A Computer Virus Detecting Model based on Artificial Immune and Key Code

ABSTRACT

Existing antivirus technology depends on extracting signatures. They are inefficient on detecting diverse forms of computer viruses, especially new variants and unknown viruses. Inspired by biological immune system, a virus detection model based on artificial immune and key-signatures extraction is proposed. This model adopt TF-IDF Algorithm to extract virus ODNS from virus DNA parts on code level, and on gene level these virus ODNs are matched by slither window to form virus candidate gene library and normal candidate gene library; then distinguish these gene through negative selection algorithm to generate a detecting virus gene library; Last on the testing procedure level, use a cosine similarity algorithm to estimate the testing procedure relevant to virus. To identify most of new variants and camouflage viruses， virus polymorphism is considered. Different unsteady length genes compose a virus, and a r-adjustable match rule based on RCB r-chunks is adopted to extract virus detecting library, which can mostly present virus signatures. In order to make full use of effective information and fully taking the advantages of relevance between virus genes, in procedure phase, suspicious programs are analyzed in contrast to the detecting gene matching technique, which leads to a fairly level false and positive rate.

Keywords:

Artificial immune, cosine similarity algorithm, feature extraction, successive matching, TF-IDF algorithm.