Negative Selection Algorithm Based Unknown Malware Detection Model

Abstract

Nowadays, malwares have become one of the most serious security threats for computer systems and how to detect malwares is a difficult task, especially, unknown malwares. Artificial immune systems (AIS) is spired by biological immune system (BIS) and it is a relatively novel field. AIS is used to detect malwares and gets some exciting results. The most known AIS model is negative selection algorithm (NSA) and it can only use normal samples to train. The traditional NSAs generate detectors in the training phase and then detect anomaly elements in the testing phase. There are some drawbacks in the traditional NSAs. Firstly, the real applications often change, normal can change to anomalous, and vice versa. The traditional NSAs easily produce many of false alarm and false negative in the real applications. Secondly, the traditional NSAs lack continuous learning ability in the testing phase and it is costly to generate enough detectors to cover the total non-self space in the training. In order to overcome the drawbacks of the traditional NSAs, a new scheme with online adaptive learning is introduced to NSA, and it includes that constructing the appropriate profile of the system, generating new detectors cover the holes of the non-self space, deleting these detectors which lie in the self-space decreases false alarms and amending these detectors which cover partly self-space decreases false alarm and increase detecting rate.