A Novel Immune Based Approach for Detection of Windows PE Virus

  • Authors:

  • Yu Zhang;Tao Li;Jia Sun;Renchao Qin

  • Affiliations:

  • School of Computer Science, Sichuan University, Chengdu, China 610065;School of Computer Science, Sichuan University, Chengdu, China 610065;Department of humanism education, Huaihua University, Huaihua, China 418000;School of Computer Science, Sichuan University, Chengdu, China 610065

  • Venue:
  • ADMA '08 Proceedings of the 4th international conference on Advanced Data Mining and Applications
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

Generic computer virus detection is the absolute need of the hour as most commercial antivirus products fail to detect unknown and new Windows PE viruses. Motivated by the success of immune-based techniques in intrusion detection systems, recent research in detecting computer viruses is directed towards devising efficient non-signature-based techniques. We observe that each Windows PE virus whether or not it is encrypted must have a relocation module to relocate its variables or constants in the infected programs. Due to its unique characteristic, the virus relocation module can be extracted as an antibody in the immune systems to detect the specific antigens. In this paper, we presented a novel Windows PE virus detection approach that draws inspiration from artificial immune system and the structure of the relocation module of the virus. The structure of Windows PE virus is sufficiently analyzed. The dynamic evolution of self and nonself, the presentation of the antigen, and the generation of the antibody are proposed. The experiment is conducted and its results indicate that this approach not only has relatively higher detection rate of unknown Windows PE virus than the earlier known methods, but also has better capability of self-adaptive and self-learning.