No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Review on the application of artificial intelligence in antivirus detection system
Abstract
Artificial intelligence (AI) techniques have played increasingly important role in antivirus detection. At present, some principal artificial intelligence techniques applied in antivirus detection are proposed, including heuristic technique, data mining, agent technique, artificial immune, and artificial neural network. It believes that it will improve the performance of antivirus detection systems, and promote the production of new artificial intelligence algorithm and the application in antivirus detection to integrate antivirus detection with artificial intelligence. This paper introduces the main artificial intelligence technologies, which have been applied in antivirus system. Meanwhile, it also points out a fact that combining all kinds of artificial intelligence technologies will become the main development trend in the field of antivirus.
... For instance, neural nets are being applied to intrusion detection and prevention, and there are also proposals to use neural nets in "Denial of Service (DoS) detection, computer worm detection, spam detection, zombie detection, malware classification and forensic investigations" [8]. AI techniques such as Heuristics, Data Mining, Neural Networks, and Artificial Immune System (AIS), have been used for new-generation anti-virus software and it has improved the performance and capacity [9]. Some IDSs use intelligent agent technology which is sometimes even combined with mobile agent technology. ...
... The Dartmouth College Summer Research Project on Artificial Intelligence created AI as a research discipline in July 1956 [9]. AI can be described in two ways: (i) as a science that aims to discover the essence of intelligence and develop intelligent machines; or (ii) as a science of finding methods for solving complex problems that cannot be solved without applying some intelligence (e.g. ...
... making right decisions based on large amounts of data) [2]. Artificial intelligence is a developing comprehensive marginal subject and has become one of the world's three major high-tech, including Space Technology and Energy Technology in the 21st century [9]. ...
The stride towards ensuring the security of critical infrastructure and other organizational and personal information asset has been characterized by high uncertainties despite the continuous improvements in technology security, processes, users' education and awareness. Hence, there is need to provide built-in security in the devices themselves in order to pursuit dynamic prevention, detection, diagnosis, isolation and countermeasures against successful breaches.
... These landscapes started to be presented by the first academic work tackling the problem (e.g., a review of AVs using signatures [4], or ML detectors [193]). The major drawback of the academic literature is that most works adopt black-box analyses procedures [156], exploiting the fact that still few solutions employ anti-black-box technique [70]. ...
... Work Landscape Avs Studied Aspect Modern AV [165] Kaspersky Function Hooks [39] Defender Emulation [4] Multiple Signatures [193] Multiple Machine Learning [152] Multiple Energy Consumption [138] Generic Detection N/A [106] Multiple Overall This ...
... Machine Learning is a trending topic in computer security and AVs are not unaware of this trend. One can be sure that modern AVs rely on some kind of ML technique, which can be discovered either by the AV's reports [193] or by indirect observations, such as the fact that attacking ML models in a standalone manner might have impact on the detection results of commercial AVs [40]. ...
AntiViruses (AVs) are the main defense line against attacks for most users and much research has been done about them, especially proposing new detection procedures that work in academic prototypes. However, as most current and commercial AVs are closed-source solutions, in practice, little is known about their real internals: information such as what is a typical AV database size, the detection methods effectively used in each operation mode, and how often on average the AVs are updated are still unknown. This prevents research work from meeting the industrial practices more thoroughly. To fill this gap, in this work, we systematize the knowledge about AVs. To do so, we first surveyed the literature and identified existing knowledge gaps in AV internals’ working. Further, we bridged these gaps by analyzing popular (Windows, Linux, and Android) AV solutions to check their operations in practice. Our methodology encompassed multiple techniques, from tracing to fuzzing. We detail current AV’s architecture, including their multiple components, such as browser extensions and injected libraries, regarding their implementation, monitoring features, and self-protection capabilities. We discovered, for instance, a great disparity in the set of API functions hooked by the distinct AV’s libraries, which might have a significant impact in the viability of academically-proposed detection models (e.g., machine learning-based ones).
... This method has the ability of selfdiscovering and analyzing the code in an intelligent way performing a deep inspection of code instruction sequences as well as discovering unusual or unopened system calls. This technique might cause a high rate of false positives and negatives but combining with other traditional techniques, its efficiency could improve considerably [13]. ...
