Communications of the ACM
Fast training of support vector machines using sequential minimal optimization
Advances in kernel methods
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Intrusion Detection Using Variable-Length Audit Trail Patterns
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Artificial Immune Recognition System (AIRS): An Immune-Inspired Supervised Learning Algorithm
Genetic Programming and Evolvable Machines
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Learning to Detect and Classify Malicious Executables in the Wild
The Journal of Machine Learning Research
Toward Automated Dynamic Malware Analysis Using CWSandbox
IEEE Security and Privacy
Intrusion detection using sequences of system calls
Journal of Computer Security
A practical mimicry attack against powerful system-call monitors
Proceedings of the 2008 ACM symposium on Information, computer and communications security
The Deterministic Dendritic Cell Algorithm
ICARIS '08 Proceedings of the 7th international conference on Artificial Immune Systems
A negative selection algorithm for classification and reduction of the noise effect
Applied Soft Computing
Extracting rules for classification problems: AIS based approach
Expert Systems with Applications: An International Journal
A Sense of `Danger' for Windows Processes
ICARIS '09 Proceedings of the 8th International Conference on Artificial Immune Systems
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Design of an Artificial Immune System for fault detection: A Negative Selection Approach
Expert Systems with Applications: An International Journal
Expert Systems with Applications: An International Journal
Quantum-inspired immune clone algorithm and multiscale Bandelet based image representation
Pattern Recognition Letters
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Introducing dendritic cells as a novel immune-inspired algorithm for anomaly detection
ICARIS'05 Proceedings of the 4th international conference on Artificial Immune Systems
Learning and optimization using the clonal selection principle
IEEE Transactions on Evolutionary Computation
A formal framework for positive and negative detection schemes
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Capture - A behavioral analysis tool for applications and documents
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Real-Valued negative selection algorithm with variable-sized self radius
ICICA'12 Proceedings of the Third international conference on Information Computing and Applications
| Hi-index | 0.01 |
This paper presents a supervised methodology that detects malware based on positive selection. Malware detection is a challenging problem due to the rapid growth of the number of malware and increasing complexity. Run-time monitoring of program execution behavior is widely used to discriminate between benign and malicious executables due to its effectiveness and robustness. This paper proposes a novel classification algorithm based on the idea of positive selection, which is one of the important algorithms in Artificial Immune Systems (AIS), inspired by positive selection of T-cells. The proposed algorithm is applied to learn and classify program behavior based on I/O Request Packets (IRP). In our experiments, the proposed algorithm outperforms ANSC, Na茂 ve Bayes, Bayesian Networks, Support Vector Machine, and C4.5 Decision Tree. This algorithm can also be used in general purpose classification problems not just two-class but multi-class problems.