Study Of Worm Detection And Response Based On Artificial Immune System

The computer worms, a type of self-propogating malicious code represents a significant threat in recent times as the ablility of these programs to spread and infect systems has increased dramatically. Under such a constantly hostile environment, the traditional manual patching approach to protecting system is clearly not effective. However, current automated detection and response approach has a number of significant hurdles to overcome. One of the most noteworthy obstacle is the high false positive error problem. The objective of this paper is to propose a solution to this problem by building an automated worm detection and response system based on the Artificial Immune System (AIS), and to discuss many properties of AIS, including memory, error tolerance, dynamic learning, adaptation and diversity, which impact the robustness and false positive of the detection system.Firstly, a common architecture of AIS is described. In this section, the immunological conception will be briefly introduced in necessity, and the equivalent biological mechanisms that inpired the model shall be described in detail, including the definition of the immune problem, detectors and their training, memory, sensitivity, costimulation, detector's lifecycle, representations and response.Secondly, a novel AIS model for worm detection and response is proposed: the T cell based cooperative automated worm detection and response system, that adopts numerous mechanisms inspired from the differentiation states of T cells. In this section, the overall architecture and components of the AIS that adopts T cell inspired mechanisms is described in detail, and it is illustrated how this strategy facilitating the detection and response system with T cell immunity and tolerance. Consequently, the design and implementation of the previously mentioned worm detection and response system simulation on the Network Simulator is presented. The end part of this section analyzes the results of the simulation experiment, and assesses the impact of regulating false positive error for the worm detection and response system by T cell immunity and tolerance.At last, the paper concludes with details of future work and other technology that may facilitate current application.