The Research Of Computer Virus Detection Based On Computer Immunology

With the rapid development of information technology, especially of Internet, computer viruses today tend to spread more quickly and widely, the threat of computer viruses to computer security becomes more and more outstanding. But meanwhile, the traditional virus detection technologies seem weak and passive before the viruses . The principle used by immune system to protect body successfully from invasions provides an important hint for the investigation of computer security. From the viewpoint of information-processing,immune system is in fact a compelling example of massively parallel information-processing system. It has some good characteristics of being distributed, adaptive, robust ,which computer security systems today do not bear. The successful defense of biological immune system against biological viruses show us a good example to build "computer virus immune system"(CVIS). Based on a research of computer virus detection technology and existing CVIS, this thesis extends anomaly detection method and points out that the stable attributes of the process can differentiate between normal and abnormal programs. A virus detection method based on immune principles is proposed accordingly. The experiment of the method shows it is a good solution to unknown viruses detection. A model of detectors of multiple kinds is constructed according to the process detection method. Finally, a virus detection scheme based on the immune detection model is proposed, in which a distributed structure of multiple cooperating nodes is adopted to detect and defense viruses. Specifically, the contribution of the thesis includes as follows: Analyzing computer virus and present virus detection technologies. Explaining and analyzing the main principle of computer immunology and its application in computer security. Analyzing present computer virus immune systems. Proposing a method of define "self"from dynamic attributes of process and design a detector model based on immune principle from the definition. Experimenting on the immune virus detecting method. Proposing a virus detection scheme based on immunology principles.