this report (De Castro & Von Zuben, 1999) is intended to present the basic theory and concepts necessary for the development of immune-based systems. It brings an instructive introduction to the mammal immune system and depicts its most relevant aspects from the viewpoint of engineering. Mechanisms like the clonal selection theory, the immune response along with its affinity maturation process and the immune network hypothesis are emphasized. A few computational algorithms were developed and applied to several different types of problems in order to demonstrate how principles gleaned from the immune system can and must be used in the design of engineering tools for solving complex tasks. In addition, it is introduced an emerging area of research, called immune engineering. The immune engineering is comprised of several strategies, like artificial immune systems, immune-based systems, immunogenetic approaches, etc., and is supposed to include any technique developed using ideas from immunology.

In the search for a robust and efficient algorithm to be used for computer virus detection, we have developed an artificial immune system genetic algorithm (REALGO) based on the human immune system’s use of reverse transcription ribonucleic acid (RNA). The REALGO algorithm provides memory such that during a complex search the algorithm can revert back to and attempt to mutate in a different “direction ” in order to escape local minima. In lieu of non-existing virus generic templates, validation is addressed by using an appropriate variety of function optimizations with landscapes believed to be similar to that ofvirus detection. It is empirically shown that the REALGO algorithm finds “better ” solutions than other evolutionary strategies in four out of eight test functions and finds equally “good ” solutions in the remaining four optimization problems.

Abstract — This paper presents a unified way to unite major computer threat researchers, students, volunteers and amigos in antivirus industry under the umbrella of a Unified Model for Computer Threat Protection. The suggested model slices protection mechanism into two compatible parts to promote indigenous custom antivirus development. First part, rather static in nature, is unique custom antivirus software developed by individual organizations (users) that meets their specific needs. The other one, dynamic in nature, is the threat definition and research part contributed by global researchers’ community in a standardized way to form a global public virus definition library. At the end a tentative sketch of such custom software for a strategic organization is also presented to model basic construct and essentials of an effective antivirus.

The widespread use of the Internet has caused computer security to become an important issue. Currently, antivirus software is the primary mechanism that prevents computers from the damage of viruses. Such a mechanism relies on the update of virus patterns (or signatures) to detect new viruses. However, serious damage is usually caused before the update occurs. In addition, a few modification of the same virus can pass the pattern matching. This is one reason that the quantity of new viruses has exceeded 600 per month. This situation has also caused inefficiency in virus scans. To overcome the above problems, a new memory symptom-based approach is proposed in this paper. This idea comes from how diseases are diagnosed in real life. Doctors diagnose diseases based on the symptoms of a patient, such as a fever, a cough, etc., rather than based on the type of virus. Similarly, the program execution requires the usage of computer resources, such as CPU, memory, network, etc. We define the usage of a resource as a “symptom ” of the program. Viruses can be detected according to their symptoms. In this paper, we focus on the memory symptom. The memory symptom of an unknown program is sampled, encoded, and matched with those of sample programs. Then a certainty factor (CF) value is computed to represent the possibility that the unknown program is a virus. In the experimental study, 109 test programs were detected. According to the analysis of the confusion matrix, a true positive rate can be as high as 97 percent, and a false positive rate can be 13 percent while the unknown rate is only 18 percent. This shows that the memory symptom-based approach is effective for virus detection.

Abstract—Spyware detection can be achieved by using machine learning techniques that identify patterns in the End User License Agreements (EULAs) presented by application installers. However, solutions have required manual input from the user with varying degrees of accuracy. We have implemented an automatic prototype for extraction and classification and used it to generate a large data set of EULAs. This data set is used to compare four different machine learning algorithms when classifying EULAs. Furthermore, the effect of feature selection is investigated and for the top two algorithms, we investigate optimizing the performance using parameter tuning. Our conclusion is that feature selection and performance tuning are of limited use in this context, providing limited performance gains. However, both the Bagging and the Random Forest algorithms show promising results, with Bagging reaching an AUC measure of 0.997 and a False Negative Rate of 0.062. This shows the applicability of License Agreement Categorization for realizing informed software installation. Keywords-Parameter tuning; EULA analysis; Spyware; automated detection