Bait a Trap: Introducing Natural Killer Cells to Artificial Immune System for Spyware Detection

  • Jun Fu
  • Huan Yang
  • Yiwen Liang
  • Chengyu Tan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7597)


Artificial Immune System (AIS) achieved some success in malware detection with its distributed, diverse and adaptive characteristics. However, in recent years, malware is evolving quickly in respect of stealth and complexity. This trend has brought a great challenge for AIS, especially when spyware emerged. To solve this problem, natural killer cells (NKs) which can lure latent viruses to expose themselves are introduced to AIS in this paper. We hope their counterparts can enhance the anti-latent capability of AIS by enticement strategy and collaboration with other AIS algorithms. Preliminary results show that artificial NKs can discover tiny abnormalities caused by novel spyware, and then release proper bait (called induction cytokines) to trigger the spyware’s actions which will expose itself to further detection by AIS.


Natural Killer Cells Artificial Immune System Spyware 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Gilman, N.: Hacking Goes Pro. Engineering & Technology 4(3), 26–29 (2009)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Thompson, R.: Why Spyware Poses Multiple Threats to Security. Communications of the ACM 48(8), 41–43 (2005)CrossRefGoogle Scholar
  3. 3.
    Borders, K., Zhao, X., Prakash, A.: Siren: Catching Evasive Malware (Short Paper). In: 2006 IEEE Symposium on Security and Privacy, pp. 78–85. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  4. 4.
    Chandrasekaran, M., Vidyaraman, S., Upadhyaya, S.: SpyCon: Emulating User Activities to Detect Evasive Spyware. In: IEEE Int’l Conference on Performance, Computing, and Communications, pp. 502–509 (2007)Google Scholar
  5. 5.
    Aycock, J.: Spyware and Adware. Springer, New York (2010)Google Scholar
  6. 6.
    Shaw, M., Gribble, S.D.: Reverse Firewalls in Denali. In: 5th Symposium on Operating Systems Design and Implementation. USENIX Association, Berkeley (2002)Google Scholar
  7. 7.
    Borders, K., Prakash, A.: Web Tap: Detecting Covert Web Traffic. In: 11th ACM Conference on Computer and Communications Security, pp. 110–120. ACM Press, New York (2004)Google Scholar
  8. 8.
    Wang, Y., Roussev, R., Verbowski, C., Johnson, A., Wu, M., Huang, Y., Kuo, S.: Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management. In: LISA: 18th Systems Administration Conference, pp. 33–46 (2004)Google Scholar
  9. 9.
    Wang, Y.M., Beck, D., Vo, B., Roussev, R., Verbowski, C.: Detecting stealth software with Strider GhostBuster. In: International Conference on Dependable Systems and Networks, pp. 368–377. IEEE Press, Los Alamitos (2005)Google Scholar
  10. 10.
    Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-based Spyware Detection. In: 15th USENIX Security Symposium, pp. 273–288. USENIX Association, Berkeley (2006)Google Scholar
  11. 11.
    Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic Spyware Analysis. In: 2007 USENIX Annual Technical Conference. USENIX Association, Berkeley (2007)Google Scholar
  12. 12.
    Arastouie, N., Razzazi, M.R.: Hunter: An Anti Spyware for Windows Operating System. In: 3rd International Conference on Information and Communication Technologies: From Theory to Applications, pp. 1–5. IEEE Press, Los Alamitos (2008)Google Scholar
  13. 13.
    Al-Hammadi, Y., Aickelin, U.: Detecting Bots Based on Keylogging Activities. In: 3rd International Conference on Availability, Reliability and Security, pp. 896–902 (2008)Google Scholar
  14. 14.
    Han, J., Kwon, J., Lee, H.: HoneyID: Unveiling Hidden Spywares by Generating Bogus Events. In: SEC 2008. IFIP, vol. 278, pp. 669–673. Springer, Boston (2008)Google Scholar
  15. 15.
    Ortolani, S., Giuffrida, C., Crispo, B.: Bait Your Hook: A Novel Detection Technique for Keyloggers. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 198–217. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune System Approaches to Intrusion Detection - A Review. Natural Computing 6(4), 413–466 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Al-Hammadi, Y., Aickelin, U., Greensmith, J.: DCA for Bot Detection. In: 2008 IEEE Congress on Evolutionary Computation, pp. 1807–1816. IEEE Press (2008)Google Scholar
  18. 18.
    Manzoor, S., Shafiq, M., Tabish, S., Farooq, M.: A Sense of ‘Danger’ for Windows Processes. In: Andrews, P.S., Timmis, J., Owens, N.D.L., et al. (eds.) ICARIS 2009. LNCS, vol. 5666, pp. 220–233. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Fu, J., Liang, Y.W., Tan, C.Y., Xiong, X.F.: Detecting Software Keyloggers with Dendritic Cell Algorithm. In: 2010 International Conference on Communications and Mobile Computing, pp. 111–115. IEEE Computer Society, Los Alamitos (2010)CrossRefGoogle Scholar
  20. 20.
    Caligiuri, M.A.: Human Natural Killer Cells. Blood 112(3), 461–469 (2008)CrossRefGoogle Scholar
  21. 21.
    Matzinger, P.: Tolerance, Danger, and the Extended Family. Annu. Rev. Immunol. 12, 991–1045 (1994)CrossRefGoogle Scholar
  22. 22.
    Lanier, L.L.: NK Cell Recognition. Annu. Rev. Immunol. 23, 225–274 (2005)CrossRefGoogle Scholar
  23. 23.
    Soderberg-Naucler, C., Fish, K.N., Nelson, J.A.: Reactivation of Latent Human Cytomegalovirus by Allogeneic Stimulation of Blood Cells from Healthy Donors. Cell 91(1), 119–126 (1997)CrossRefGoogle Scholar
  24. 24.
    Guan, H., Moretto, M., Bzik, D.J., Gigley, J., Khan, I.A.: NK Cells Enhance Dendritic Cell Response against Parasite Antigens via NKG2D Pathway. The Journal of Immunology 179, 590–596 (2007)Google Scholar
  25. 25.
    Piccioli, D., Sbrana, S., Melandri, E., Valiante, N.M.: Contact-dependent Stimulation and Inhibition of Dendritic Cells by Natural Killer Cells. The Journal of Experimental Medicine 195(3), 335–341 (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jun Fu
    • 1
  • Huan Yang
    • 1
  • Yiwen Liang
    • 2
  • Chengyu Tan
    • 2
  1. 1.The 28th Research Institute of CETCChina
  2. 2.Computer SchoolWuhan UniversityChina

Personalised recommendations