Beta 1


Title Immune system for virus detection and elimination
Author Jensen, Rune Schmidt
Supervisor Sharp, Robin (Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Villadsen, Jørgen (Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Institution Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
Thesis level Master's thesis
Year 2002
Abstract In this thesis we consider the aspects of designing a computer immune system for virus detection and elimination using components and techniques found in the biological immune system. Already published proposals for constructing computer immune systems are described and analysed. Based on these analyses and a general introduction to modelling the biological immune system in a computer we design a computer immune system for virus detection. In the modelling of the biological immune system we consider the use of three different kinds of loose matching: Hamming Distance, R-Contiguous Symbols, and Hidden Markov Models (HMMs). A complete and in depth introduction to the theory of HMMs will be given and the algorithms used in connexion with HMMs will be explained. A framework for representing the HMMs together with the algorithms are implemented in Java as part of the CIS package which is thought of as being a preliminary version of a computer immune system. Experiments with virus infected programs and HMMs are presented. HMMs are trained on static code from non-infected programs and on traces of systems calls generated by executions of non-infected programs. The programs are infected with a virus and the HMMs ability to detect the infections are tested. It is concluded that HMMs successfully can detect virus infections in programs from static code and from traces of system calls generated by executions of programs.
Imprint Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU : DK-2800 Kgs. Lyngby, Denmark
Keywords Biological Immune System; Computer Immune System,| Hamming Distance; R-Contiguous Symbols; Hidden Markov Models; Virus|Detection; Virus Elimination
Fulltext
Original PDF imm959.pdf (0.72 MB)
Admin Creation date: 2006-06-22    Update date: 2012-12-20    Source: dtu    ID: 58311    Original MXD