||Immune system for virus detection and elimination
||Jensen, Rune Schmidt
||Sharp, Robin (Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Villadsen, Jørgen (Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
||Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
||In this thesis we consider the aspects of designing a computer immune system for virus detection and elimination using components and techniques found in the biological immune system. Already published proposals for constructing computer immune systems are described and analysed. Based on these analyses and a general introduction to
modelling the biological immune system in a computer we design a computer immune system for virus detection.
In the modelling of the biological immune system we consider the use of three different kinds of loose matching: Hamming Distance, R-Contiguous Symbols, and Hidden Markov Models (HMMs). A complete and in depth introduction to the theory of HMMs will be given and the algorithms used in connexion with HMMs will be explained. A framework
for representing the HMMs together with the algorithms are implemented in Java as part of the CIS package which is thought of as being a preliminary version of a computer immune system.
Experiments with virus infected programs and HMMs are presented. HMMs are trained on static code from non-infected programs and on traces of systems calls generated by executions of non-infected programs. The programs are infected with a virus and the HMMs ability to detect the infections are tested. It is concluded that HMMs successfully can detect virus infections in programs from static code and from traces of system calls generated by executions of programs.
||Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU : DK-2800 Kgs. Lyngby, Denmark
||Biological Immune System; Computer Immune System,| Hamming Distance; R-Contiguous Symbols; Hidden Markov Models; Virus|Detection; Virus Elimination
Creation date: 2006-06-22
Update date: 2012-12-20