immune system is very effective at distinguishing harmful substances (non-self) from thebodys own tissues (self), and directing its actions accordingly. From a computational perspective, it

does this with access to only a single class of data, self molecules [Stibor et al. 2005]. Creation of asystem that effectively classifies data into two classes, having been trained on examples from only

one, is a challenging task.

Different models of Artificial Immune Systems

Artificial Immune Systems (AIS) emerged in the 1990s as a new branch in Computational

Intelligence (CI).A number of AIS models exist, and they are used in pattern recognition, fault

detection, computer security, and a variety of other applications researchers are exploring in the

field of science and engineering . Although the AIS research has been gaining its momentum, thechanges in the fundamental methodologies have not been dramatic. Among various mechanisms in

the biological immune system that are explored as AISs, negative selection, immune network model

and clonal selection are still the most discussed models.

But now I am going to focusing only on Negative selection , as it has huge application oncomputer security .

Negative Selection


7/14

Negative selection is a process of selection that takes place in the thymus gland. T cells are

produced in the bone marrow and before they are released into the lymphatic system, undergo amaturation process in the thymus gland. The maturationof the T cells is conceptually very simple. T

cells are exposed to self-proteins in a binding process. If this binding activates the T cell, then the T

cell is killed, otherwise it is allowed into the lymphatic system. This process of censoring prevents

cells that are reactive to self from entering the lymph system, thus endowing (in part) the hosts

immune system with the ability to distinguish between self and non-self agents.

Artificial Negative Selection

The negative selection algorithm Forrest et al. , is one of the computational models of self/nonself

discrimination, first designed as a change detection method. It is one of the earliest AIS algorithms

that were applied in various real-world applications. Since it was first conceived, it has attracted

many AIS researchers and practitioners and has gone through some phenomenal evolution. In spite

of evolution and diversification of this method, the main characteristics of a negative selection

algorithm described by Forrest et al.

In generation stage, the detectors are generated by some random process and censored by trying to

match self samples. Those candidates that match are eliminated and the rest are kept as detectors.

In the detection stage, the collection of detectors (or detector set) is used

to check whether an incoming data instance is self or non-self.

If it matches any detector, then it is claimed as non-self or anomaly. This description is limited to

some extent, but conveys the essential idea. Like any other Computational Intelligence technique,

different negative selection algorithms are characterized by particular representation schemes,matching rules and detector generation processes.

AIS Applications

Artificial Immune Systems (AIS) are being used in many applicationssuch as:-

1)anomaly detection

2)pattern recognition

3)data mining

4)computer security

5)adaptive control

6)fault detection .

Computer Security

I am working on computer security only . I choose this as because computer security should be ourfirst priority .world has become a more interconnected place. Electronic communication, e-

commerce, network services and the Internet have become vital components of business strategies,

government operations, and private communications. Many organizations have become dependent

on the wired world for their daily activities. This interconnectivity has also brought forth those who

wish to exploit it. Computer security has, thus, become a necessity in the digital age. Whileinformation dependence is increasing, the threat from malicious code, such as computer viruses, is

also on the rise. The number of computer viruses has been increasing exponentially from their first

appearance in 1986 to over 55 000 different strains identified today . Viruses were once spread by


8/14

sharing disks; now, global connectivity allows malicious code to spread farther and faster. Similarly,

computer misuse through network intrusion is on the rise.

With the rapid development of computer technology, new anti-malware technologies are required

because malware is becoming more complex with a faster propagation speed and a stronger ability

for latency, destruction, and infection.

Many companies have released anti-malware software, most of which is based on signatures and

can detect known malware very quickly. However, the software often fails to detect new variations

and unknown malware. Based on metamorphic and polymorphous techniques, even a layman is

able to develop new variations of known malware easily using malware automaton. Thus,

traditional malware detection methods based on signatures are no longer suitable for new

environments; as well, heuristics have started to emerge.

For the past few years, applying immune mechanisms to computer security has developed into a

new field, attracting many researchers. Forrest applied immune theory to computer

abnormality detection for the first time in 1994 . Since then, many researchers have proposed

various different malware detection models and achieved some success.

Immunological computation has also been applied to other problem domains, not all of which are in

the computer-security field. Some of the more interesting examples include anomaly detection

in time series data , fault diagnosis , decision support systems ,multi optimization problems ,

robust scheduling , and loan application fraud detection . The similarity in all of

these applications is thatthey utilize the pattern-matching and learning mechanisms of the

immune system model to perform desired system features. A lot of theoretical groundwork

in immunological computation has been completed, but only a handful ofAISs have been build.

Many AIS MODELS are there to detect virus & malware code.

For virus detection

A Hierarchical Artificial Immune Model for Virus Detection

Model Architecture

The model is composed of two modules:

1)virus gene library

2)generating module

3)self-nonself classification module.

virus gene library


9/14

The first module is used for the training phase, whose

function is to generate a detecting gene library to accomplishthe training of given data.

A.Generating module

This module is assigned as the detecting phase in terms of the results from first module for

detection of the suspicious programs. we all know that in biology the genetic information ismainly stored in DNA, but not all the fragments in DNA can express useful information. Only gene is

a fragment of DNA with genetic information. Gene is made up of several deoxyribonucleotides

(ODN)..

DNA: The whole bit-string of a procedure.

Gene: Virus detector, a fragment of virus DNA, the

compared unit for virus detection.

ODN: Every two bytes of a bit-string.

The relation of DNA, gene and ODN is shown

DNA

ODN ODN ODN ODN ODN ODN ODN ODN ODN

Gene is a fragment of DNA which contains genetic information._

A series of ODNs compose a gene.

The relationship among DNA, gene & ODN.

The codes of a virus correspond to the DNA in the

organism. small quanity of codes which will perform as Viral code & will regard as the genes of a

virus. These virus genes are composed of several virus ODNs which are the smallest unit to analyze

the virus. . At this stage, the most important task of the model is to extract the genes of a virus.

B. Virus Gene Library Generating Module

Virus gene library generating module works on the training

set consisted of legal and virus programs.

Firstly, this module is to count the ODNs in a DNA of legal and virus programs by a sliding window,

respectively, in order to extract ODNs which are regarded as the representative of the virus.A virus

ODN library is built bythe obtained statistical information. Secondly, the DNAs invirus and

legal programs are traversed by the ODNs in thevirus ODN library to generate viruscandidate gene library and legal virus-like gene library. Finally, according to thenegative

selection mechanism, we match all the genes inthe candidate virus gene library with the genes in

the legalvirus-like gene library, and delete those genes which appearin both libraries. In such a

way, the candidate library is upgraded as the detecting virus gene library.

2) Candidate virus gene library:


10/14

The basic storage blockin the virus candidate gene library is virus sample. All thegenes ineach sample are stored to make different genesin one virus storage and genes in different virus

storageseparately. This kind of storage mode is called signaturestorage on individual level in this

paper. The gene librarymentioned below would apply this storage mode to keep the

relevance between different extracted genes in a same virus. Comparison between programs can

be made on individuallevel with integrated information of virus signatures.The model usescontinuous matching to match the virusDNA with ODNs in the virus ODN library. It means,

fromthe first matching position, that a sliding window is employedto move forward until a

mismatching happens. Then the number, of which ODNs in the virus ODN library take part in the

matching from the beginning to the end is recorded. If this number is larger than a presenting

threshold

3) Detecting virus gene library:

Using the same method for generating the candidate virus gene library, this modelcan also be

used to generate a legal virus-like gene libraryby matching the legal programs with ODNs in

the virus ODN library.

Taking the legal virus-like genes as self, and the candidate virus genes as nonself, the NSA is

applied to generate the detecting virus gene library.

It is a fuzzy matching method, allowing some faultsin matching.

C. Self-Nonself Classification Module

Repeating the method that generates candidate virus gene library, the ODNs in the detecting

virus gene library areused to generate the suspicious virus-like gene library. Then we matchvirus-like genes in the suspicious program with

Matching degree between two genes:

This module still use T-successive consistency matching for two genes matching

Suspicious program detection

If the suspicious program matches with each virus sample in the detecting virus gene library,

the similarity value is calculated. All the values for this program are added together as the

similarity value between the program and detecting virus gene library.

Summarized

In the above whatever I have written, that all are I have studied from either some books or research

papers. But now I am giving my idea based on this. What I have learnt. Whatever I have written

below is purely based on my idea. Something different.


11/14

Negative Selection Algorithm (NSA) an algorithm for change detection based on the principles ofself-nonself discrimination (by T cell receptors) in the immune system. The receptors can detect

antigens. Partition of the Universe of Antigens SNS: self and nonself .

Illustration of NS Algorithm:

Match or Dont Match SelfLet r=2 1011 1011

Strings (S) 1000 1101

There exists efficient BNS algorithm that runs on linear time with the size of self .Efficient algorithm

to count number of binary numbers.

Generate a set R of detectors, each of which fails to match any string in S.

Monitor new observations (of S) for changes by continually testing the detectors matching against

representatives of S. If any detector ever matches, a change (or deviation) must have occurred in

system behavior.