... Artificial intelligence aims to simulate human thinking and behavior processes like learning, planning, among others [13]. ...
... The improvement of anti-virus systems has considered the inclusion of artificial intelligence technologies as a way to increase accuracy and performance. Several technologies are discussed since they are applied in anti-malware detection systems [13]. ...
Malware has become a powerful and sophisticated tool used by malicious users to compromise and harm systems, and its evasion ability has improved considerably, getting to the point of becoming completely undetectable. On the other hand, machine learning has evolved tremendously in last years and it has become a standard in many IT solutions including the data processing field. Likewise, cryptography also has growth in popularity in providing confidentiality and integrity to important information. Even though those technologies are being widely used for trustable IT solutions, they also are used by malicious applications such as ransomware, which uses the cryptography as its infecting mechanism and the machine learning as its evasion technique. In this aspect, this paper makes a survey of existing researches regarding to malware detection and evasion by examining possible scenarios where malware could take advantage of machine learning and cryptography to improve its evasion techniques and infection impact.
... AI enables us to design autonomic computing solutions capable of adapting to their context of use, using the methods of self-management, self-tuning, self-configuration, self-diagnosis, and selfhealing . When it comes to the future of information security, AI techniques seem very promising area of research that focuses on improving the security measures for cyber space [2] [6] [7]. ...
... AI enables us to design autonomic computing solutions capable of adapting to their context of use, using the methods of self-management, self-tuning, self-configuration, self-diagnosis, and selfhealing . When it comes to the future of information security, AI techniques seem very promising area of research that focuses on improving the security measures for cyber space [2, 6, 7]. The purpose of this study is to present advances made so far in the field of applying AI techniques for combating cyber crimes, to demonstrate how these techniques can be an effective tool for detection and prevention of cyber attacks, as well as to give the scope for future work. ...
... In the application of AI to cyber defense, we are more interested in the second definition. Research interest in AI include ways to make machines (computers) simulate intelligent human behavior such as thinking, learning, reasoning, planning, etc. [5, 7, 16]. The general problem of simulating intelligence has been simplified to specific sub-problems which have certain characteristics or capabilities that an intelligent system should exhibit. ...
With the advances in information technology (IT) criminals are using cyberspace to commit numerous
cyber crimes. Cyber infrastructures are highly vulnerable to intrusions and other threats. Physical devices
and human intervention are not sufficient for monitoring and protection of these infrastructures; hence,
there is a need for more sophisticated cyber defense systems that need to be flexible, adaptable and robust,
and able to detect a wide variety of threats and make intelligent real-time decisions. Numerous bio-inspired
computing methods of Artificial Intelligence have been increasingly playing an important role in cyber
crime detection and prevention. The purpose of this study is to present advances made so far in the field of
applying AI techniques for combating cyber crimes, to demonstrate how these techniques can be a
... For example, signature-based detection is only effective against known malware signatures, meaning that new or unknown forms of malware can bypass this detection method. Additionally, some types of malware can be designed to evade behavior-based detection methods [42]. ...
... However, antivirus software continues to be a critical component of cybersecurity, particularly for organizations with limited resources or expertise in AI-based techniques. By using a combination of signature-based and behavior-based detection, antivirus software can provide an effective defense against known and unknown forms of malware, including ransomware [42]. ...
Ransomware attacks pose significant security threats to personal and corporate data and information. The owners of computer-based resources suffer from verification and privacy violations, monetary losses, and reputational damage due to successful ransomware assaults. As a result, it is critical to accurately and swiftly identify ransomware. Numerous methods have been proposed for identifying ransomware, each with its own advantages and disadvantages. The main objective of this research is to discuss current trends in and potential future debates on automated ransomware detection. This document includes an overview of ransomware, a timeline of assaults, and details on their background. It also provides comprehensive research on existing methods for identifying, avoiding, minimizing, and recovering from ransomware attacks. An analysis of studies between 2017 and 2022 is another advantage of this research. This provides readers with up-to-date knowledge of the most recent developments in ransomware detection and highlights advancements in methods for combating ransomware attacks. In conclusion, this research highlights unanswered concerns and potential research challenges in ransomware detection.
