research-article

Improving accuracy of immune-inspired malware detectors by using intelligent features

Authors:

M. Zubair Shafiq,

Syed Ali Khayam,

Muddassar FarooqAuthors Info & Claims

GECCO '08: Proceedings of the 10th annual conference on Genetic and evolutionary computation

Pages 119 - 126

https://doi.org/10.1145/1389095.1389112

Published: 12 July 2008 Publication History

Abstract

In this paper, we show that a Bio-inspired classifier's accuracy can be dramatically improved if it operates on intelligent features. We propose a novel set of intelligent features for the well-known problem of malware portscan detection. We compare the performance of three well-known Bio-inspired classifiers operating on the proposed intelligent features: (1) Real Valued Negative Selection (RVNS) based on the adaptive immune system; (2) Dendritic Cell Algorithm (DCA) based on the innate immune system; and (3) Adaptive Neuro Fuzzy Inference System (ANFIS). To empirically evaluate the improvements provided by the intelligent features, we use a network traffic dataset collected on diverse endpoints for a period of 12 months. The endpoints' traffic is infected with well-known malware. For unbiased performance comparison, we also include a machine learning algorithm, Support Vector Machine (SVM), and two state-of-the-art statistical malware detectors, Rate-Limiting (RL) and Maximum-Entropy (ME). To the best of our knowledge, this is the first study in which RVNS and DCA are not only compared with each other but also with several other classifiers on a comprehensive real-world dataset. The experimental results indicate that our proposed features significantly improve the TP rate and FP rate of both RVNS and DCA.

References

[1]

J. Greensmith and U. Aickelin, .Dendritic Cells for SYN Scan Detection, ACM GECCO, pp 49--56, 2007.

Digital Library

[2]

J. Greensmith, U. Aickelin and J. Twycross, .Articulation and Clarification of the Dendritic Cell Algorithm, ICARIS, LNCS, Portugal, 2006.

Digital Library

[3]

M. Zubair Shafiq, M. Farooq, S. Ali Khayam, .A Comparative Study of Fuzzy Inference Systems, Neural Networks and Adaptive Neuro Fuzzy Inference Systems for Portscan Detection, EvoCOMNET, LNCS, 2008.

Digital Library

[4]

S. Forrest, A.S. Perelson, L. Allen, R. Cherukuri, Self-nonself discrimination in a computer, IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, 1994.

Digital Library

[5]

F. Gonzalez, D. Dasgupta, L.F. Nino, .A randomized real-valued negative selection algorithm, ICARIS, LNCS, UK, 2003.

[6]

T. Raschke, .The New Security Challenge: Endpoints, IDC/F-Secure, August 2005.

[7]

Symantec Internet Security Threat Report XI -- Trends for July -- December 07,. March 2007.

[8]

T. Stibor, J. Timmis and C. Eckert, .On the Use of Hyperspheres in Artificial Immune Systems as Antibody Recognition Regions, ICARIS, LNCS, Protugal, 2006.

Digital Library

[9]

T. Stibor, J. Timmis, and C. Eckert, .A Comparative Study of Real-Valued Negative Selection to Statistical Anomaly Detection Techniques ., ICARIS, LNCS, 2005.

Digital Library

[10]

T. Stibor, P. Mohr, J. Timmis and C. Eckert, .Is Negative Selection Appropriate for Anomaly Detection?, ACM GECCO, USA, 2005.

Digital Library

[11]

J. Twycross and M. M. Williamson, .Implementing and testing a virus throttle, Usenix Security Symposium, August 2003.

Digital Library

[12]

A. Lakhina, M. Crovella, and C. Diot, .Mining anomalies using traffic feature distributions, ACM SIGCOMM, August 2005.

Digital Library

[13]

Y. Gu, A. McCullum, and D. Towsley, .Detecting anomalies in network traffic using maximum entropy estimation, ACM/Usenix IMC, October 2005.

Digital Library

[14]

Z. Ji, D. Dasgupta, .Real--valued negative selection algorithm with variable--sized detectors, ACM GECCO, LNCS, USA, 2004.

[15]

Z. Ji, D. Dasgupta, .Applicability Issues of the Real-Valued Negative Selection Algorithms, ACM GECCO, July 2006.

Digital Library

[16]

Symantec Security Response, http://securityresponse.symantec.com/avcenter

[17]

C. Shannon and D. Moore, .The spread of the Witty worm, IEEE Security & Privacy, 2(4), pp. 46--50, 2004.

Digital Library

[18]

C.-C. Chang and C.-J. Lin, .LIBSVM: a library for support vector machine., 2001. Available at http://www.csie.ntu.edu.tw/~cjlin/libsvm

Digital Library

[19]

T. M. Cover and J. A. Thomas, Elements of Information Theory, Wiley-Interscience, June 1991.

Digital Library

[20]

Jang, J-S. R.: .ANFIS: Adaptive-Network-Based Fuzzy Inference System. IEEE Transaction on System, Man and Cybernetics 23, 1993.

[21]

MATLAB, The Mathworks Inc., http://www.mathworks.com

[22]

C. J. C. Burges, .A tutorial on support vector machines for pattern recognition,. Data Mining and Knowledge Discovery, 1998.

Digital Library

[23]

T. Fawcett, .ROC Graphs: Notes and Practical Considerations for Researchers, TR (HPL-2003-4), HP Labs, USA.

Cited By

Al-Dwairi MShatnawi AAl-Khaleel OAl-Duwairi B(2022)Ransomware-Resilient Self-Healing XML DocumentsFuture Internet10.3390/fi1404011514:4(115)Online publication date: 7-Apr-2022
https://doi.org/10.3390/fi14040115
Portase RColesa A(2021)Curator - A system for creating data sets for behavioral malware detection2021 20th International Symposium on Parallel and Distributed Computing (ISPDC)10.1109/ISPDC52870.2021.9521600(57-64)Online publication date: 28-Jul-2021
https://doi.org/10.1109/ISPDC52870.2021.9521600
Kumar AChoi BKuppusamy KAghila G(2021)Malware Attacks: Dimensions, Impact, and DefensesAdvances in Nature-Inspired Cyber Security and Resilience10.1007/978-3-030-90708-2_9(157-179)Online publication date: 20-Oct-2021
https://doi.org/10.1007/978-3-030-90708-2_9
Show More Cited By

Index Terms

Improving accuracy of immune-inspired malware detectors by using intelligent features
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security

Recommendations

Malware detection inspired by the human immune system and making use of honeytokens
CNS '15: Proceedings of the 18th Symposium on Communications & Networking

Computers are constantly faced with the threat of attack. Hackers are frequently updating their methods of attacking to severely damage computers. Advancement in technology has inspired new theories to explain the human immune system. Research in human ...
Host-based intrusion detection systems adapted from agent-based artificial immune systems

Agent-based artificial immune system (ABAIS) is adopted to intrusion detection system (IDS). An agent-based IDS (ABIDS) inspired by the danger theory of human immune system is proposed. Multiple agents are embedded to ABIDS, where agents coordinate one ...
Testing malware detectors

In today's interconnected world, malware, such as worms and viruses, can cause havoc. A malware detector (commonly known as virus scanner) attempts to identify malware. In spite of the importance of malware detectors, there is a dearth of testing ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

GECCO '08: Proceedings of the 10th annual conference on Genetic and evolutionary computation

July 2008

1814 pages

ISBN:9781605581309

DOI:10.1145/1389095

Conference Chair:
Conor Ryan
University of Limerick, Ireland
,
Editor:
Maarten Keijzer
Chordiant Software International B.V., The Netherlands

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 July 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

GECCO08

Sponsor:

GECCO08: Genetic and Evolutionary Computation Conference

July 12 - 16, 2008

GA, Atlanta, USA

Acceptance Rates

Overall Acceptance Rate 1,669 of 4,410 submissions, 38%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
457
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Al-Dwairi MShatnawi AAl-Khaleel OAl-Duwairi B(2022)Ransomware-Resilient Self-Healing XML DocumentsFuture Internet10.3390/fi1404011514:4(115)Online publication date: 7-Apr-2022
https://doi.org/10.3390/fi14040115
Portase RColesa A(2021)Curator - A system for creating data sets for behavioral malware detection2021 20th International Symposium on Parallel and Distributed Computing (ISPDC)10.1109/ISPDC52870.2021.9521600(57-64)Online publication date: 28-Jul-2021
https://doi.org/10.1109/ISPDC52870.2021.9521600
Kumar AChoi BKuppusamy KAghila G(2021)Malware Attacks: Dimensions, Impact, and DefensesAdvances in Nature-Inspired Cyber Security and Resilience10.1007/978-3-030-90708-2_9(157-179)Online publication date: 20-Oct-2021
https://doi.org/10.1007/978-3-030-90708-2_9
Arzani BCiraci SSaroiu SWolman AStokes JOuthred GDiwu LBhagwan RPorter G(2020)PrivateEyeProceedings of the 17th Usenix Conference on Networked Systems Design and Implementation10.5555/3388242.3388300(797-816)Online publication date: 25-Feb-2020
https://dl.acm.org/doi/10.5555/3388242.3388300
Martínez Torres JIglesias Comesaña CGarcía-Nieto P(2019)Review: machine learning techniques applied to cybersecurityInternational Journal of Machine Learning and Cybernetics10.1007/s13042-018-00906-110:10(2823-2836)Online publication date: 4-Jan-2019
https://doi.org/10.1007/s13042-018-00906-1
Shalaginov AGrini LFranke K(2016)Understanding Neuro-Fuzzy on a class of multinomial malware detection problems2016 International Joint Conference on Neural Networks (IJCNN)10.1109/IJCNN.2016.7727266(684-691)Online publication date: Jul-2016
https://doi.org/10.1109/IJCNN.2016.7727266
Bereziński PJasiul BSzpyrka M(2015)An Entropy-Based Network Anomaly Detection MethodEntropy10.3390/e1704236717:4(2367-2408)Online publication date: 20-Apr-2015
https://doi.org/10.3390/e17042367
Ismail IMarsono MKhammas BNor S(2015)Incorporating known malware signatures to classify new malware variants in network trafficNetworks10.1002/nem.191325:6(471-489)Online publication date: 1-Nov-2015
https://dl.acm.org/doi/10.1002/nem.1913
Ismail IMarsono MNor S(2014)Malware detection using augmented naive Bayes with domain knowledge and under presence of class noiseInternational Journal of Information and Computer Security10.1504/IJICS.2014.0651736:2(179-197)Online publication date: 1-Oct-2014
https://dl.acm.org/doi/10.1504/IJICS.2014.065173
Ismail INor SMarsono M(2014)Stateless malware packet detection by incorporating naive bayes with known malware signaturesApplied Computational Intelligence and Soft Computing10.1155/2014/1979612014(5-5)Online publication date: 1-Jan-2014
https://dl.acm.org/doi/10.1155/2014/197961
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents