Date post: | 14-Apr-2018 |
Category: |
Documents |
Upload: | sweta-leena-panda |
View: | 219 times |
Download: | 0 times |
of 14
7/29/2019 AIS ON COMPUTER SECURITY
1/14
Artificial Immune Systemfor
Computer SecuritySweta leena panda (Student , 7th semester)
7/29/2019 AIS ON COMPUTER SECURITY
2/14
The threats and intrusions in IT systems can basically be compared to human diseases with the
difference that the human body has an effective way to deal with them, what still need to be
designed for IT systems. The human immune system (HIS) can detect and defend against yet
unseen intruders, is distributed, adaptive and multilayered to name only a few of itsfeatures. Our immune system incorporates a powerful and diverse set of characteristics which are
very interesting to use in AIS . in AIS I am working on computer security . as I think security should
be our first priority.
WHAT IS AIS
Artificial Immune Systems (AIS) is a branch of biologically inspired computation focusing on many
aspects of immune systems. AIS development can be seen as having two target domains: the
provision of solutions to engineering problems through the adoption of immune system inspired
concepts; and the provision of models and simulations with which to study immune system
theories.
KEY WORDS
AIS , immunue system , artificial immune system, virus, negative selection model , Hierarchical
Artificial Immune Model
How AIS related with biological immune system
In medical science, historically, the term immunity refers to the condition in which an organism can
resist disease, more specifically infectious disease. However, a broader definition of immunity is areaction to foreign (or dangerous) substances.
Immunology concerns the study of the immune system and the effects of its operation on the body.The immune system is normally defined in relation to its perceived function: a defence system that
has evolved to protect its host from pathogens (harmful micro-organisms such as bacteria, viruses
and parasites) [Goldsby et al. 2003]. It comprises a variety of specialised cells that circulate and
monitor the body, various extra-cellular molecules, and immune organs that provide an
environment for immune cells to interact, mature and respond. The collective action of immune
cells and molecules forms a complex network leading to the detection and recognition of pathogens
within the body. This is followed by a specific effector response aimed at
eliminating the pathogen. This recognition and response process is vastly complicated with many of
the details not yet properly understood.
Human Immune System Components
Bio and Artificial Immune mapping
Biological Immune
System
Artificial Immune System
7/29/2019 AIS ON COMPUTER SECURITY
3/14
Human Body Computer networkOrganisms/ Organs Nodes / FilesAntibodies Mobile AgentsAntigens Software VirusImmunity, Suppression Immunity, ToleranceNeural Controller ServerImmune memory Look up TableTraining patterns Virus SignaturesReceptors DetectorsBio Connectivity Wireless/ Wired LinkOrgan address IP Address
Time of Attack Time of Virus DetectionCloning Agent Replication
Recovery Time Agent Life Time
Natural Immunity Builtin SecurityAcquired Immunity Agent based Security
Natural Death Dead PC
Fig shows -The Process By Which T Cells And B Cells Interact With Antigens
7/29/2019 AIS ON COMPUTER SECURITY
4/14
Graphical Representation of the Life Cycle of T Cells and B Cells and Their
Interactions with Antigens.From University of Hartford, Department of Mathematics, Epidemics and AIDS web page.
7/29/2019 AIS ON COMPUTER SECURITY
5/14
What Motivated Them?
Why is it that engineers are attracted to the immune system for inspiration? The immune system
exhibits several properties that engineers recognise as being desirable in their systems. [Timmis &
Andrews 2007, Timmis et al. 2008a, de Castro & Timmis 2002a] have identified these as:-
7/29/2019 AIS ON COMPUTER SECURITY
6/14
1)Distribution and self-organization:-
The behavior of the immune system is deployed through the actions of billions of agents (cells and
molecules) distributed throughout the body. Their collective effects can be highly complex with no
central controller. An organised response emerges as a system wide property derived from the low
level agent behaviours. These immune agents act concurrently making immune processes naturally
parallised.
2)Learning, adaption, and memory.
The immune system is capable of recognizing previously unseen pathogens, thus exibits the ability
to learn. Learning implies the presence of memory, which is present in the immune system enabling
it to remember previously encounted pathogens. This is encapsuatled by the phenomenon of
primary and secondary responses: the first time a pathogen is encountered an immune response
(the primary response) is elicited. The next time that pathogen is encounted a faster and often more
aggressive response is mounted (the secondary response).
3)Pattern recognition.
Through its various receptors and molecules the immune system is capable of recognising a diverse
range of patterns. This is accomplished through receptors that perceive antigenic materials in
differing contexts (processed molecules, whole molecules, additional signals etc). Receptors of the
innate immune system vary little, whilst receptors of the adaptive immune system, such as as
antibodies and T-cell receptors are subject to huge diversity.
