Skip to main content
SpringerLink
Log in

A Sense of ‘Danger’ for Windows Processes

  • Conference paper
Artificial Immune Systems (ICARIS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5666))

Included in the following conference series:

Abstract

The sophistication of modern computer malware demands run-time malware detection strategies which are not only efficient but also robust to obfuscation and evasion attempts. In this paper, we investigate the suitability of recently proposed Dendritic Cell Algorithms (DCA), both classical DCA (cDCA) and deterministic DCA (dDCA), for malware detection at run-time. We have collected API call traces of real malware and benign processes running on Windows operating system. We evaluate the accuracy of cDCA and dDCA for classifying between malware and benign processes using API call sequences. Moreover, we also study the effects of antigen multiplier and time-windows on the detection accuracy of both algorithms.

Apologies to Forrest et al. .

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. API Monitor, http://www.rohitab.com/apimonitor

  2. F-Secure Corporation, F-Secure Reports Amount of Malware Grew by 100% during 2007, Press release (2007)

    Google Scholar 

  3. Symantec, Internet Security Threat Report, vol. XIV (2009)

    Google Scholar 

  4. The Danger Project, http://www.dangertheory.com

  5. VX Heavens Virus Collection, VX Heavens website, http://vx.netlux.org

  6. Aickelin, U., Bentley, P., Cayzer, S., Kim, J., McLeod, J.: Danger Theory: The Link between AIS and IDS? In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 147–155. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  7. Christodorescu, M., Jha, S.: Testing Malware Detectors. ACM SIGSOFT Software Engineering Notes 29(4), 34–44 (2004)

    Article  Google Scholar 

  8. Damashek, M.: Gauging Similarity with n-Grams: Language-Independent Categorization of Text. Science 267, 843–848 (1995)

    Article  Google Scholar 

  9. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix processes. In: IEEE Symposium on Security and Privacy, USA, pp. 120–128. IEEE Press, Los Alamitos (1996)

    Google Scholar 

  10. Gonzalez, F., Dasgupta, D.: Anomaly Detection Using Real-Valued Negative Selection. Journal of Genetic Programming and Evolvable Machines 4(4), 383–403 (2003)

    Article  Google Scholar 

  11. Gonzalez, F., Dasgupta, D., Nino, L.F.: A Randomized Real-Valued Negative Selection Algorithm. In: Timmis, J., Bentley, P.J., Hart, E. (eds.) ICARIS 2003. LNCS, vol. 2787, pp. 261–272. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  12. Greensmith, J., Aickelin, U., Cayzer, S.: Introducing Dendritic Cells as a Novel Immune-Inspired Algorithm for Anomaly Detection. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 153–167. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. Greensmith, J., Aickelin, U., Twycross, J.: Articulation and clarification of the dendritic cell algorithm. In: Bersini, H., Carneiro, J. (eds.) ICARIS 2006. LNCS, vol. 4163, pp. 404–417. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  14. Greensmith, J., Aickelin, U.: Dendritic Cells for SYN Scan Detection. In: Genetic and Evolutionary Computation Conference (GECCO), pp. 49–56. ACM Press, UK (2007)

    Google Scholar 

  15. Greensmith, J., Aickelin, U.: The Deterministic Dendritic Cell Algorithm. In: Bentley, P.J., Lee, D., Jung, S. (eds.) ICARIS 2008. LNCS, vol. 5132, pp. 291–303. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. Gu, F., Greensmith, J., Aickelin, U.: Further Exploration of the Dendritic Cell Algorithm: Antigen Multiplier and Time Windows. In: Bentley, P.J., Lee, D., Jung, S. (eds.) ICARIS 2008. LNCS, vol. 5132, pp. 142–153. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  17. Ji, Z., Dasgupta, D.: Real-Valued Negative Selection Using Variable-Sized Detectors. In: Deb, K., et al. (eds.) GECCO 2004. LNCS, vol. 3102, pp. 287–298. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  18. Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: International Conference on Knowledge Discovery and Data Mining, pp. 470–478. ACM Press, USA (2004)

    Google Scholar 

  19. Matzinger, P.: Tolerance, danger and the extended family. Annual Review of lmmunology 12, 991–1045 (1994)

    Article  Google Scholar 

  20. Stibor, T., Timmis, J., Eckert, C.: On the Appropriateness of Negative Selection defined over Hamming Shape Space As a Network Intrustion Detection System. In: IEEE Congress on Evolutionary Computation (CEC), pp. 995–1002. IEEE Press, UK (2005)

    Google Scholar 

  21. Stibor, T., Mohr, P., Timmis, J., Eckert, C.: Is Negative Selection Appropriate for Anomaly Detection? In: Genetic and Evolutionary Computation Conference (GECCO), USA, pp. 321–328. ACM Press, New York (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Next Generation Intelligent Networks Research Center (nexGIN RC), FAST National University of Computer & Emerging Sciences (NUCES), Islamabad, 44000, Pakistan

    Salman Manzoor, M. Zubair Shafiq, S. Momina Tabish & Muddassar Farooq

Authors
  1. Salman Manzoor
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Zubair Shafiq
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. Momina Tabish
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Muddassar Farooq
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of York, YO10 5DD, Heslington, York, UK

    Paul S. Andrews

  2. Departments of Computer Science and Electronics, University of York, YO10 5DD, Heslington, York, UK

    Jon Timmis

  3. Department of Electronics, University of York, YO10 5DD, Heslington, York, UK

    Nick D. L. Owens  & Andy M. Tyrrell  & 

  4. School of Computer Science, University of Nottingham, Jubilee Campus, Wollaton Road, NG8 1BB, Nottingham, UK

    Uwe Aickelin

  5. School of Computing, Napier University, 10 Colinton Road, EH10 5DT, Edinburgh, UK

    Emma Hart

  6. Institute of Mathematics, Statistics and Actuarial Science, University of Kent, CT2 7NF, Canterbury, UK

    Andrew Hone

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Manzoor, S., Shafiq, M.Z., Tabish, S.M., Farooq, M. (2009). A Sense of ‘Danger’ for Windows Processes. In: Andrews, P.S., et al. Artificial Immune Systems. ICARIS 2009. Lecture Notes in Computer Science, vol 5666. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03246-2_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03246-2_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03245-5

  • Online ISBN: 978-3-642-03246-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation