Artificial Immune Clonal Selection Classification Algorithms for Classifying Malware and Benign Processes Using API Call Sequences

Abstract Machine learning is an important field of artificial intelligence in which models are generated by extracting rules and functions from large datasets. Machine learning includes a diversity of methods and algorithms such as decision trees, lazy learning, knearest neighbors, Bayesian methods, Gaussian processes, artificial neural networks, support vector machines, kernel algorithms, and artificial immune systems (AIS). AIS are computation tools that emulate processes and mechanisms of the biological immune system. AIS use the learning, memory, and optimization capabilities of the immune system to develop computational algorithms for function optimization, pattern recognition, novelty detection, and process control, and classification. There are four main sub fields of research that have emerged in AIS cantered on prominent immunological theories; negative selection algorithms, immune network algorithms, danger theory algorithms, and clonal selection algorithms. In this paper, we will analyze API call sequence of a process to classify it as benign or malicious. We have collected API call traces of real malware and benign processes running on Windows operating system. We will employ eight commonly used clonal selection algorithms: AIRS1, AIRS2, AIRS2 Parallel, CLONALG, CSCA, IMMUNOS-1, IMMUNOS -81, and IMMUNOS -99. We evaluate the accuracy of these algorithms for classifying between malware and benign processes using API call sequences

Adaptive artificial immune networks for mitigating DoS flooding attacks

Denial of service attacks pose a threat in constant growth. This is mainly due to their tendency to gain in sophistication, ease of implementation, obfuscation and the recent improvements in occultation of fingerprints. On the other hand, progress towards self-organizing networks, and the different techniques involved in their development, such as software-defined networking, network-function virtualization, artificial intelligence or cloud computing, facilitates the design of new defensive strategies, more complete, consistent and able to adapt the defensive deployment to the current status of the network. In order to contribute to their development, in this paper, the use of artificial immune systems to mitigate denial of service attacks is proposed. The approach is based on building networks of distributed sensors suited to the requirements of the monitored environment. These components are capable of identifying threats and reacting according to the behavior of the biological defense mechanisms in human beings. It is accomplished by emulating the different immune reactions, the establishment of quarantine areas and the construction of immune memory. For their assessment, experiments with public domain datasets (KDD’99, CAIDA’07 and CAIDA’08) and simulations on various network configurations based on traffic samples gathered by the University Complutense of Madrid and flooding attacks generated by the tool DDoSIM were performed.Depto. de Ingeniería de Software e Inteligencia Artificial (ISIA)Fac. de InformáticaTRUEpu