Unknown Trojans Detection System Based On Artificial Immune Research And Realization

Huge economic losses are brought to people because of the viruses, Trojans, hackers and other malicious programs which are flooded in Internet which gives people lots of convenience. The truth that Trojan has caused people the biggest serious loss is confirmed by some surveys. The Trojan detection has been the focus of network security. Now it is a new way to solve the scientific problems based on the law of nature. The traditional Trojan detection can not detect Trojan self-learning and adaptive. The defects which belong to traditional Trojan detection are solved by biology immune system. Trojan detection based on artificial immune is researched in this paper.Firstly, the traditional technology of Trojan detection and the principle of biology immune system are analyzed. The defect that the traditional Trojan detection has caused is analyzed. The feasibility and significance of the artificial immune appliance in Trojan detection system are analyzed. Some normal artificial immune algorithms are introduced, such as negative selection algorithm, clone selection algorithm and dynamic clone selection algorithm. The features of the three algorithms are analyzed.Secondly, the special non-self set which is composed of the special non-self antigens which are similar with self antigens is added. If the antibody matches the special non-self antigen, the antibody needs not to be matched with self antigen. Because each feature of the actual network behaviors has not the same ability to judge the whole network behavior. If these features are processed equally, the detection rate will reduce and the false alarm rate will rise. The different rates of the different attribute fields are set to calculate the antibody affinity.Thirdly, if the affinity of the mature antibody which has detected the antigen which is not the non-self antigen is zero, the antibody needs to be removed. If the affinity of the mature antibody which has detected the antigen which is not the non-self antigen is not zero, the antibody needs to be variated to be a new immune antibody. a part of the memory antibodies which have not detected the non-self antigens for a long time needed to be selected to calculate their affinity. If the affinity is zero, the memory antibody needs to be variated to be a new immune antibody. If the affinity is not zero but small, the memory antibodies needs to be mature antibody.The Trojan detection system based on artificial immune is designed and implemented. The performance of the system is proved to be better than the traditional immune algorithms by the test of experiment.