Artificial Immune System for

Computer Security

Presenting by

NAME -Sweta leena panda

ARTIFICIAL IMMUNE SYSTEMARTIFICIAL IMMUNE SYSTEM

Introduction Immune system Artificial immune system (AIS) Virus Negative selection Model Different Models Hetero Associative Model

INTRODUCTIONINTRODUCTION

The threats and intrusions in IT systems can basically be compared to human diseases with the difference that the human body has an effective way to deal with them, what still need to be designed for IT systems. The human immune system (HIS) can detect and defend against yet unseen intruders, is distributed, adaptive and multilayered to name only a few of its features. Our immune system incorporates a powerful and diverse set of characteristics which are very interesting to use in AIS .

“The Immune System is a complex adaptive system of cells and molecules, distributed throughout our body, that provide us with a basic defense against pathogenic organisms”

What problem is it that the IS solves?What problem is it that the IS solves?

The IS uses The IS uses distributed detectiondistributed detection to solve the problem to solve the problem of distinguishing between of distinguishing between selfself and and nonselfnonself, which are , which are elements of the body, and foreign elements respectively elements of the body, and foreign elements respectively (actually, the success of the IS is more dependent on its (actually, the success of the IS is more dependent on its ability to distinguish between ability to distinguish between harmfulharmful nonself nonself, and , and everything else). everything else).

Why is this a hard problem?Why is this a hard problem?

because there are so many because there are so many patternspatterns in in nonselfnonself, on the , on the order of order of 10101616, that have to be distinguished from , that have to be distinguished from 101066 self self patternspatterns; because the ; because the environmentenvironment is is highly distributedhighly distributed; ;

because the body must continue to function all the time.because the body must continue to function all the time.

A GENTLE INTRODUCTION TO THE IMMUNE A GENTLE INTRODUCTION TO THE IMMUNE SYSTEMSYSTEM

HOW DOES THE IS SOLVE THIS PROBLEM?HOW DOES THE IS SOLVE THIS PROBLEM?

Most elementary is the skinskin, which is the first barrier to infection. Another barrier is physiologicalphysiological where conditions such as pH and temperature provide inappropriate living conditions for foreign organisms. Once pathogens have entered the body, they are dealt with by the innate ISinnate IS and by the acquired immune acquired immune response systemresponse system.

Through a process called af f inity maturation, which is essentially a Darwinian process of variation and selection . Affinity maturation involves a subset of lymphocytes, B-cells.

When a B-cell is activatedWhen a B-cell is activated (its affinity threshold is exceeded), by binding to pathogens, it does two thingsit does two things.

1. Firstly, it secretesit secretes a soluble form of its receptors, called antibodiesantibodies, which bind to pathogens and inactivate them, or identify them to phagocytes and other innate system defenses, which allows the innate system to eliminate them.

2. Secondly, the B-cell clones itselfthe B-cell clones itself , but the copies producted by this cloning are not perfect. Cloning is subject to very high mutation to very high mutation ratesrates, called somatic hypermutationsomatic hypermutation , which can result in daughter cells that have somewhat different receptors from the parent.

AISAIS

Artificial Immune Systems (AIS) is a branch of biologically inspired computation focusing on many aspects of immune systems. AIS development can be seen as having two target domains: the provision of solutions to engineering problems through the adoption of immune system inspired concepts; and the provision of models and simulations with which to study immune system theories.

WHY ENGINEERS ARE ATTRACTED TO WHY ENGINEERS ARE ATTRACTED TO THE IMMUNE SYSTEMTHE IMMUNE SYSTEM

1)Distribution and self-organization

2)Learning, adaption, and memory

3)Pattern recognition.

4) Classification

[1][1]

VIRUSVIRUS

The world has become a more interconnected place. Electronic communication, e-commerce, network services, and the Internet have become vital components of business strategies, government operations, and private communications The number of computer viruses has been increasing exponentially from their first appearance in 1986 to over 55 000 different strains identified today . Viruses were once spread by sharing disks; now, global connectivity allows malicious code to spread farther and faster. Similarly, computer misuse through network intrusion is on the rise. applying immune mechanisms to computer security has developed into a new field, attracting many researchers. Forrest applied immune theory to computer abnormality detection for the f irst t ime in 1994 . Since then, many researchers have proposed various different malware detection models and achieved some success.

