A Hierarchical Artificial Immune Model for Virus Detection

As viruses become more complex, existing antivirus methods are inefficient to detect various forms of viruses, especially new variants and unknown viruses. Inspired by immune system, a hierarchical artificial immune system (AIS) model, which is based on matching in three layers, is proposed to detect a variety of forms of viruses. In the bottom layer, a non-stochastic but guided candidate virus gene library is generated by statistical information of viral key codes. Then a detecting virus gene library is upgraded from the candidate virus gene library using negative selection. In the middle layer, a novel storage method is used to keep a potential relevance between different signatures on the individual level, by which the mutual cooperative information of each instruction in a virus program can be collected. In the top layer, an overall matching process can reduce the information loss considerably. Experimental results indicate that the proposed model can recognize obfuscated viruses efficiently with an averaged recognition rate of 94%, including new variants of viruses and unknown viruses.