4)Classification
The immune system is very effective at distinguishing harmful substances (non-self) from thebodys own tissues (self), and directing its actions accordingly. From a computational perspective, it
does this with access to only a single class of data, self molecules [Stibor et al. 2005]. Creation of asystem that effectively classifies data into two classes, having been trained on examples from only
one, is a challenging task.
Different models of Artificial Immune Systems
Artificial Immune Systems (AIS) emerged in the 1990s as a new branch in Computational
Intelligence (CI).A number of AIS models exist, and they are used in pattern recognition, fault
detection, computer security, and a variety of other applications researchers are exploring in the
field of science and engineering . Although the AIS research has been gaining its momentum, thechanges in the fundamental methodologies have not been dramatic. Among various mechanisms in
the biological immune system that are explored as AISs, negative selection, immune network model
and clonal selection are still the most discussed models.
But now I am going to focusing only on Negative selection , as it has huge application oncomputer security .
Negative Selection
7/29/2019 AIS ON COMPUTER SECURITY
7/14
Negative selection is a process of selection that takes place in the thymus gland. T cells are
produced in the bone marrow and before they are released into the lymphatic system, undergo amaturation process in the thymus gland. The maturationof the T cells is conceptually very simple. T
cells are exposed to self-proteins in a binding process. If this binding activates the T cell, then the T
cell is killed, otherwise it is allowed into the lymphatic system. This process of censoring prevents
cells that are reactive to self from entering the lymph system, thus endowing (in part) the hosts
immune system with the ability to distinguish between self and non-self agents.
Artificial Negative Selection
The negative selection algorithm Forrest et al. , is one of the computational models of self/nonself
discrimination, first designed as a change detection method. It is one of the earliest AIS algorithms
that were applied in various real-world applications. Since it was first conceived, it has attracted
many AIS researchers and practitioners and has gone through some phenomenal evolution. In spite
of evolution and diversification of this method, the main characteristics of a negative selection
algorithm described by Forrest et al.
In generation stage, the detectors are generated by some random process and censored by trying to
match self samples. Those candidates that match are eliminated and the rest are kept as detectors.
In the detection stage, the collection of detectors (or detector set) is used
to check whether an incoming data instance is self or non-self.
If it matches any detector, then it is claimed as non-self or anomaly. This description is limited to
some extent, but conveys the essential idea. Like any other Computational Intelligence technique,
different negative selection algorithms are characterized by particular representation schemes,matching rules and detector generation processes.
AIS Applications
Artificial Immune Systems (AIS) are being used in many applicationssuch as:-
1)anomaly detection
2)pattern recognition
3)data mining
4)computer security
5)adaptive control
6)fault detection .
Computer Security
I am working on computer security only . I choose this as because computer security should be ourfirst priority .world has become a more interconnected place. Electronic communication, e-
commerce, network services and the Internet have become vital components of business strategies,
government operations, and private communications. Many organizations have become dependent
on the wired world for their daily activities. This interconnectivity has also brought forth those who
wish to exploit it. Computer security has, thus, become a necessity in the digital age. Whileinformation dependence is increasing, the threat from malicious code, such as computer viruses, is
also on the rise. The number of computer viruses has been increasing exponentially from their first
appearance in 1986 to over 55 000 different strains identified today . Viruses were once spread by
7/29/2019 AIS ON COMPUTER SECURITY
8/14
sharing disks; now, global connectivity allows malicious code to spread farther and faster. Similarly,
computer misuse through network intrusion is on the rise.
With the rapid development of computer technology, new anti-malware technologies are required
because malware is becoming more complex with a faster propagation speed and a stronger ability
for latency, destruction, and infection.
Many companies have released anti-malware software, most of which is based on signatures and
can detect known malware very quickly. However, the software often fails to detect new variations
and unknown malware. Based on metamorphic and polymorphous techniques, even a layman is
able to develop new variations of known malware easily using malware automaton. Thus,
traditional malware detection methods based on signatures are no longer suitable for new
environments; as well, heuristics have started to emerge.
For the past few years, applying immune mechanisms to computer security has developed into a
new field, attracting many researchers. Forrest applied immune theory to computer
abnormality detection for the first time in 1994 . Since then, many researchers have proposed
various different malware detection models and achieved some success.
Immunological computation has also been applied to other problem domains, not all of which are in
the computer-security field. Some of the more interesting examples include anomaly detection
in time series data , fault diagnosis , decision support systems ,multi optimization problems ,
robust scheduling , and loan application fraud detection . The similarity in all of
these applications is thatthey utilize the pattern-matching and learning mechanisms of the
immune system model to perform desired system features. A lot of theoretical groundwork
in immunological computation has been completed, but only a handful ofAISs have been build.
