Immune based computer virus detection approaches

The computer virus is considered one of the most horrifying threats to the security of computer systems worldwide.The rapid development of evasion techniques used in virus causes the signature based computer virus detection techniques to be ineffective.Many novel computer virus detection approaches have been proposed in the past to cope with the ineffectiveness,mainly classified into three categories: static,dynamic and heuristics techniques.As the natural similarities between the biological immune system(BIS),computer security system(CSS),and the artificial immune system(AIS) were all developed as a new prototype in the community of anti-virus research.The immune mechanisms in the BIS provide the opportunities to construct computer virus detection models that are robust and adaptive with the ability to detect unseen viruses.In this paper,a variety of classic computer virus detection approaches were introduced and reviewed based on the background knowledge of the computer virus history.Next,a variety of immune based computer virus detection approaches were also discussed in detail.Promising experimental results suggest that the immune based computer virus detection approaches were able to detect new variants and unseen viruses at lower false positive rates,which have paved a new way for the anti-virus research.     

A negative selection algorithm based on hierarchical clustering of self set

Negative selection algorithm(NSA) is an important method of generating artificial immune detectors.However,the traditional NSAs aim at eliminating the self-recognized invalid detectors,by matching candidate detectors with the whole self set.The matching process results in extremely low generation efficiency and significantly limits the application of NSAs.In this paper,an improved NSA called CB-RNSA,which is based on the hierarchical clustering of self set,is proposed.In CB-RNSA,the self data is first preprocessed by hierarchical clustering,and then replaced by the self cluster centers to match with candidate detectors in order to reduce the distance calculation cost.During the detector generation process,the candidate detectors are restricted to the lower coverage space to reduce the detector redundancy.In the paper,probabilistic analysis is performed on non-self coverage of detectors.Accordingly,termination condition of the detector generation procedure in CB-RNSA is given.It is more reasonable than that of traditional NSAs,which are based on predefined detector numbers.The theoretical analysis shows the time complexity of CB-RNSA is irrelevant to the self set size.Therefore,the difficult problem,in which the detector training cost is exponentially related to the size of self set in traditional NSAs,is resolved,and the efficiency of the detector generation under a big self set is also improved.The experimental results show that:under the same data set and expected coverage,the detection rate of CB-RNSA is higher than that of the classic RNSA and V-detector algorithms by 12.3% and 7.4% respectively.Moreover,the false alarm rate is lower by 8.5% and 4.9% respectively,and the time cost of CB-RNSA is lower by 67.6% and 75.7% respectively.     

Analysis of the virtual enterprise partner selection based on multi-agent system

Today, virtual enterprise is regarded as the most competitive management model of enterprises that faces the resource of the globe. This paper proposed an instructor of remote manufacturing system supporting dynamic alliance for virtual enterprises with the multi-agent technology to solve the problem of partner enterprise selection. Grounding on the virtual enterprise＇s cooperation framework, a model was given and in which we analyze the collaboration relation among different agents. The negotiation model will reduce the time and improve the efficiency of negotiation, so the appropriate partner can be selected in a short time.     

An immune-theory-based model for monitoring inter-domain routing system

The inter-domain routing system faces many serious security threats because the border gateway protocol(BGP) lacks effective security mechanisms.However,there is no solution that satisfies the requirements of a real environment.To address this problem,we propose a new model based on immune theory to monitor the inter-domain routing system.We introduce the dynamic evolution models for the "self" and detection cells,and construct washout and update mechanisms for the memory detection cells.Furthermore,borrowing an idea from immune network theory,we present a new coordinative method to identify anomalous nodes in the inter-domain routing system.In this way,the more nodes working with their own information that join the coordinative network,the greater is the ability of the system to identify anomalous nodes through evaluation between nodes.Because it is not necessary to modify the BGP,the ITMM is easy to deploy and inexpensive to implement.The experimental results confirm the method’s ability to detect abnormal routes and identify anomalous nodes in the inter-domain routing system.     

Pick sequencing optimization problem in the rotary rack S／R system

The problem of pick sequencing in the rotary, rack S/R system (PPS-RRS) is investigated with the objective of mininizing the execution rime. The rotary rack S/R system consists of one S/R machine and multiple levels of carousals that can rotate independently in bi-directions. The routing policy, namely the decision on the storage or retrieval sequence, donfinates the efficiency and the throughput for such S/R systems, due to the complicated relationship between all levels of carousels and the S/R machine. For the purpose of optimizing the PPS-RRS, a computational model is developed in temps of execution time for picking multiple items in one trip. Characteristics of the PPS-RRS are analyzed and a local search heuristic based on a newly proposed neighborhood is presented. Integrated with the proposed local search procedure a new hybrid genetic algorithm is developed. Experimental results demonstrate the structure characteristics of good sequence and the efficiency and effectiveness of the proposed sequencing algorithms.     

