Abstract
Malicious code has been generally accepted as one of the top security threats to computer information systems around the world for several years. Malicious code is changing more rapidly; it has become modular in design and propagates using new and novel methods. The roorkit techniques that malicious code uses to hide itself in the operating system kernel make the traditional antivirus difficult to extract its signature, not to mention detect it. Inspired by the biological immune system, we proposed a novel immune-inspired method for malicious code extraction and detection—IMCD. The IMCD extracts the I/O Request Packets (IRPs) sequence produced by the process running in kernel mode as antigen, defines the normal benign programs as self programs, and defines the malicious codes as nonself programs. By the process behavior monitoring and the family gene analysis, the method can monitor the evolution of malicious code. The method generates the immature antibodies by vaccination, produces mature antibodies by clonal selection and gene evolution, and then learns and evolutionary identifies the unknown malicious codes by the mature antibodies. Theoretical analysis and experiments show that the proposed method for unknown malicious code detection has high detection rate, low false-positive rate, and low omission rate.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