Many AIS MODELS are there to detect virus & malware code.
For virus detection
A Hierarchical Artificial Immune Model for Virus Detection
Model Architecture
The model is composed of two modules:
1)virus gene library
2)generating module
3)self-nonself classification module.
virus gene library
7/29/2019 AIS ON COMPUTER SECURITY
9/14
The first module is used for the training phase, whose
function is to generate a detecting gene library to accomplishthe training of given data.
A.Generating module
This module is assigned as the detecting phase in terms of the results from first module for
detection of the suspicious programs. we all know that in biology the genetic information ismainly stored in DNA, but not all the fragments in DNA can express useful information. Only gene is
a fragment of DNA with genetic information. Gene is made up of several deoxyribonucleotides
(ODN)..
DNA: The whole bit-string of a procedure.
Gene: Virus detector, a fragment of virus DNA, the
compared unit for virus detection.
ODN: Every two bytes of a bit-string.
The relation of DNA, gene and ODN is shown
DNA
ODN ODN ODN ODN ODN ODN ODN ODN ODN
Gene is a fragment of DNA which contains genetic information._
A series of ODNs compose a gene.
The relationship among DNA, gene & ODN.
The codes of a virus correspond to the DNA in the
organism. small quanity of codes which will perform as Viral code & will regard as the genes of a
virus. These virus genes are composed of several virus ODNs which are the smallest unit to analyze
the virus. . At this stage, the most important task of the model is to extract the genes of a virus.
B. Virus Gene Library Generating Module
Virus gene library generating module works on the training
set consisted of legal and virus programs.
Firstly, this module is to count the ODNs in a DNA of legal and virus programs by a sliding window,
respectively, in order to extract ODNs which are regarded as the representative of the virus.A virus
ODN library is built bythe obtained statistical information. Secondly, the DNAs invirus and
legal programs are traversed by the ODNs in thevirus ODN library to generate viruscandidate gene library and legal virus-like gene library. Finally, according to thenegative
selection mechanism, we match all the genes inthe candidate virus gene library with the genes in
the legalvirus-like gene library, and delete those genes which appearin both libraries. In such a
way, the candidate library is upgraded as the detecting virus gene library.
2) Candidate virus gene library:
7/29/2019 AIS ON COMPUTER SECURITY
10/14
The basic storage blockin the virus candidate gene library is virus sample. All thegenes ineach sample are stored to make different genesin one virus storage and genes in different virus
storageseparately. This kind of storage mode is called signaturestorage on individual level in this
paper. The gene librarymentioned below would apply this storage mode to keep the
relevance between different extracted genes in a same virus. Comparison between programs can
be made on individuallevel with integrated information of virus signatures.The model usescontinuous matching to match the virusDNA with ODNs in the virus ODN library. It means,
fromthe first matching position, that a sliding window is employedto move forward until a
mismatching happens. Then the number, of which ODNs in the virus ODN library take part in the
matching from the beginning to the end is recorded. If this number is larger than a presenting
threshold
3) Detecting virus gene library:
Using the same method for generating the candidate virus gene library, this modelcan also be
used to generate a legal virus-like gene libraryby matching the legal programs with ODNs in
the virus ODN library.
Taking the legal virus-like genes as self, and the candidate virus genes as nonself, the NSA is
applied to generate the detecting virus gene library.
It is a fuzzy matching method, allowing some faultsin matching.
C. Self-Nonself Classification Module
Repeating the method that generates candidate virus gene library, the ODNs in the detecting
virus gene library areused to generate the suspicious virus-like gene library. Then we matchvirus-like genes in the suspicious program with
Matching degree between two genes:
This module still use T-successive consistency matching for two genes matching
Suspicious program detection
If the suspicious program matches with each virus sample in the detecting virus gene library,
the similarity value is calculated. All the values for this program are added together as the
similarity value between the program and detecting virus gene library.
Summarized
In the above whatever I have written, that all are I have studied from either some books or research
papers. But now I am giving my idea based on this. What I have learnt. Whatever I have written
below is purely based on my idea. Something different.
7/29/2019 AIS ON COMPUTER SECURITY
11/14
Negative Selection Algorithm (NSA) an algorithm for change detection based on the principles ofself-nonself discrimination (by T cell receptors) in the immune system. The receptors can detect
antigens. Partition of the Universe of Antigens SNS: self and nonself .
Illustration of NS Algorithm:
Match or Dont Match SelfLet r=2 1011 1011
Strings (S) 1000 1101
There exists efficient BNS algorithm that runs on linear time with the size of self .Efficient algorithm
to count number of binary numbers.
Generate a set R of detectors, each of which fails to match any string in S.