Developing a multi-objective,multi-item inventory model and three algorithms for its solution

We develop a multi-objective model in a multi-product inventory system.The proposed model is a joint replenishment problem(JRP) that has two objective functions.The first one is minimization of total ordering and inventory holding costs,which is the same objective function as the classic JRP.To increase the applicability of the proposed model,we suppose that transportation cost is independent of time,is not a part of holding cost,and is calculated based on the maximum of stored inventory,as is the case in many real inventory problems.Thus,the second objective function is minimization of total transportation cost.To solve this problem three efficient algorithms are proposed.First,the RAND algorithm,called the best heuristic algorithm for solving the JRP,is modified to be applicable for the proposed problem.A multi-objective genetic algorithm(MOGA) is developed as the second algorithm to solve the problem.Finally,the model is solved by a new algorithm that is a combination of the RAND algorithm and MOGA.The performances of these algorithms are then compared with those of the previous approaches and with each other,and the findings imply their ability in finding Pareto optimal solutions to 3200 randomly produced problems.     

Dynamic task scheduling modeling in unstructured heterogeneous multiprocessor systems

An algorithm is proposed for scheduling dependent tasks in time-varying heterogeneous multiprocessor systems, in which computational power and links between processors are allowed to change over time. Link contention is considered in the multiprocessor scheduling problem. A linear switching-state space-modeling paradigm is introduced to enable theoretical analysis from a system engineering perspective. Theoretical analysis of this model shows its robustness against changes in processing power and link failure. The proposed algorithm uses a fuzzy decision-making procedure to handle changes in the multiprocessor system. The efficiency of the proposed algorithm is illustrated by several random experiments and comparison against a recent benchmark approach. The results show up to 18% average improvement in makespan, especially for larger scale systems.     

New results on discrete-time delay systems identification

A new approach for simultaneous online identification of unknown time delay and dynamic parameters of discrete-time delay systems is proposed in this paper.The proposed algorithm involves constructing a new generalized regression vector and defining the time delay and the rational dynamic parameters in the same vector.The gradient algorithm is used to deal with the identification problem.The effectiveness of this method is illustrated through simulation.     

Robust sparse principal component analysis

The model for improving the robustness of sparse principal component analysis（PCA） is proposed in this paper. Instead of the l2-norm variance utilized in the conventional sparse PCA model,the proposed model maximizes the l1-norm variance,which is less sensitive to noise and outlier. To ensure sparsity,lp-norm（0 p 1） constraint,which is more general and effective than l1-norm,is considered. A simple yet efficient algorithm is developed against the proposed model. The complexity of the algorithm approximately linearly increases with both of the size and the dimensionality of the given data,which is comparable to or better than the current sparse PCA methods. The proposed algorithm is also proved to converge to a reasonable local optimum of the model. The efficiency and robustness of the algorithm is verified by a series of experiments on both synthetic and digit number image data.     

一种基于免疫原理的动态入侵检测模型

根据生物免疫原理，提出了一个新的动态入侵检测模型，并对模型的体系结构作了详细的描述，包括自体的演化、动态耐受和动态免疫记忆过程的数学描述，同时提出基于LRU算法的记忆检测器动态降职机制。实验表明该模型具有更好的动态性和有效性。     

基于免疫的入侵检测方法研究

生物的免疫系统和计算机安全系统所面临及需要解决的问题十分类似．采用生物免疫思想的入侵检测技术可以结合异常检测和误用检测的优点．研究了基于免疫的入侵检测方法，对Self集的确定和有效检测器的生戍方法进行了研究和改进，基于反向选择机制提出了一种新的有效检测器生成算法．可以使用较少的有效检测器检测网络中的异常行为，从而提高了有效检测器生成和入侵检测的速度．通过与基于已有的有效检测器生成算法的系统进行比较，使用本文的方法构造的入侵检测系统速度更快．且有较高的准确性．     

一种新的自适应网络入侵检测模型

在基于免疫模型的网络入侵检测中,因模型对自体的动态变化缺乏自适应性导致高的误报率和漏报率。为了提高网络入侵检测模型在动态环境下的自适应性,使模型能更好地应对不断变化的外部环境,提出了一种新的自适应网络入侵检测模型。模型中详细阐述了自体的演化,对现有否定选择模型中检测器生成存在问题进行了分析,提出新的检测器生成算法,随着自体的在线自动更正,检测器可以始终保持同步更新。结果表明该模型具有很好自适应性和动态性,可以对入侵行为进行有效的识别。     

Realization of a self-recognition algorithm based on the biological immune system

