Article

Biologically inspired defenses against computer viruses

Authors:

Jeffrey O. Kephart,

Gregory B. Sorkin,

William C. Arnold,

David M. Chess,

Gerald J. Tesauro,

Steve R. WhiteAuthors Info & Claims

IJCAI'95: Proceedings of the 14th international joint conference on Artificial intelligence - Volume 1

Pages 985 - 996

Published: 20 August 1995 Publication History

Abstract

Today's anti-virus technology, based largely on analysis of existing viruses by human experts, is just barely able to keep pace with the more than three new computer viruses that are written daily. In a few years, intelligent agents navigating through highly connected networks are likely to form an extremely fertile medium for a new breed of viruses. At IBM, we are developing novel, biologically inspired antivirus techniques designed to thwart both today's and tomorrow's viruses. Here we describe two of these: a neural network virus detector that learns to discriminate between infected and uninfected programs, and a computer immune system that identifies new viruses, analyzes them automatically, and uses the results of its analysis to detect and remove all copies of the virus that are present in the system. The neural-net technology has been incorporated into IBM's commercial anti-virus product; the computer immune system is in prototype.

References

[1]

{Bailey, 1975} Norman T.J. Bailey. The Mathematical Theory of Infectious Diseases and Its Applications. Oxford University Press, second edition, 1975.

[2]

{Chess et al., 1995} David Chess, Benjamin Gros of, Colin Harrison, David Levine, and Colin Parris. Itinerant agents for mobile computing. IEEE Personal Communications Magazine, 1995. Submitted.

[3]

{Cohen, 1987} Fred Cohen. Computer viruses, theory and experiments. In Computers and Security, volume 6, pages 22-35, 1987.

[4]

{Crochemore, 1994} Maxime Crochemore and Wojciech Rytter. Text Algorithms. Oxford University Press, 1994.

[5]

{Eichin, 1989} M.W. Eichin and J.A. Rochlis. With microscope and tweezers: An analysis of the internet virus of november 1988. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 326-343, 1989.

[6]

{Forrest et al, 1994} Stephanie Forrest, Alan S. Perelson, Lawrence Allen, and Rajesh Cherukuri. Self - nonself discrimination in a computer. In Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy, May 1994.

[7]

{Garrett, 1994} Laurie Garrett. The Coming Plague: Newly Emerging Diseases in a World Out of Balance. Farrar, Straus and Giroux, 1994.

[8]

{Harrison et al, 1994} Colin Harrison, David Chess, and Aaron Kershenbaum. Mobile agents: Are they a good idea? Technical Report 19887, IBM Research Report, 1994. http://www.research.ibm.com/xw-d953-mobag-ps.

[9]

{Hertz et al, 1991} J. Hertz, A. Krogh, and R. G. Palmer. Introduction to the Theory of Neural Computation. Addison-Wesley, 1991.

Digital Library

[10]

{Highland, 1990} Harold J. Highland. Computers and Security's Computer Virus Handbook. Elsevier, 1990.

[11]

{Janeway, 1993} Charles A. Janeway, Jr. How the immune system recognizes invaders. Scientific American, 269(3):72-79, September 1993.

[12]

{Kephart and Arnold, 1994} Jeffrey O. Kephart and William C. Arnold. Automatic extraction of computer virus signatures. In R. Ford, editor, Proceedings of the Fourth International Virus Bulletin Conference, pages 179-194. Virus Bulletin, Ltd., September 1994.

[13]

{Kephart and White, 1991} Jeffrey O. Kephart and Steve R. White. Directed-graph epidemiological models of computer viruses. In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 343-359, May 1991.

[14]

{Kephart and White, 1993} Jeffrey O. Kephart and Steve R. White. Measuring and modeling computer virus prevalence. In Proceedings of the 1998 IEEE Computer Society Symposium on Research in Security and Privacy, pages 2-15, May 1993.

[15]

{Kephart et al., 1993} Jeffrey O. Kephart, Steve R. White, and David M. Chess. Computers and epidemiology. IEEE Spectrum, 30(5):20-26, May 1993.

Digital Library

[16]

{Kephart, 1994a} Jeffrey O. Kephart. A biologically inspired immune system for computers. In R. Brooks and P. Maes, editors, Artificial Life IV: Proceedings of the Fourth International Workshop on the Synthesis and Simulation of Living Systems, pages 130-139. MIT Press, 1994.

[17]

{Kephart, 1994b} Jeffrey O. Kephart. How topology affects population dynamics. In C. Langton, editor, Artificial Life III: Studies in the Sciences of Complexity, pages 447-463. Addison-Wesley, 1994.

[18]

{Levine, 1992} Arnold J. Levine. Viruses. Scientific American Library. Freeman, 1992.

[19]

{Marrack, 1993} Philippa Marrack and John W. Kappler. How the immune system recognizes the body. Scientific American, 269(3):81-89, September 1993.

[20]

{McNeill, 1976} W.H. McNeill. Plagues and Peoples. Doubleday, 1976.

[21]

{Murray, 1988} W.H. Murray. The application of epidemiology to computer viruses. In Computers and Security, volume 7, pages 130-150, 1988.

Digital Library

[22]

{Paul, 1991} William E. Paul, editor. Immunology: Recognition and Response. Readings from Scientific American . Freeman, 1991.

[23]

{Rumelhart et al, 1986} D. E. Rumelhart, G. E. Hinton, and R. J. Williams. Learning internal representations by error propagation. In Parallel Distributed Processing , volume 1, pages 318-362. MIT Press, 1986.

Digital Library

[24]

{Seiden, 1995} Philip E. Seiden. Note on auto-immunity. Private communication, 1995.

[25]

{Spafford, 1989} E.H. Spafford. The internet worm program: An analysis. Computer Comm. Review, 19, 1989.