Monitor new observations (of S) for changes by continually testing the detectors matching against
representatives of S. If any detector ever matches, a change (or deviation) must have occurred in
system behavior.
Partial matching rule
string of length l=20 , matching r=5
01010011001100010101
01110011011100011001
Anomaly detection-
110011 10110 11000 110001
Symbolically representation of binary or alphabet
slide window for patter recognisation
CODE for detect the viral code & legal code -
let Ni = Legal_code
let Nj = pseudo_ code
let No = Viral_code
creating a training set & comprised of self pattern
initially Ni != Nj
7/29/2019 AIS ON COMPUTER SECURITY
12/14
& Ni != No
for(i=0;I
7/29/2019 AIS ON COMPUTER SECURITY
13/14
[5] P. Dhaeseleer, S. Forrest, P. Helman. An immunological approach to
change detection: algorithms, analysis, and implications, Proceedings
of IEEE Symposium on Research in Security and Privacy, Oakland, CA,
pp. 110 - 119, May 1996.
[6] H. Lee, W. Kim, M. Hong. Artificial Immune System against Viral
Attack, ICCS 2004, Lecture Notes in Computer Science 3037, pp. 499-506, 2004.
[7] K. S. Edge, G. B. Lamont, R. A. Raines. A retrovirus inspired
algorithm for virus detection & optimization, 8th Annual Genetic and
Evolutionary Computation Conference, Seattle WA, 2006, pp. 103-110.
[8] T. Li. Computer Immunology, Beijing: Publishing house of electronics
industry, pp. 187-191, 2004.
[9] D. Dasgupta, N. Attoh-Okine. Immunity-Based Systems: A survey,
1997 IEEE International Conference on Systems, Man, and Cybernetics,
Computational Cybernetics and Simulation, 1997, pp. 369-374.
[10] P. K. Harmer, P. D. Williams, G. H. Gunsch et al. An Artificial
Immune System Architecture for Computer Security Applications,
IEEE Transactions on Evolutionary Computation, vol. 6(3), pp. 252-
280, 2002.
[11] M. D. Preda, M. Christodorescu, S. Jhaet al. A Semantics-Based Approach
to Malware Detection, 34th Annual Symposium on Principles
of Programming Languages, vol. 42(1), pp. 377-388, 2007.
[12] O. Henchiri, N. Japkowicz, J. Nathalie. A Feature Selection and
Evaluation Scheme for Computer Virus Detection, Sixth International
Conference on Data Mining, Hong Kong, China, 2006, pp. 891-895.
[13]Beer, R.D., Chiel, H.J. and Sterling, S., A Biological
Perspective on Autonomous Agent Design, In Robotics andAutonomous systems, Vol. 6, (1990), 169 186.
[14] Dasgupta, D, Artificial Immune Systems and Their
Applications, Heidelberg, Germany: Springer-Verlag, 1999.
[15] Dasgupta, D., An artificial immune system as a multi-agent
decision support system, Proc. IEEE Int. Conf. Systems, Man
and Cybernetics ,(Oct. 1998), pp. 38163820.
[16] David Kotz and Robert S. Gray, Mobile Agents and the
Future of the Internet,ACM Operating Systems Review,
(Aug. 1999), 7-13.
[17] Desel, J., and Reisig, W., Place/Transition Petri Nets. InLecture on Petri nets I: Basic Models, vol 1491 ofLecture
Notes in Computer Science, Springer - Verlag, 1998.
[18] Forrest S., Perelson A.S., Allen L., and Cherukuri, R., Self
Nonself Discrimination in a Computer, Proceedings of the
IEEE Symposium on Research in Security and Privacy(Los
Alamos, CA: IEEE Computer Society Press), 1994.
[19] Goel, S and Bush S.F., Biological Models of Security for
7/29/2019 AIS ON COMPUTER SECURITY
14/14
Virus Propagation in Computer Networks login:, vol. 29, no.
6, (Dec. 2004), 49-56.
[20] Kaariboga Mobile Agents (Sep. 2003). [Online]. Available:
http:// http://www.projectory.de/kaariboga/index
[21] Kephart, J.O., Biologically Inspired Defenses against
Computer Viruses, Proceedings of IJCA 95, (1995) 985996.
[22] Paul K. Harmer et al, An Artificial Immune System
Architecture for Computer Security Applications, IEEE
Transactions on Evolutionary Computation, vol. 6, no. 3,
(Jun. 2002), 252 280.
[23] Virus Information and Statistics, [Online]. Available: http://
http://www.avira.com/en/threats/
Proceedings of the World Congress on Engineering 2008 Vol I
WCE 2008, July 2 - 4, 2008, London, U.K.
ISBN: