Research On The Worm Detection Technology Based On Artificial Immune

As network technology progresses rapidly and security issues have become obstrusive at the same time,many malicious programs cause huge threats to users.The worm with its high transmission speed and huge damage causes wide attention.Traditional detection methods include signature verification and feature library comparison,but these static testings struggle to cope with changeable malicious programs because of the lack of flexibility.Artificial immune algorithm in the field of anomaly detection has an out standing performance,while the dendritic cell algorithm(DCA)has obvious advantages in terms of real-time detection.Around the DCA algorithm,this article improves the algorithm aimed at the intrusion detection and dynamic calls and makes judgment by monitoring dynamic behaviors.The experimental results show that compared with the feature library comparison method(not by DCA algorithm),the DCA algorithm reduces the false detection rate;Compared with the traditional DCA algorithm,the improvement of DCA algorithm improves the detection rate.The worm detection software's detection rate is 92.5% and error detection rate is 6.7%.It has reached the expected goal.This paper's main work and achievements are as follows:1?Research on worms' behaviors.Firstly the definition of the worm,the function structure and propagation models are introduced.Then worms' behavior feature extraction methods are introduced.This article selects 10 typical worms as analysis objects,then uses the basic knowledge of data mining and analyses WinAPIOverride32's monitoring results,finally extracts typical behavior characteristics of the worm.2?Study on the improvement of DCA algorithm and validation for intrusion detection.For the intrusion detection dataset KDD and the characteristics of the smurf attack,this paper improves and implements DCA algorithm by using MATLAB programming,then validates the effectiveness of the algorithm by using the UCI data sets and KDD intrusion detection data set.The experimental results show that the DCA algorithm of detection rate reachs 98.19%.Thus,the DCA algorithm is suitable for the binary classification data and intrusion detection field.3?Research on dynamic detection and system implementation based on the DCA algorithm.This paper adopts scoring system according to the characteristics of the DCA algorithm and changes to quadratic rendering comparison so as to judge processes' attributes.The system implementation process includes data collection,analysis,calculation and the result processing.Data acquisition uses the driver layer programming and monitors behaviors of running processes in real time.Analysis and calculation is a practical application of the improved DCA algorithm.Finally through the worm detection experiment,the detection rate and false detection rate are compared between the improved DCA algorithm(secondary rendered)and the feature library comparison method(not by DCA algorthm)and the traditional DCA algorithm(one-time rendered).