... The growing complexity of attacks and the increasing reliance on digital infrastructure fueled the demand for specialized cybersecurity expertise. Advanced technologies, such as artificial intelligence (AI) and machine learning (ML), emerged as powerful tools for threat detection and prevention [26], [27]. ...
The Networks and Information Systems 2 (NIS2) Directive has been published in 2022. It is the successor of its initial version (NIS Directive) of 2016. Its objective is to achieve a high common level of cybersecurity across the European Union, with a view to improving the functioning of the internal market. The previously existing legal framework was indeed revised to better address the increased digitization and an evolving cybersecurity threat landscape. New sectors and entities have been added to the scope of the regulation to improves the resilience and incident response capacities of public and private entities, competent authorities and the European Union as a whole. For this purpose, the NIS2 Directive introduces a list of “Sectors of high criticality” including Energy, Transport, Banking, Financial Market Infrastructures, Health, Drinking Water, Waste Water, Digital Infrastructure, ICT Service Management (Business-to-Business), Public Administration and Space. A set of measures is introduced for those sectors which will be further summarized in the present chapter. Additionally, with requirements of a lesser extent, “other critical Sectors” are defined including Postal and Courier Services, Waste Management, Manufacture, production and distribution of chemicals, Production, processing and distribution of food, Manufacturing, Digital Providers and Research. The application of the NIS2 Directive is limited to public or private entities being part of the list of “Sectors of high criticality” or the list of “other critical Sectors”. The requirements of the NIS2 Directive remain on a rather high level with the obligation for EU Member States to detail the implementation on a national level. According to NIS2 Article 41, by 17 October 2024, Member States shall adopt and publish the measures necessary to comply with the NIS2 Directive.
... Artificial intelligence methods are already widely used in the fight against cybercrime. There are plans to use neural networks for "denial of service (DoS) detection, computer worm detection, spam detection, zombie detection, malware classification, and forensic investigations," for example, in addition to intrusion detection and prevention (Wang et al., 2008). ...
... Recently, to increase the capabilities of antivirus systems, the use of machine learning algorithms using artificial intelligence (AI) has been introduced [26][27][28]. The inclusion of these techniques allows for a large-scale data analysis, the identification of patterns and trends, as well as the automatic and rapid formulation of predictions. ...
Featured Application
This work can be applied to develop new anti-malware strategies based on event analysis.
Abstract
The detection and classification of threats in computer systems has been one of the main problems researched in Cybersecurity. As technology evolves, the tactics employed by adversaries have also become more sophisticated to evade detection systems. In consequence, systems that previously detected and classified those threats are now outdated. This paper proposes a detection system based on the analysis of events and matching the risk level with the MITRE ATT&CK matrix and Cyber Kill Chain. Extensive testing of attacks, using nine malware codes and applying three different obfuscation techniques, was performed. Each malicious code was analyzed using the proposed event management system and also executed in a controlled environment to examine if commercial malware detection systems (antivirus) were successful. The results show that evading techniques such as obfuscation and in-memory extraction of malicious payloads, impose unexpected difficulties to standard antivirus software.
... Artificial intelligence (AI) is a technology that is defined as the ability of machines to perform tasks that are associated with human intelligence. The main study of AI is to train the machines to simulate human skills, such as learning, rationalizing, thinking, and managing [93]. Some of the AI techniques include Natural Language Generation, Expert Systems, Intelligent Agents, Deep Learning, Machine Learning, Speech Recognition, Text Analytics, and NLP. ...
Given the prevailing state of cybersecurity, it is reasonable to understand why cybersecurity experts are seriously considering artificial intelligence as a potential field that can aid improvements in conventional cybersecurity techniques. Various progressions in the field of technology have helped to mitigate some of the issues relating to cybersecurity. These advancements can be manifested by Big Data, Blockchain technology, Behavioral Analytics, to name but a few. The paper overviews the effects of applications of these technologies in cybersecurity. The central purpose of the paper is to review the application of AI techniques in analyzing, detecting, and fighting various cyberattacks. The effects of the implementation of conditionally classified “distributed” AI methods and conveniently classified “compact” AI methods on different cyber threats have been reviewed. Furthermore, the future scope and challenges of using such techniques in cybersecurity, are discussed. Finally, conclusions have been drawn in terms of evaluating the employment of different AI advancements in improving cybersecurity.
