An AIS-based cloud security model

As the construction of malicious software has shifted from novices to commercial, malware attacks grew considerably in frequency and traditional antivirus software fails to detect many modern malware and its increasing complexity has resulted in vulnerabilities that are being exploited by many malwares. In this paper we advocate an artificial immune system (AIS) based cloud security model for malware detection as in-cloud service instead of local-based antivirus software. We discuss how cloud based cloud security model can effectively coexist with traditional scanning technologies, and what are the advantages and limitations of this new approach. In the model, we combine local-host based detector in host agent with multiple detection engines in the cloud. This model enables detection of malware by multiple detection engines in the cloud in parallel. To explore and validate the idea we construct a prototype which includes a lightweight host agent, multiple detection engines in the network, and an AIS-based detection engine. We evaluate the performance and efficacy of the system using a dataset of 1500 malware samples through Arbor Malware Library (AML) covering a one year period.