A Sense of `Danger' for Windows Processes

Authors:
Salman Manzoor;M. Zubair Shafiq;S. Momina Tabish;Muddassar Farooq
Affiliations:
Next Generation Intelligent Networks Research Center (nexGIN RC), FAST National University of Computer & Emerging Sciences (NUCES), Islamabad, Pakistan 44000;Next Generation Intelligent Networks Research Center (nexGIN RC), FAST National University of Computer & Emerging Sciences (NUCES), Islamabad, Pakistan 44000;Next Generation Intelligent Networks Research Center (nexGIN RC), FAST National University of Computer & Emerging Sciences (NUCES), Islamabad, Pakistan 44000;Next Generation Intelligent Networks Research Center (nexGIN RC), FAST National University of Computer & Emerging Sciences (NUCES), Islamabad, Pakistan 44000
Venue:
ICARIS '09 Proceedings of the 8th International Conference on Artificial Immune Systems
Year:
2009

Citing 10
Cited 6

A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Anomaly Detection Using Real-Valued Negative Selection

Genetic Programming and Evolvable Machines
Testing malware detectors

ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Learning to detect malicious executables in the wild

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Is negative selection appropriate for anomaly detection?

GECCO '05 Proceedings of the 7th annual conference on Genetic and evolutionary computation
Dendritic cells for SYN scan detection

Proceedings of the 9th annual conference on Genetic and evolutionary computation
Further Exploration of the Dendritic Cell Algorithm: Antigen Multiplier and Time Windows

ICARIS '08 Proceedings of the 7th international conference on Artificial Immune Systems
The Deterministic Dendritic Cell Algorithm

ICARIS '08 Proceedings of the 7th international conference on Artificial Immune Systems
Articulation and clarification of the dendritic cell algorithm

ICARIS'06 Proceedings of the 5th international conference on Artificial Immune Systems
Introducing dendritic cells as a novel immune-inspired algorithm for anomaly detection

ICARIS'05 Proceedings of the 4th international conference on Artificial Immune Systems

Using IRP for malware detection

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Review Article: Recent Advances in Artificial Immune Systems: Models and Applications

Applied Soft Computing
Run-time malware detection based on positive selection

Journal in Computer Virology
Real-Valued negative selection algorithm with variable-sized self radius

ICICA'12 Proceedings of the Third international conference on Information Computing and Applications
Bait a trap: introducing natural killer cells to artificial immune system for spyware detection

ICARIS'12 Proceedings of the 11th international conference on Artificial Immune Systems
Rethinking concepts of the dendritic cell algorithm for multiple data stream analysis

ICARIS'12 Proceedings of the 11th international conference on Artificial Immune Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The sophistication of modern computer malware demands run-time malware detection strategies which are not only efficient but also robust to obfuscation and evasion attempts. In this paper, we investigate the suitability of recently proposed Dendritic Cell Algorithms (DCA), both classical DCA (cDCA) and deterministic DCA (dDCA), for malware detection at run-time. We have collected API call traces of real malware and benign processes running on Windows operating system. We evaluate the accuracy of cDCA and dDCA for classifying between malware and benign processes using API call sequences. Moreover, we also study the effects of antigen multiplier and time-windows on the detection accuracy of both algorithms.