... Therefore, more powerful detection solutions were required to detect complex threats without causing FPs. As such, AV engines started to rely on Machine Learning (ML) and/or on Artificial Intelligence (AI) for their classification and decision procedures [6]. ML/AI may be used, for instance, to flag samples as malicious based on the usage frequency of some assembly instructions [25]. ...
Security evaluation is an essential task to identify the level of protection accomplished in running systems or to aid in choosing better solutions for each specific scenario. Although antiviruses (AVs) are one of the main defensive solutions for most end-users and corporations, AV’s evaluations are conducted by few organizations and often limited to compare detection rates. Moreover, other important factors of AVs’ operating mode (e.g., response time and detection regression) are usually underestimated. Ignoring such factors create an “understanding gap” on the effectiveness of AVs in actual scenarios, which we aim to bridge by presenting a broader characterization of current AVs’ modes of operation. In our characterization, we consider distinct file types, operating systems, datasets, and time frames. To do so, we daily collected samples from two distinct, representative malware sources and submitted them to the VirusTotal (VT) service for 30 consecutive days. In total, we considered 28,875 unique malware samples. For each day, we retrieved the submitted samples’ detection rates and assigned labels, resulting in more than 1M distinct VT submissions overall. Our experimental results show that: (i) phishing contexts are a challenge for all AVs, turning malicious Web pages detectors less effective than malicious files detectors; (ii) generic procedures are insufficient to ensure broad detection coverage, incurring in lower detection rates for particular datasets (e.g., country-specific) than for those with world-wide collected samples; (iii) detection rates are unstable since all AVs presented detection regression effects after scans in different time frames using the same dataset and (iv) AVs’ long response times in delivering new signatures/heuristics create a significant attack opportunity window within the first 30 days after we first identified a malicious binary. To address the effects of our findings, we propose six new metrics to evaluate the multiple aspects that impact the effectiveness of AVs. With them, we hope to assess corporate (and domestic) users to better evaluate the solutions that fit their needs more adequately.
... This software is able to take actions which can optimize data centers and distributed applications. A next strategy to utilize an artificial intelligence is an anti-virus detection which is shown in the solution described by Xino-bin Wang et al. [16]. They present an approach to virus detection which is done by using data mining and neural network. ...
Data management and monitoring is an important issue in scientific computa-tion. Scientists want to access their data as quickly as possible. Some experi-ments need to store a lot of data which have to be secure. By saying this wemean that this data can not disappear or be damaged also the data storageshould be as cheap as possible. In this paper we present an approach to theautomation of monitoring and management of data storage. We introduce aknowledge based system which is able to manage data, i.e., make decisions onmigrating data, replicating or removing it. We discuss some of the existingsolutions which are popular on the market. In this paper we aim to present oursystem which uses such AI techniques like fuzzy logic or a rule-based expertsystem to deal with data storage management. We exploit in this system acost model to analyze the proposed solutions. The operations performed byour system are aimed to optimize the usage of the monitored infrastructure.
... In the cybersecurity field, some artificial intelligence techniques including heuristic technique, data mining, agent technique, artificial immune, and artificial neural network are applied in antivirus detection. It believes that it will improve the performance of antivirus detection systems, and promote the production of new artificial intelligence algorithm and the application in antivirus detection to integrate antivirus detection with artificial intelligence [41]. 2. Threat intelligence. ...
Healthcare was an early adopter of ICT with the goal of improving physicians’ work. The digital revolution of healthcare started several years ago with the introduction of informatics into hospitals. Today healthcare is again at the forefront: as one of the most attacked and promising areas of exploitation for cybercriminals and cyberterrorists due to the abundance of valuable information and for its role in critical infrastructure. Patients’ world also changed radically and went through an ICT revolution; nowadays healthcare operators and patients’ worlds are highly digitalized, modifying how healthcare operators and patients offer and use services. This chapter, starting from an introduction to the new paradigms of the modern workforces, will introduce the concepts of Hospital 2.0, the patient ecosystem and will explore specific cybercrime and cyberterrorism threats.
... Las técnicas fundamentales de la Inteligencia Artificial que se emplean en los sistemas de detección de virus están enfocadas en [24]: ...
La Seguridad Informática se encuentra en constante evolución y dinamismo. La aplicación de técnicas de Inteligencia Artificial se convierte en una práctica indispensable en el tratamiento y detección de amenazas a que se encuentran expuestas las organizaciones. Este artículo se enfoca en un estudio bibliográfico relacionado con la aplicación de técnicas de Inteligencia Artificial en la Seguridad Informática, enfatizando en los Sistemas Detectores de Intrusos, detección de correo no deseado o spam, antivirus, así como otras aplicaciones en las que la utilización de la Inteligencia Artificial se considera importante.
AI-driven data storage systems play a transformative and prominent role in ensuring the key features of sustainability and efficiency of the modern management systems. AI techniques such as compression and deduplication help reduce the storage space by efficiently identifying redundancies and patterns in data. Another major step in the direction of efficient data storage is predictive maintenance powered by machine learning algorithms which minimize hardware failures and extend the primitive lifespan of storage devices. The horizons of energy management can also be expanded by using AI algorithms to dynamically adjust power usage on demand, resulting in substantial energy savings. AI can also enhance security features. This combination of AI's predictive power, energy optimization, and security measures is crucial for achieving sustainable and reliable data storage infrastructures.
Currently, with the rapid development of science and technology, the field of artificial intelligence presents characteristics such as a wide crossover of disciplines and fast update, and the field of artificial intelligence has become a new focus of international competition. As an interdisciplinary field, the field of artificial intelligence has rich knowledge and strategic management significance. This article conducts an in-depth study on the knowledge structure and evolution trends in the field of AI, and the main work is as follows. First, a new potential feature topic model New-LDA is proposed for the study of topic recognition, which enhances the feature learning ability of the traditional LDA model, and makes up for the deficiency of the traditional LDA model in the ability of recognizing topics in complex environments. Second, the knowledge structure in the field of AI is analyzed from two aspects: topic recognition and coword analysis. The time series model is introduced to establish the topic evolution network, and the high-frequency words in three periods are compared and analyzed to find the evolution regular of knowledge structure in the AI domain. Finally, taking the cross-discipline of AI as an example, the thematic evolution of the field and its cross-discipline is analyzed to determine the future development direction and evolutionary trend of the field of AI.
The sensor devices have been used widely to assemble independent sensor networks for a various appliances like smart cities; tidy physical condition, caring cultivation and manufacturing manage systems. Such mechanisms generate diversity information and dispatch those into the corresponding server for more data flows. A Data Stream Manager (DSM) at the server assembles the data flows as a large data to carry out genuine data analysis on significant uses. Most of the time malicious adversaries try to access the data in transit. It is a difficult job to execute the actual data with the help of safety properties such as confidentiality and integrity. The sensitive information is considered as confidentiality of collected data veracity for large sensing data flows. It needs encryption method to protect large sensing data flows that assures the needed numerous levels of privacy and data reliability. The perceptive information is most important to identify several crimes.
The replicated crimes create smart offences using cyberspace by criminals. Cyber communications are highly susceptible to imposition hazards. It needs additional complicated replicated security systems to identify the criminal activities. Frequent bio‐inspired work out methods of Artificial Intelligence can be used in pretend offence finding and deterrence. It can demonstrate the detection and prevention of cyber attacks by pertaining AI techniques for contesting pretend crimes.
p>Nowadays, Artificial Intelligence is being integrated into the modern innovations, including mobile, Electronic gadgets and as well as our daily lives. The smartphones are becoming a crucial and indistinguishable part of modern life. Whether that be in terms of speech, prototype, efficiency, features, quality and so forth, together all system requirements are provided in one machine. Researchers and innovations analysts are making advances in mobile computing with the excellent technologies. While Artificial Intelligence as a commercial product has been directly accessible. In this, both corporations and violent offenders take benefit of emerging technologies and advances. Cyber-security specialists and authorities have predicted there have been high possibilities of cyber-attacks. There's really, besides that, a need to improve quite advanced and powerful data security processes and software to protect all fraudulent activities and threats. The objective of this study is to introduce latest developments of implementing Methodologies to mobile computing, to prove how such techniques could become an efficient resource for data security and protocols, and to provide scope for future research.</p
در حال حاضر، سیستم های اطلاعاتی که نقش مهمی در اینترنت و شبکه های امن دارند، فوق العاده افزایش یافته اند. سیستم های تشخیص نفوذ (IDS) برای حفظ یکپارچگی داده ها، محرمانه بودن و در دسترس بودن سیستم در برابر حملات استفاده می شوند، همچنین داده کاوی برای تمیز کردن، طبقه بندی و بررسی مقدار زیادی از اطلاعات شبکه مورد استفاده قرار می گیرد. با توجه به اینکه حجم زیادی از ترافیک شبکه نیاز به پردازش دارد، از تکنیک های داده کاوی استفاده می شود. روش های مختلف داده کاوی مانند خوشه بندی، طبقه بندی و قوانین انجمنی اثبات شده اند که برای تجزیه و تحلیل ترافیک شبکه مفید هستند. در این مقاله تکنیک های داده کاوی در سیستم های تشخیص نفوذ مورد بررسی قرار گرفته که برای شناسایی موثر از هر دو الگوی شناخته شده و ناشناخته از حملات استفاده می شود. در نتیجه، به کاربران به منظور توسعه سیستم های اطلاعاتی ایمن کمک می کند.
Nowadays, as information system plays critical part in the internet, the importance of secure networks is tremendously increased. Intrusion Detection System (IDS) is used to preserve the data integrity, confidentiality and system availability from attacks. Data mining is used to clean, classify and examine large amount of network data. Since a large volume of network traffic that requires processing, we use data mining techniques. Different Data Mining techniques such as clustering, classification and association rules are proving to be useful for analyzing network traffic. This paper presents the survey on data mining techniques applied on intrusion detection systems for the effective identification of both known and unknown patterns of attacks, thereby helping the users to develop secure information systems.
Heuristic classifiers which distinguish between uninfected and infected members of some class of program objects have usually been constructed by hand. We automatically construct multiple neural network classifiers which can detect unknown Win32 viruses, following a technique described in previous work (Kephart et al, 1995) on boot virus heuristics. These individual classifiers have a false positive rate too high for real-world deployment. We find that, by combining the individual classifier outputs using a voting procedure, the risk of false positives is reduced to an arbitrarily low level, with only a slight increase in the false negative rate. Regular heuristics retraining on updated sets of exemplars (both infected and uninfected) is practical if the false positive rate is low enough.
Today's anti-virus technology, based largely on analysis of existing viruses by human experts, is just barely able to keep pace with the more than three new computer viruses that are writ ten daily. In a few years, intelligent agents nav igating through highly connected networks are likely to form an extremely fertile medium for a new breed of viruses. At IBM, we are de veloping novel, biologically inspired anti-virus techniques designed to thwart both today's and tomorrow's viruses. Here we describe two of these: a neural network virus detector that learns to discriminate between infected and un infected programs, and a computer immune system that identifies new viruses, analyzes them automatically, and uses the results of its analysis to detect and remove all copies of the virus that are present in the system. The neural-net technology has been incorporated into IBM's commercial anti-virus product; the computer immune system is in prototype.
Detecting unknown worms is a challenging task. Extant solutions, such as anti-virus tools, rely mainly on prior explicit knowledge of specific worm signatures. As a result, after the appearance of a new worm on the Web there is a significant delay until an update carrying the worm's signature is distributed to anti-virus tools. During this time interval a new worm can infect many computers and create significant damage. We propose an innovative technique for detecting the presence of an unknown worm, not necessarily by recognizing specific instances of the worm, but rather based on the computer measurements. We designed an experiment to test the new technique employing several computer configurations and background applications activity. During the experiments 323 computer features were monitored. Four feature selection techniques were used to reduce the amount of features and four classification algorithms were applied on the resulting feature subsets. Our results indicate that using this approach resulted, in above 90% average accuracy, and for specific unknown worms accuracy reached above 99%, using just 20 features while maintaining a low level of false positive rate
A serious security threat today is malicious executables, especially new, unseen malicious executables often arriving as email attachments. These new malicious executables are created at the rate of thousands every year and pose a serious security threat. Current anti-virus systems attempt to detect these new malicious programs with heuristics generated by hand. This approach is costly and oftentimes ineffective. We present a data mining framework that detects new, previously unseen malicious executables accurately and automatically. The data mining framework automatically found patterns in our data set and used these patterns to detect a set of new malicious binaries. Comparing our detection methods with a traditional signature-based method, our method more than doubles the current detection rates for new malicious executables
The dissemination of software has never been so easy since the
Internet became widely available. This ease of access to free software
has also pushed the wide spread of viruses to a new plateau. We present
VICEd, a system for generic virus detection over the Internet. VICEd is
based on a virus detection methodology which is a combination of
software emulation and knowledge base. It detects viruses using their
behaviour instead of pattern matching. It is thus more effective against
unknown or mutated viruses than scanners. This methodology is
interesting in its own right. VICEd is a member of a group of system
management agents currently under development at the National Taiwan
University
Computer viruses are widely recognized as a significant computer threat. The "birth rate" of new viruses is high and increasing due to global connectivity, and technology improvements can accelerate their spread. In response to this threat, some contemporary research efforts are aimed at creating computer virus immune systems (CVIS). A CVIS uses the human immune system as a model for identifying, attacking, and eradicating viruses from computers and networks. This paper analyzes the requirements of such a computer virus immune system and evaluates current approaches with respect to these requirements. Based on this analysis, we propose a distributed architecture for implementing a CVIS. In particular, we discuss how emerging technologies such as evolutionary algorithms (EAs) and intelligent agents (IAs) can be employed to give the CVIS a self-adaption capability for new viral threats. 1 INTRODUCTION Computer viruses are widely acknowledged as a significant computer threat. It is diffi...
In this paper, a new method of computer virus detection on back-propagation neural networks is put forward. This method success in inducting back-propagation neural networks into the ways of computer virus detecting . In comparing with the traditional methods, this new detection is more effective in analyzing system information and file system, and can diagnose which kind of computer virus are infected .
Over a decade of work on the computer virus problem has resulted in a number of useful scientific and technological achievements. The study of biological epidemiology has been extended to help us understand when and why computer viruses spread. Techniques have been developed to help us estimate the safety and effectiveness of anti-virus technology before it is deployed. Technology for dealing with known viruses has been very successful, and is being extended to deal with previously unknown viruses automatically. Yet there are still important research problems, the solution to any of which significantly improve our ability to deal with the virus problems of the near future. The goal of this paper is to encourage clever people to work on these problems. To this end, we examine several open research problems in the area of protection from computer viruses. For each problem, we review the work that has been done to date, and suggest possible approaches. There is clearly enough work, even in the near term, to keep researchers busy for quite a while. There is every reason to believe that, as software technology evolves over the next century or so, there will plenty of important and interesting new problems that must be solved in this field.
Active worms can cause widespread damages at so high a speed that effectively precludes human-directed reaction, and patches
for the worms are always available after the damages have been caused, which has elevated them self to a first-class security
threat to Metropolitan Area Networks (MAN). Multi-agent system for Worm Detection and Containment in MAN (MWDCM) is presented
to provide a first-class automatic reaction mechanism that automatically applies containment strategies to block the propagation
of the worms and to protect MAN against worm scan that wastes a lot of network bandwidth and crashes the routers. Its user
agent is used to detect the known worms. Worm detection agent and worm detection correlation agent use two-stage based decision
method to detect unknown worms. They adaptively study the accessing in the whole network and dynamically change the working
parameters to detect the unknown worms. MWDCM confines worm infection within a macro-cell or a micro-cell of the metropolitan
area networks, the rest of the accesses and hosts continue functioning without disruption. MWDCM integrates Worm Detection
System (WDS) and network management system. Reaction measures can be taken by using Simple Network Management Protocol (SNMP)
interface to control broadband access server as soon as the WDS detect the active worm. MWDCM is very effective in blocking
random scanning worms. Simulation results indicate that high worm infection rate of epidemics can be avoided to a degree by
MWDCM blocking the propagation of the worms.
With increased global interconnectivity, reliance on e-commerce, network services, and Internet communication, computer security has become a necessity. Organizations must protect their systems from intrusion and computer-virus attacks. Such protection must detect anomalous patterns by exploiting known signatures while monitoring normal computer programs and network usage for abnormalities. Current antivirus and net- work intrusion detection (ID) solutions can become overwhelmed by the burden of capturing and classifying new viral stains and intrusion patterns. To overcome this problem, a self-adaptive dis- tributed agent-based defense immune system based on biological strategies is developed within a hierarchical layered architecture. A prototype interactive system is designed, implemented in Java, and tested. The results validate the use of a distributed-agent bio- logical-system approach toward the computer-security problems of virus elimination and ID.
