Applications of Immune System Computing

background image

Applications of Immune System

Computing

Ricardo Hoar

background image

What kind of applications?

l

Computer Security

l

Pattern Recognition

l

Data Mining and Retrieval

l

Multi-Agent Systems

l

Design Optimization

l

Control Applications

l

Robotics

l

background image

A Distributed Architecture for a Self

Adaptive Computer Virus Immune System

Gary B. Lamont, Robert E. Marmelstein,

and David A. Van Veldhuizen

l

Simplified Biological IS Model (BIS)

l

Relationships between BIS and CVIS

l

CVIS model

l

Discussion of some algorithms involved in
CVIS

background image

Simplified Biological IS Model

l

Extracellular BIS

High level set of interacting components:

l

Generator/Repressor

B-cells, antibodies

l

Detector

Detect antigen , detect host/non host

l

Classifier

Once antigen detected, B-cell determines type

l

Purger

Eg. Macrophage , antigen purging or cleansing

l

BIS memory

A store of successful B-cell threat responses

l

Adaptation process

Continual updating in reaction to imperfect coverage of all

pathogens

background image

Extracellular BIS (Diagram)

background image

Intracellular BIS

l

Attempts to find antigens within living human cells.

l

Generate “Helper” T Cells which can promote antibody
prodection from B cells

l

Antigen Presentation

l

Major Histocompatability Complex (recognition by T
cells)

background image

Intracellular BIS (Diagram)

background image

Computer Virus

l

Significant Computer Threat

l

High “birth rate” of new viruses

l

Inability of Anti-Virus software to detect the
newest Viruses.

background image

Current Methods for Virus

Scanning

l

Current Virus scanning Software looks for bit
patterns known to belong to a specific virus.
Additionally deductive techniques use “rules of
thumb” to identify programs that exhibit “virus
like” behaviors.

l

Although reliable , these methods rely on static
knowledge bases, resulting in a the need for
continual updating.

background image

More robust method needed

l

Why not apply the principals from immune
computing to this obvious application of
scanning for Viruses?

l

Which components of BIS can be used to
define a Computer Virus Immune System ?

l

What are the main implementation challenges?

background image

Computer Virus Immune System

l

Components

Genereate/Suppress Virus

l

Generate random signatures, Compare signatures to prior sig.

Classify Virus

l

Isolate virus based on its characteristics, signature extraction

Purge Virus

l

Purge the virus and repair damaged system resources

Augment Virus Database

l

If new virus, add to memory

l

Main Challenge

Replicating BIS inherent parallelism

background image

Generic CVIS Algorithm

background image

Self/Non-Self Determination

l

Distinguishing legitimate computer resources
from those corrupted by a computer virus

l

Accomplished via

detectors generated at

random and compared to protected data

l

Requires a significant number of detectors

l

Can become cumbersome if protecting
changing files due to creation of new detectors

background image

Self/Non-Self Determination Algorithm

background image

Virus Decoy

l

Uses decoy programs whose sole purpose is

to become infected

l

Infected decoy can automatically extract viral

signature

l

Does not require the regeneration with

changing files

l

Must be used in conjunction with another

method to identify classified viruses

background image

Virus Decoy Algorithm

background image

Immunity by Design: An Artificial

Immune System

Steven A. Hofmeyr
and

Stephanie

Forrest

background image

ARCHITECTURE

l

To preserve generality, we represent both the protected
system (self) and infectious agents (nonself) as dynamically
changing sets of bit strings.

l

In cells of the body the profile of expressed proteins (self)
changes over time, and likewise, we expect our set of
protected strings to vary over time.

l

The body is subjected to different kinds of infections over
time; we can view nonself as a dynamically changing set of
strings.

background image

EXAMPLE: NETWORK

SECURITY

l

We define self to be the set of normal pair wise

connections (at the TCP/IP level) between

computers.

l

A connection is defined in terms of its “data-path

triple”—the source IP address, the destination IP

address, and the service (or port) by which the

computers communicate. (49 bit string)

l

Self signifies recognized familiar addresses while

Non-self represents “foreign” addresses

background image

NETWORK

SECURITY

l

Each detector cell is represented by a 49 bit string.

l

Detection = String Matching

l

New detectors are randomly generated and eliminated

if they are matched while still immature (removal of

self)

l

Mature detectors can activate an alarm if a threshold is

reached or be removed if they remain unmatched.

l

This balance between naïve immature and mature

cells gives the system adequate adaptability to new

antigens.

background image

The Architecture of the AIS.

background image

Lifecycle of a detector

background image

EXPERIMENTAL RESULTS

l

Two data sets were collected:

l

The self set was collected over 50 days.

l

Self = 1.5 million datapaths mapped to 49-bit binary strings.

l

At time 0 in the simulation a synthetic attack was detected
with probability p = 0.23.

l

After letting the system respond and adapt for 3 months
attack detected with probability 0.76, demonstrating the
effectiveness of AIS for learning

background image

Combinatorial Optimization (n-TSP

Problem)

background image

l

Endo et al. (1998) and Toma et al. (1999) proposed an
adaptive optimization algorithm based on the immune
network
model and MHC peptide presentation. In this model,
immune network principles were used to produce adaptive
behaviors of agents and MHC was used to induce
competitive behaviors among agents. The agents possessed a
sensor, mimicking MHC peptide presentation by
macrophages, the T-cells were used to control the behavior
of agents and the B-cells were used to produce behaviors.

Combinatorial Optimization
(n-TSP Problem)

background image

Problem Comparison

background image
background image

Refrences

l

de Castro, L, Zuben, F.

ARTIFICIAL IMMUNE SYSTEMS: PART II – A

SURVEY OF APPLICATIONS Technical Report DCA-RT 02/00 accessed
from:

http://www.cs.plu.edu/pub/faculty/spillman/seniorprojarts/ids/part2.pdf

l

Hofmeyr, S., Forrest S.

Immunity by Design: An Artificial Immune System

l

Lamont, G., Marmelstein R., Veldhuizen D.

A Distributed Architecture for

a Self Adaptive Computer Virus Immune System
New Ideas in Optimization

l

Dasgupta, D.

Artificial Immune systems: Theory and Applications Tutorial

WCCI 2002, Honolulu Hawaii.


Wyszukiwarka

Podobne podstrony:
The Application of Epidemiology to Computer Viruses
Principles of a Computer Immune System
Detection and Function of Opioid Receptors on Cells from the Immune System
Munster Application of an acoustic enhancement system for outdoor venues
The Danger Theory and Its Application to Artificial Immune Systems
Blueprint for a Computer Immune System
Artificial Immune Systems and the Grand Challenge for Non Classical Computation
Shigella s ways of manipulating the host intestinal innate and adaptive immune system
Design of an Artificial Immune System as a Novel Anomaly Detector for Combating Financial Fraud in t
nutritional modulation of immune function
Applications of polyphase filters for bandpass sigma delta analog to digital conversion
2 Application of Distributed Loads
LEVELING SYSTEM COMPUTER
2004 Applications of RT to translation
application of solid state fermentation to food industry a review
[2006] Application of Magnetic Energy Recovery Switch (MERS) to Improve Output Power of Wind Turbine

więcej podobnych podstron