DIFFERENT MODELS TO DETECT THE DIFFERENT MODELS TO DETECT THE VIRUS VIRUS

Negative selection model Partial matching rule Anomaly detection model Self & Non-self model A Hierarchical Artificial Immune Model Agent based algorithm

NEGATIVE SELECTIONNEGATIVE SELECTION MODEL MODEL

NEGATIVE SELECTIONNEGATIVE SELECTION

PARTIAL MATCHING RULEPARTIAL MATCHING RULE

ANOMALY DETECTION MODELANOMALY DETECTION MODEL

SELF & NON-SELF MATCHINGSELF & NON-SELF MATCHING

AGENT BASED ALGORITHMAGENT BASED ALGORITHM

initialize Agent () { Receive agent from server Load it into the target machine Agent( ) } } Agent(){ Scan memory with the help of agent to known malware for each process in memory{ signature=extractSignature(processID) Scan memory for processes according to “self” & “Non-self” database entries If process is “non-self” database{ Status=PreventiveAction(processID, signature) } } // after assurance that all processes in memory are “self” while agentAge<criticalAge{ Monitor all processes loaded in memory If loaded process not self{ Run Agent to scan if a known malware{ if yes, terminate process and update log file else status=PreventiveAction(processID, signature) } } }

HETERO ASSOCIATIVE MODEL HETERO ASSOCIATIVE MODEL (BAM MODEL)(BAM MODEL)

CODE FOR DETECT THE VIRAL CODE & CODE FOR DETECT THE VIRAL CODE & LEGAL CODELEGAL CODE

-  

let Ni = Legal_code let Nj = pseudo_ code let No = Viral_code creating a training set & comprised of self pattern initially Ni != Nj & Ni != No for(i=0;I<10;i++) for(j=0;j<=10;j++) use sliding window principle if Ni match with Nj & Ni mismatch with No then Nj = legal code & No = viral code end    

USING BAM ALGORITHM DETECT THE USING BAM ALGORITHM DETECT THE VIRAL CODEVIRAL CODE

Let A1 is the = Legal code & B1 is the = Pseudo code

  Let A1 is the = Legal code & B1 is the = Pseudo code A1 = (100001) B1 = (11000)   A2 = (011000) B2 = (10100)   A3 = (001011) B3 = (01110)   converting these in bipolar form     X1 = (1 -1 -1 -1 -1 1 ) Y1 = (11-1 -1 -1 )   X2 = (-111-1-1-1) Y2 = (1-11-1-1)   X3 = (-1-11-111) Y3 = (-1111-1)   calculate the matrix corrlation   M = X1TY1 + X2TY2 + X3TY3

1 1 -3 -1 1   1 -3 1 -1 1   -1 -1 3 1 -1   -1 -1 -1 1 3 -3 1 1 3 1   = -1 3 -1 1 -1

let us suppose that we start with α = X3 αM = ( -1 -1 1 -1 1 1 ) 1 1 -3 -1 1   1 -3 1 -1 1   -1 -1 3 1 -1   -1 -1 -1 1 3 -3 1 1 3 1   -1 3 -1 1 -1   = [ -6 6 6 6 -6 ]  

CONTINUECONTINUE

β’ = (-1 1 1 1 -1) β’MT = [ -5 -5 5 -3 7 5] ø (β’MT ) = [-1 -1 1 -1 1 1] = α’ α’M = ( -1 -1 1 -1 1 1) (M) = (-6 6 6 6 -6)  ø (α’M) = (-1 1 1 1 -1) = β” = β’

If β’ = β” then Legal code = pseudo code then the pseudo code is the legal code

If β’ ≠ β” then Legal code ≠ pseudo code then the pseudo code is the viral code

so here we conclude that B1 is a legal code .

CONCLUSIONCONCLUSION

We have described a novel AIS-based method to overcome shortcomings in traditional AIS models.

BAM Model is a easiest way to detect the virus & missing letter & errors.