Viruses spreading over the Internet can cause significant damage and the loss of network security. On the other hand, the anti-virus process also plays an important part affecting the dynamics of the virus spreading. The spreading dynamics of most viruses depend on the underlying network topology. While much research attention has been paid in developing the anti-virus software/tools, the dynamics and propagating model of the virus and anti-virus spreading in the topology-aware networks is neither well understood, nor thoroughly studied. To remedy this deficiency, we model and analyze the spreading characteristics of viruses as coexisting with the anti-virus spreading process in the two-layer small-world topology. Applying the fluid analysis, we derive the analytical solutions to the two-layer model. The simulations experiments confirm the validity of our fluid analyses in characterizing both virus and anti-virus spreading dynamics.
In this paper a new rule generation method from neural networks is
presented. A neural network is formed using a genetic algorithm (GA)
with virus infection and deterministic mutation to represent
regularities in training data. This method utilizes a modular structure
in GA. Each module learns a different neural network architecture, such
as sigmoid and a high order neural networks. Those information is
communicated to the other modules by the virus infection. The results of
computer simulations show that this approach can generate obvious
network structures and lead to simple rules
Recent expansion of the computer network opened a possibility of
explosive spread of computer viruses. We propose a distributed approach
against computer virus using also the computer network that allows
distributed and agent-based approach. Our anti-virus system consists of
several heterogeneous agents similarly to the immune system. Among these
agents, antibody agents use the information of “self” (files
of host computer) rather than the information of “non-self”
(computer viruses). After detection and neutralization of computer
viruses, the anti-virus system tries to recover original files that are
distributed over the uninfected hosts connected by LAN. This recovery is
also done by several heterogeneous agents. As a whole, the proposed
anti-virus system can be regarded a backup system with computer network.
We implemented the antivirus system with JAVA, and tested against some
existing viruses
A Virus Detection Algorithm Based on Immune Associative Memory
- Zhen Yu
- Ma
- Cao
- Wang
Zhen Yu; Jianhui Ma; Xianbin Cao, and Xufa Wang, " A Virus Detection Algorithm Based on Immune Associative Memory, " Vol. 34(2), 2004, pp. 246-252.
The Network Virus Precaution System Based on Data Mining
- Yufeng Yang
Yufeng Yang, " The Network Virus Precaution System Based on Data Mining, " Journal of Shaoguan University, Vol. 26(12), 2005, pp. 31-33.
The Application of Agent in Virus Detection
- Maoguang Wang
- Zhaolin Yin
- Helong Ding
- Zhang
Maoguang Wang, Zhaolin Yin, Helong Ding, and Xianzhong Zhang, " The Application of Agent in Virus Detection, " Network & Computer Security, 2002, pp. 55-57.
Heuristic skill of computer virus analysis based on virtual machine
- Xianwei Zeng
- Zhijun Zhang
- Zhang
Xianwei Zeng, Zhijun Zhang, and Zhi Zhang, " Heuristic skill of computer virus analysis based on virtual machine, " Computer Applications and Software, Vol. 22(9), 2005, pp. 125-126.
Study on Anti-Virus Engine Based on Heuristic Search of Polymorphic Virus Behavior
- Zhenhai Wang
Zhenhai Wang and Haifeng Wang, " Study on Anti-Virus Engine Based on Heuristic Search of Polymorphic Virus Behavior, " Research and Exploration in Laboratory, Vol. 25(9), 2006, pp. 1089-1108.
Computer viruses detection based on ensemble neural network
- Boyun Zhang
- Jianping Yin
- Dingxing Zhang
- Jingbo Hao
- Shulin
- Wang
Boyun Zhang and Jianping Yin, Dingxing Zhang, Jingbo Hao, Shulin Wang, " Computer viruses detection based on ensemble neural network, " Computer Engineering and Applications, Vol. 43(13), 2007, pp. 26-29.
The application of Pattern Classification Technology in Computer Virus Detction
- Wentao Jiang
- Jinfeng Liu
- Yifei He