As the use of the computer is popularized, the damage from computer viruses and hacking by malicious users is increasing rapidly. To block the hacking that is an intrusion into a person's computer, and the viruses that destroy data, a study into an intrusion detection and virus detection system based on the biological immune system is in progress. In this article, we describe a model of positive and negative selection for self-recognition, which has a similar function to the cytotoxic T cells that play an important role in the biological immune system. We propose a self/nonself discrimination algorithm for a computer system, which will the important when we detect data infected by a computer virus, of data modified by an intrusion from outside. We also show the validity and effectiveness of the proposed self-recognition algorithm by a computer simulation of some infected data obtained from cell changes and string changes in the self-file. This work was presented, in part, at the Seventh International Symposium on Artificial Life and Robotics, Oita, Japan, January 16–18, 2002     

A neural networks-based negative selection algorithm in fault diagnosis

Inspired by the self/nonself discrimination theory of the natural immune system, the negative selection algorithm (NSA) is an emerging computational intelligence method. Generally, detectors in the original NSA are first generated in a random manner. However, those detectors matching the self samples are eliminated thereafter. The remaining detectors can therefore be employed to detect any anomaly. Unfortunately, conventional NSA detectors are not adaptive for dealing with time-varying circumstances. In the present paper, a novel neural networks-based NSA is proposed. The principle and structure of this NSA are discussed, and its training algorithm is derived. Taking advantage of efficient neural networks training, it has the distinguishing capability of adaptation, which is well suited for handling dynamical problems. A fault diagnosis scheme using the new NSA is also introduced. Two illustrative simulation examples of anomaly detection in chaotic time series and inner raceway fault diagnosis of motor bearings demonstrate the efficiency of the proposed neural networks-based NSA.     

基于决策树的主从结构的Self集构造算法

针对基于计算机免疫的入侵检测系统中所面临着"不完全Self集"的问题,设计了基于决策树的主从结构的Self集构造算法.将决策树引入到传统的否定选择算法中,通过决策树把经过免疫耐受淘汰后的候选检测器进行重新分类,并将满足设定条件的候选检测器集合构造"从Self集",实现Self集的动态扩充,最后利用"匹配矛盾"淘汰"从Self集"中不合格的元素.实验分析结果表明了该算法的有效性,改善了检测器识别性能.     

一种用于网络入侵检测的免疫克隆策略

网络入侵检测当前面临的主要问题是如何迅速有效地检测出未知模式的入侵。借鉴生物免疫系统中的自进化学习机制,我们设计一种免疫克隆算法,该算法以生物免疫的自我非我识别为基础。进一步引入免疫克隆学习机制以提高算法对入侵模式识别的效率和正确率。论述参数的设置,并且系统不再简单地丢弃穷举法中与self匹配的候选检测器,而是对它们进行进化,引导它们偏离self集合,生成检测器。论述免疫克隆算法的具体细节,并完成相应的验证实验。实验表明该算法具有较好的识别未知模式的能力。     

基于多种群遗传算法的检测器生成算法研究

有效的检测器生成算法是异常检测的核心问题, 针对现有算法存在检测率低、匹配阈值固定、检测器集合庞大等问题, 本文提出了基于多种群遗传算法的检测器生成算法, 根据形态学空间的分析和覆盖问题原理, 自体集根据特征进行划分, 各个种群根据划分独立按遗传算法进化, 最后求得所有检测器种群的并集得到成熟的检测器. 所提出的算法有效降低检测器的冗余度, 减少检测器规模, 保持检测器的多样性; 并利用 maxSelf 实现匹配阈值 r 的自适应, 适用于多种匹配规则, 减小了阈值设置的局限性, 给出了算法的检测率高于传统算法的理论证明, 并通过实验验证了算法的有效性. 另外, 通过统计算法的时间复杂度, 证明算法时间复杂度没有明显增加.     

免疫agent概念与模型

阐述了免疫agent(ImA)这一新概念，分析了免疫agent求解实体的个性特点。构造出一种能对动态环境进行实时监控和故障预警的多免疫agent的形式化网络模型。并提出一种新颖的免疫agent算法，以此构建的系统具有更强的灵活性，鲁棒性和局部更新能力，是一个适用于动态环境的自组织系统。     

基于人工免疫的新型检测器生成模型

继承了人工免疫系统的思想，研究了KIM和BENTLEY的克隆选择算法，提出了一种适用于入侵检测的新的检测器生成模型。其核心在于两个新的算法：一是为了提高检测器的多样性及适应度水平，提出了基于相似性和适应度相结合的概率选择算法，并给出了此类概率选择的一般形式，理论分析了算法中的权重参数α。二是在产生子代检测器时，为了使得父代的优良基因能最大程度地遗传给子代，防止交叉变异中的退化现象，提出了检测器有效因子的概念和使用有效因子进行保优的策略。通过仿真实验证明合适选择α参数以及有效因子的长度阈值Neg，能使该模型具有很好的多样性和自适应性，呈现出较高的“非我”检测率和低的误检率。