[26]

{Spafford, 1991} E.H. Spafford. Computer viruses: A form of artificial life? In D. Farmer, C. Langton, S. Rasmussen, and C. Taylor, editors, Artificial Life II: Studies in the Sciences of Complexity, pages 727-747. Addison-Wesley, 1991.

[27]

{Tippett, 1990} Peter S. Tippett. Computer virus replication. Comput. Syst. Eur., 10:33-36, 1990.

[28]

{Tippett, 1991} Peter S. Tippett. The kinetics of computer virus replication: A theory and preliminary survey. In Safe Computing: Proceedings of the Fourth Annual Computer Virus and Security Conference, pages 66-87, March 1991.

Cited By

Sang DCuong DCuong L(2018)An Effective Ensemble Deep Learning Framework for Malware DetectionProceedings of the 9th International Symposium on Information and Communication Technology10.1145/3287921.3287971(192-199)Online publication date: 6-Dec-2018
https://dl.acm.org/doi/10.1145/3287921.3287971
Durand JAtkison TSmith RVrbsky S(2012)Applying random projection to the classification of malicious applications using data mining algorithmsProceedings of the 50th annual ACM Southeast Conference10.1145/2184512.2184579(286-291)Online publication date: 29-Mar-2012
https://dl.acm.org/doi/10.1145/2184512.2184579
Durand JAtkison TClincy VHoganson KGarrido JDasigi V(2011)Using randomized projection techniques to aid in detecting high-dimensional malicious applicationsProceedings of the 49th annual ACM Southeast Conference10.1145/2016039.2016085(166-172)Online publication date: 24-Mar-2011
https://dl.acm.org/doi/10.1145/2016039.2016085
Show More Cited By

Index Terms

Biologically inspired defenses against computer viruses
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Index terms have been assigned to the content through auto-classification.

Recommendations

Hunting for undetectable metamorphic viruses

Commercial anti-virus scanners are generally signature based, that is, they scan for known patterns to determine whether a file is infected. To evade signature-based detection, virus writers have employed code obfuscation techniques to create ...
Viruses Revealed
An aposteriori computer security system to identify computer viruses

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

IJCAI'95: Proceedings of the 14th international joint conference on Artificial intelligence - Volume 1

August 1995

1013 pages

ISBN:1558603638

Editor:
Chris S. Mellish

Sponsors

The International Joint Conferences on Artificial Intelligence, Inc.

Publisher

Morgan Kaufmann Publishers Inc.

San Francisco, CA, United States

Publication History

Published: 20 August 1995

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sang DCuong DCuong L(2018)An Effective Ensemble Deep Learning Framework for Malware DetectionProceedings of the 9th International Symposium on Information and Communication Technology10.1145/3287921.3287971(192-199)Online publication date: 6-Dec-2018
https://dl.acm.org/doi/10.1145/3287921.3287971
Durand JAtkison TSmith RVrbsky S(2012)Applying random projection to the classification of malicious applications using data mining algorithmsProceedings of the 50th annual ACM Southeast Conference10.1145/2184512.2184579(286-291)Online publication date: 29-Mar-2012
https://dl.acm.org/doi/10.1145/2184512.2184579
Durand JAtkison TClincy VHoganson KGarrido JDasigi V(2011)Using randomized projection techniques to aid in detecting high-dimensional malicious applicationsProceedings of the 49th annual ACM Southeast Conference10.1145/2016039.2016085(166-172)Online publication date: 24-Mar-2011
https://dl.acm.org/doi/10.1145/2016039.2016085
Sun LVersteeg SBoztaş SYann T(2010)Pattern recognition techniques for the classification of malware packersProceedings of the 15th Australasian conference on Information security and privacy10.5555/1926211.1926239(370-390)Online publication date: 5-Jul-2010
https://dl.acm.org/doi/10.5555/1926211.1926239
Atkison TCunningham HRuth PKraft N(2010)Aiding prediction algorithms in detecting high-dimensional malicious applications using a randomized projection techniqueProceedings of the 48th annual ACM Southeast Conference10.1145/1900008.1900117(1-6)Online publication date: 15-Apr-2010
https://dl.acm.org/doi/10.1145/1900008.1900117
Tabish SShafiq MFarooq M(2009)Malware detection using statistical analysis of byte-level file contentProceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics10.1145/1599272.1599278(23-31)Online publication date: 28-Jun-2009
https://dl.acm.org/doi/10.1145/1599272.1599278
Crandall JEnsafi RForrest SLadau JShebaro BBishop MProbst CKeromytis ASomayaji A(2009)The ecology of MalwareProceedings of the 2008 New Security Paradigms Workshop10.1145/1595676.1595692(99-106)Online publication date: 21-Aug-2009
https://dl.acm.org/doi/10.1145/1595676.1595692
Atkison TMcGregor J(2009)Applying randomized projection to aid prediction algorithms in detecting high-dimensional rogue applicationsProceedings of the 47th annual ACM Southeast Conference10.1145/1566445.1566477(1-6)Online publication date: 19-Mar-2009
https://dl.acm.org/doi/10.1145/1566445.1566477
Bauer ABeauchemin CPerelson A(2009)Agent-based modeling of host-pathogen systemsInformation Sciences: an International Journal10.1016/j.ins.2008.11.012179:10(1379-1389)Online publication date: 20-Apr-2009
https://dl.acm.org/doi/10.1016/j.ins.2008.11.012
Zhou YInge WBalfanz DStaddon J(2008)Malware detection using adaptive data compressionProceedings of the 1st ACM workshop on Workshop on AISec10.1145/1456377.1456393(53-60)Online publication date: 27-Oct-2008
https://dl.acm.org/doi/10.1145/1456377.1456393
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents