Presentation is loading. Please wait.

Presentation is loading. Please wait.

Biologically Inspired Defenses against Computer Viruses International Joint Conference on Artificial Intelligence 95’ J.O. Kephart et al.

Published byBasil Heath Modified over 9 years ago

Similar presentations

Presentation on theme: "Biologically Inspired Defenses against Computer Viruses International Joint Conference on Artificial Intelligence 95’ J.O. Kephart et al."— Presentation transcript:

1 Biologically Inspired Defenses against Computer Viruses International Joint Conference on Artificial Intelligence 95’ J.O. Kephart et al.

2 Abstract n At IBM, we are developing novel, biologically inspired anti-virus techniques. –Neural network virus detector learns to discriminate between infected and uninfected programs - commercial product –Computer immune system identifies new viruses, analyzes them automatically, and uses the results of its analysis to detect and remove all copies of the virus that are present in the system - prototype

3 Introduction n Expert analysis by human is too slow to deal with viruses that spread globally within days or hours n Biologically inspired anti-virus techniques from defense mechanisms that biological organisms have evolved against diseases are natural

4 Computer Virus n Self-replicating software entities that attach themselves parasitically to existing programs –cell - program, organism - computer –When a user executes an infected program, the viral portion of the code typically executes first. –Printing weird message, playing music, destroying data under some circumstances. –Returns control to the original program, which executes normally

5 Virus Detection, Removal and Analysis n Anti-virus software seeks to detect all viral infections on a given computer system and to restore each infected program to its original uninfected state, if possible –Activity monitors, Integrity management systems –Virus scanners n By characteristic byte patterns( called signature ) n Expert analyzes virus, then selects signature n Require frequent update as a new virus is discovered

6 Generic Detection of Viruses n Generic detection is naturally viewed as a problem in automatic pattern classification –nearest neighbor, decision tree, MLP n boot sector virus –512byte long –250/4000, 19/20, 80% n Nearest-Neighbor –Measure: Hamming distance or edit distance –performs poorly

7 Feature Selection n Byte strings as features –training set with 150 512-byte viral boot sectors includes 76500 trigrams of which typically 25000 are distinct –150 viral and 45 non-viral training examples –Remove trigrams appearing too frequently in legitimate boot sectors and so on –4-cover : 50 trigram features

8 Classifier Training and Performance n Since No negative example contains any of the feature, any positive use of the features gives a perfect classifier n Artificial negative example is generated in which that feature’s input value is 1 and all other inputs are 0. n False negative 15% n False positive 0.02%

9 Computer Immune System n Generic virus detection has 2 drawbacks –New viruses can be detected only if they have a sufficient amount of code in common with known viruses –It is incapable of aiding in the removal of a virus from an infected boot sector of file.

10 A Computer Immune System n Anomaly Detection – 비정상적인 상태인지 탐지 n Scanning for Known Viruses n Virus Removal n Decoys n Automatic Virus Analysis n Automatic Signature Extraction n Immunological Memory

11

Download ppt "Biologically Inspired Defenses against Computer Viruses International Joint Conference on Artificial Intelligence 95’ J.O. Kephart et al."

Similar presentations

Chapter 15 Computer Security Techniques

Chapter 15 Computer Security Techniques
Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
September,2012 Managing Files and Folders 4/23/2015 Compiled By:- Solomon W. Demissie 1.

September,2012 Managing Files and Folders 4/23/2015 Compiled By:- Solomon W. Demissie 1.
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
Computer Viruses Theory and Experiments By Dr. Frederick B. Cohen Presented by Jose Andre Morales.

Computer Viruses Theory and Experiments By Dr. Frederick B. Cohen Presented by Jose Andre Morales.
1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.

1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.
ITMS- 3153 Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Anti Virus Techniques Jordan & Ryan Use of Checksum The Binary for key files is added up to a number especially in the boot files When these files are.

Anti Virus Techniques Jordan & Ryan Use of Checksum The Binary for key files is added up to a number especially in the boot files When these files are.
Summary Notes TERM TWO BASIC SEVEN 7 Prepared by Sir Lexis Oppong Prepared by Sir Lexis Oppong ACADEMIC YEAR 2013/2014 ACADEMIC YEAR 2013/2014.

Summary Notes TERM TWO BASIC SEVEN 7 Prepared by Sir Lexis Oppong Prepared by Sir Lexis Oppong ACADEMIC YEAR 2013/2014 ACADEMIC YEAR 2013/2014.
What is it, how does it work, and why is it important?

What is it, how does it work, and why is it important?
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Automated malware classification based on network behavior

Automated malware classification based on network behavior
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
Computer Viruses Preetha Annamalai Niranjan Potnis.

Computer Viruses Preetha Annamalai Niranjan Potnis.

Similar presentations

Ads by Google