Partial matching rule

string of length l=20 , matching r=5

01010011001100010101

01110011011100011001

Anomaly detection-

110011 10110 11000 110001

Symbolically representation of binary or alphabet

slide window for patter recognisation

CODE for detect the viral code & legal code -

let Ni = Legal_code

let Nj = pseudo_ code

let No = Viral_code

creating a training set & comprised of self pattern

initially Ni != Nj


12/14

& Ni != No

for(i=0;I


13/14

[5] P. Dhaeseleer, S. Forrest, P. Helman. An immunological approach to

change detection: algorithms, analysis, and implications, Proceedings

of IEEE Symposium on Research in Security and Privacy, Oakland, CA,

pp. 110 - 119, May 1996.

[6] H. Lee, W. Kim, M. Hong. Artificial Immune System against Viral

Attack, ICCS 2004, Lecture Notes in Computer Science 3037, pp. 499-506, 2004.

[7] K. S. Edge, G. B. Lamont, R. A. Raines. A retrovirus inspired

algorithm for virus detection & optimization, 8th Annual Genetic and

Evolutionary Computation Conference, Seattle WA, 2006, pp. 103-110.

[8] T. Li. Computer Immunology, Beijing: Publishing house of electronics

industry, pp. 187-191, 2004.

[9] D. Dasgupta, N. Attoh-Okine. Immunity-Based Systems: A survey,

1997 IEEE International Conference on Systems, Man, and Cybernetics,

Computational Cybernetics and Simulation, 1997, pp. 369-374.

[10] P. K. Harmer, P. D. Williams, G. H. Gunsch et al. An Artificial

Immune System Architecture for Computer Security Applications,

IEEE Transactions on Evolutionary Computation, vol. 6(3), pp. 252-

280, 2002.

[11] M. D. Preda, M. Christodorescu, S. Jhaet al. A Semantics-Based Approach

to Malware Detection, 34th Annual Symposium on Principles

of Programming Languages, vol. 42(1), pp. 377-388, 2007.

[12] O. Henchiri, N. Japkowicz, J. Nathalie. A Feature Selection and

Evaluation Scheme for Computer Virus Detection, Sixth International

Conference on Data Mining, Hong Kong, China, 2006, pp. 891-895.

[13]Beer, R.D., Chiel, H.J. and Sterling, S., A Biological

Perspective on Autonomous Agent Design, In Robotics andAutonomous systems, Vol. 6, (1990), 169 186.

[14] Dasgupta, D, Artificial Immune Systems and Their

Applications, Heidelberg, Germany: Springer-Verlag, 1999.

[15] Dasgupta, D., An artificial immune system as a multi-agent

decision support system, Proc. IEEE Int. Conf. Systems, Man

and Cybernetics ,(Oct. 1998), pp. 38163820.

[16] David Kotz and Robert S. Gray, Mobile Agents and the

Future of the Internet,ACM Operating Systems Review,

(Aug. 1999), 7-13.

[17] Desel, J., and Reisig, W., Place/Transition Petri Nets. InLecture on Petri nets I: Basic Models, vol 1491 ofLecture

Notes in Computer Science, Springer - Verlag, 1998.

[18] Forrest S., Perelson A.S., Allen L., and Cherukuri, R., Self

Nonself Discrimination in a Computer, Proceedings of the

IEEE Symposium on Research in Security and Privacy(Los

Alamos, CA: IEEE Computer Society Press), 1994.

[19] Goel, S and Bush S.F., Biological Models of Security for


14/14

Virus Propagation in Computer Networks login:, vol. 29, no.

6, (Dec. 2004), 49-56.

[20] Kaariboga Mobile Agents (Sep. 2003). [Online]. Available:

http:// http://www.projectory.de/kaariboga/index

[21] Kephart, J.O., Biologically Inspired Defenses against

Computer Viruses, Proceedings of IJCA 95, (1995) 985996.

[22] Paul K. Harmer et al, An Artificial Immune System

Architecture for Computer Security Applications, IEEE

Transactions on Evolutionary Computation, vol. 6, no. 3,

(Jun. 2002), 252 280.

[23] Virus Information and Statistics, [Online]. Available: http://

http://www.avira.com/en/threats/

Proceedings of the World Congress on Engineering 2008 Vol I

WCE 2008, July 2 - 4, 2008, London, U.K.

ISBN:

Date post:	14-Apr-2018
Category:	Documents
Upload:	sweta-leena-panda
View:	219 times
Download:	0 times

AIS ON COMPUTER SECURITY

Documents