2. ARTIFICIAL IMMUNE SYSTEM
Introduction
Immune system
Artificial immune system (AIS)
Virus
Negative selection Model
Different Models
Hetero Associative Model
3. INTRODUCTION
The
threats and intrusions in IT systems can basically be
compared to human diseases with the difference that the
human body has an effective way to deal with them, what still
need to be designed for IT systems. The human immune
system (HIS) can detect and defend against yet unseen
intruders, is distributed, adaptive and multilayered to name
only a few of its features. Our immune system incorporates a
powerful and diverse set of characteristics which are very
interesting to use in AIS .
“The Immune System is a complex adaptive system of cells
and molecules, distributed throughout our body, that provide
us with a basic defense against pathogenic organisms”
4. A GENTLE INTRODUCTION TO THE IMMUNE
SYSTEM
What problem is it that the IS solves?
The IS uses distributed detection to solve the problem
of distinguishing between self and nonself, which are
elements of the body, and foreign elements respectively
(actually, the success of the IS is more dependent on its
ability to distinguish between harmful nonself, and
everything else).
Why is this a hard problem?
because there are so many patterns in nonself, on the
order of 1016, that have to be distinguished from 106 self
patterns; because the environment is highly distributed;
because the body must continue to function all the time.
5. HOW DOES THE IS SOLVE THIS PROBLEM?
Most
elementary is the
skin, which is the first
skin
barrier to infection. Another
barrier is physiological
where conditions such as
pH and temperature
provide inappropriate living
conditions for foreign
organisms. Once
pathogens have entered
the body, they are dealt
with by the innate IS and
by the acquired immune
response system.
system
6.
Through a process called af finity maturation , which is essentially a
Dar winian process of variation and selection . Affinity maturation
involves a subset of lymphocytes, B-cells.
When a B-cell is activated (its affinity threshold is exceeded), by
binding to pathogens, it does two things.
things
1.
Firstly, it secretes a soluble form of its receptors, called antibodies,
antibodies
which bind to pathogens and inactivate them, or identify them to
phagocytes and other innate system defenses, which allows the innate
system to eliminate them.
2.
Secondly, the B-cell clones itself , but the copies producted by this
cloning are not perfect. Cloning is subject to ver y high mutation
rates, called somatic hypermutation , which can result in daughter
rates
cells that have somewhat different receptors from the parent.
7. AIS
Artificial Immune Systems (AIS) is a branch of
biologically inspired computation focusing on
many aspects of immune systems. AIS
development can be seen as having two target
domains: the provision of solutions to
engineering problems through the adoption of
immune system inspired concepts; and the
provision of models and simulations with which
to study immune system theories.
8. WHY ENGINEERS ARE ATTRACTED TO
THE IMMUNE SYSTEM
[1]
1)Distribution and self-organization
2)Learning, adaption, and memory
3)Pattern recognition.
4) Classification
9. VIRUS
The
world has become a more interconnected place. Electronic
communication, e-commerce, network services, and the Internet
have become vital components of business strategies,
government operations, and private communications The
number of computer viruses has been increasing exponentially
from their first appearance in 1986 to over 55 000 different
strains identified today . Viruses were once spread by sharing
disks; now, global connectivity allows malicious code to spread
farther and faster. Similarly, computer misuse through network
intrusion is on the rise. applying immune mechanisms to
computer security has developed into a new field, attracting
many researchers. Forrest applied immune theor y to
computer abnormality detection for the first time in
1994 . Since then, many researchers have proposed various
different malware detection models and achieved some success.
10. DIFFERENT MODELS TO DETECT THE
VIRUS
Negative selection model
Partial matching rule
Anomaly detection model
Self & Non-self model
A Hierarchical Artificial Immune Model
Agent based algorithm
18.
initialize Agent () {
Receive agent from server
Load it into the target machine
Agent( ) } } Agent(){
Scan memory with the help of agent to known malware
for each process in memory{
signature=extractSignature(processID)
Scan memory for processes according to “self” & “Non-self” database entries
If process is “non-self” database{
Status=PreventiveAction(processID, signature) } }
// after assurance that all processes in memory are “self”
while agentAge<criticalAge{
Monitor all processes loaded in memory
If loaded process not self{
Run Agent to scan if a known malware{
if yes, terminate process and update log file
else status=PreventiveAction(processID, signature) } } }
20.
CODE FOR DETECT THE VIRAL CODE &
LEGAL CODE
let
Ni = Legal_code
let Nj = pseudo_ code
let No = Viral_code
creating a training set & comprised of self pattern
initially Ni != Nj
& Ni != No
for(i=0;I<10;i++)
for(j=0;j<=10;j++)
use sliding window principle
if Ni match with Nj
& Ni mismatch with No
then Nj = legal code
& No = viral code
end
21. USING BAM ALGORITHM DETECT THE
VIRAL CODE
Let A1 is the = Legal code & B1 is the = Pseudo code
Let A1 is the = Legal code & B1 is the = Pseudo code
A1 = (100001)
B1 = (11000)
A2 = (011000)
B2 = (10100)
A3 = (001011)
B3 = (01110)
converting these in bipolar form
X1 = (1 -1 -1 -1 -1 1 )
Y1 = (11-1 -1 -1 )
X2 = (-111-1-1-1)
Y2 = (1-11-1-1)
X3 = (-1-11-111)
Y3 = (-1111-1)
calculate the matrix corrlation
T
T
T
24. CONTINUE
β’ = (-1 1 1 1 -1)
β’MT = [ -5 -5 5 -3 7 5]
ø (β’MT ) = [-1 -1 1 -1 1 1] = α’
α’M = ( -1 -1 1 -1 1 1)
(M) = (-6 6 6 6 -6)
ø (α’M) = (-1 1 1 1 -1) = β” = β’
If β’ = β” then Legal code = pseudo code then the pseudo code is
the legal code
If β’ ≠ β” then Legal code ≠ pseudo code then the pseudo code is
the viral code
so here we conclude that B1 is a legal code .
25. CONCLUSION
We have described a novel AIS-based method
to overcome shortcomings in traditional AIS
models.
BAM Model is a easiest way to detect the virus
& missing letter & errors.