Abstract
Artificial Immune System (AIS) achieved some success in malware detection with its distributed, diverse and adaptive characteristics. However, in recent years, malware is evolving quickly in respect of stealth and complexity. This trend has brought a great challenge for AIS, especially when spyware emerged. To solve this problem, natural killer cells (NKs) which can lure latent viruses to expose themselves are introduced to AIS in this paper. We hope their counterparts can enhance the anti-latent capability of AIS by enticement strategy and collaboration with other AIS algorithms. Preliminary results show that artificial NKs can discover tiny abnormalities caused by novel spyware, and then release proper bait (called induction cytokines) to trigger the spyware’s actions which will expose itself to further detection by AIS.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Gilman, N.: Hacking Goes Pro. Engineering & Technology 4(3), 26–29 (2009)
Thompson, R.: Why Spyware Poses Multiple Threats to Security. Communications of the ACM 48(8), 41–43 (2005)
Borders, K., Zhao, X., Prakash, A.: Siren: Catching Evasive Malware (Short Paper). In: 2006 IEEE Symposium on Security and Privacy, pp. 78–85. IEEE Computer Society, Los Alamitos (2006)
Chandrasekaran, M., Vidyaraman, S., Upadhyaya, S.: SpyCon: Emulating User Activities to Detect Evasive Spyware. In: IEEE Int’l Conference on Performance, Computing, and Communications, pp. 502–509 (2007)
Aycock, J.: Spyware and Adware. Springer, New York (2010)
Shaw, M., Gribble, S.D.: Reverse Firewalls in Denali. In: 5th Symposium on Operating Systems Design and Implementation. USENIX Association, Berkeley (2002)
Borders, K., Prakash, A.: Web Tap: Detecting Covert Web Traffic. In: 11th ACM Conference on Computer and Communications Security, pp. 110–120. ACM Press, New York (2004)
Wang, Y., Roussev, R., Verbowski, C., Johnson, A., Wu, M., Huang, Y., Kuo, S.: Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management. In: LISA: 18th Systems Administration Conference, pp. 33–46 (2004)
Wang, Y.M., Beck, D., Vo, B., Roussev, R., Verbowski, C.: Detecting stealth software with Strider GhostBuster. In: International Conference on Dependable Systems and Networks, pp. 368–377. IEEE Press, Los Alamitos (2005)
Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-based Spyware Detection. In: 15th USENIX Security Symposium, pp. 273–288. USENIX Association, Berkeley (2006)
Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic Spyware Analysis. In: 2007 USENIX Annual Technical Conference. USENIX Association, Berkeley (2007)
Arastouie, N., Razzazi, M.R.: Hunter: An Anti Spyware for Windows Operating System. In: 3rd International Conference on Information and Communication Technologies: From Theory to Applications, pp. 1–5. IEEE Press, Los Alamitos (2008)
Al-Hammadi, Y., Aickelin, U.: Detecting Bots Based on Keylogging Activities. In: 3rd International Conference on Availability, Reliability and Security, pp. 896–902 (2008)
Han, J., Kwon, J., Lee, H.: HoneyID: Unveiling Hidden Spywares by Generating Bogus Events. In: SEC 2008. IFIP, vol. 278, pp. 669–673. Springer, Boston (2008)
Ortolani, S., Giuffrida, C., Crispo, B.: Bait Your Hook: A Novel Detection Technique for Keyloggers. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 198–217. Springer, Heidelberg (2010)
Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune System Approaches to Intrusion Detection - A Review. Natural Computing 6(4), 413–466 (2007)
Al-Hammadi, Y., Aickelin, U., Greensmith, J.: DCA for Bot Detection. In: 2008 IEEE Congress on Evolutionary Computation, pp. 1807–1816. IEEE Press (2008)
Manzoor, S., Shafiq, M., Tabish, S., Farooq, M.: A Sense of ‘Danger’ for Windows Processes. In: Andrews, P.S., Timmis, J., Owens, N.D.L., et al. (eds.) ICARIS 2009. LNCS, vol. 5666, pp. 220–233. Springer, Heidelberg (2009)
Fu, J., Liang, Y.W., Tan, C.Y., Xiong, X.F.: Detecting Software Keyloggers with Dendritic Cell Algorithm. In: 2010 International Conference on Communications and Mobile Computing, pp. 111–115. IEEE Computer Society, Los Alamitos (2010)
Caligiuri, M.A.: Human Natural Killer Cells. Blood 112(3), 461–469 (2008)
Matzinger, P.: Tolerance, Danger, and the Extended Family. Annu. Rev. Immunol. 12, 991–1045 (1994)
Lanier, L.L.: NK Cell Recognition. Annu. Rev. Immunol. 23, 225–274 (2005)
Soderberg-Naucler, C., Fish, K.N., Nelson, J.A.: Reactivation of Latent Human Cytomegalovirus by Allogeneic Stimulation of Blood Cells from Healthy Donors. Cell 91(1), 119–126 (1997)
Guan, H., Moretto, M., Bzik, D.J., Gigley, J., Khan, I.A.: NK Cells Enhance Dendritic Cell Response against Parasite Antigens via NKG2D Pathway. The Journal of Immunology 179, 590–596 (2007)
Piccioli, D., Sbrana, S., Melandri, E., Valiante, N.M.: Contact-dependent Stimulation and Inhibition of Dendritic Cells by Natural Killer Cells. The Journal of Experimental Medicine 195(3), 335–341 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fu, J., Yang, H., Liang, Y., Tan, C. (2012). Bait a Trap: Introducing Natural Killer Cells to Artificial Immune System for Spyware Detection. In: Coello Coello, C.A., Greensmith, J., Krasnogor, N., Liò, P., Nicosia, G., Pavone, M. (eds) Artificial Immune Systems. ICARIS 2012. Lecture Notes in Computer Science, vol 7597. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33757-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-33757-4_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33756-7
Online ISBN: 978-3-642-33757-4
eBook Packages: Computer ScienceComputer Science (R0)