Artificial Immune Systems

Artificial Immune System 

and Its Applications 

Prof. Ying TAN 

National Laboratory on Machine Perception 

Department of Intelligence Science 

Peking University, Beijing 100871, P.R.China 

2005-12-13 Y. Tan---Artificial Immune Sys. 1

Contents 

• Biological Immune System 

• Artificial Immune System 

• Basic Algorithms of AIS 

• AIS design procedure 

• Case Studies 

– Malicious Executable Detection 

– Film Recommender 

New 

• Immuneocomputing – IC 

• Danger Theory 

• Future 


The Immune System is… 

Immune system: a system that 

protects the body from foreign 

substances and pathogenic 

organisms by producing the 

immune response 

Immunity: state or quality of 

being resistant (immune), either 

by virtue of previous exposure 

(adaptive immunity) or as an 

inherited trait (innate immunity) 


Why is the Immune System? 

Immune system has following appealing features: 

• Recognition 

– Anomaly detection 

– Noise tolerance 

• Robustness 

• Feature extraction 

• Diversity 

• Reinforcement learning 

• Memory; 

• Dynamically changing coverage 

• Distributed 

• Multi-layered 

• Adaptive 


Role of Biological Immune System 

• Protect our bodies from pathogen and 

viruses 

• Primary immune response 

– Launch a response to invading pathogens 

• Secondary immune response 

– Remember past encounters 

– Faster response the second time around 


Immune cells 

• There are two primarily types of 

lymphocytes: 

– B-lymphocytes (B cells) 

– T-lymphocytes (T cells) 

• Others types include macrophages, 

phagocytic cells, cytokines, etc. 


Where is it? 

Primary lymphoid organs 

Secondary lymphoid orga 

Tonsils and adenoids 

Thymus 

Spleen 

Peyer’s patches 

Appendix 

Bone m arrow 

Lym ph nodes 

Lym phatic vessels 


Multiple layers of the immune system 

Pathogens 

Skin 

Biochemical 

barriers 

Innate 

immune 

response 

Phagocyte 

Lymphocytes 

Adaptive 

immune 

response 


Antigen 

• Substances capable of starting a 

specific immune response commonly 

are referred to as antigens 

• This includes some pathogens such as 

viruses, bacteria, fungi etc . 


Biological Immune System 

Innate 

vs 

Acquired 

Cell Mediated 

vs 

Humoral 

T Cell (Killer) 

T Cell (Helper) 

B Cell 

Secretes 

Antibody 


How does IS work: A simplistic view 

M H C p r o t e in A n t ig e n 

A P C 

( I ) 

P e p t id e 

( II ) 

T - c e ll 

( III ) 

B - c e ll 

( V ) 

( IV ) 

A c t iv a t e d T - c e ll 

L y m 

p h o k in e s 

( V I ) 

A c t iv a t e d B - c e ll 

( p la s m a c e ll) 

( V II ) 


Self/Non-Self Recognition 

• Immune system needs to be able to 

differentiate between self and non-self 

cells 

• Antigenic encounters may result in cell 

death, therefore 

– Some kind of positive selection 

– Some element of negative selection 


Immune Pattern Recognition 

BCR or Antibody 

B-cell Receptors (Ab) 

Epitopes 

B-cell 

Antigen 

• The immune recognition is based on the complementarity 

between the binding region of the receptor and a portion of the 

antigen called epitope. 

• Antibodies present a single type of receptor, antigens might 

present several epitopes. 

– This means that each antibody can recognize a single 

antigen 


Clonal Selection 

Clonal deletion 

(negative selection) 

Self-antigen 

Proliferation 

(Cloning) 

M 

M 

Antibody 

Selection 

Differentiation 

Memory cells 

Plasma cells 

Foreign antigens 

Self-antigen 

Clonal deletion 

(negative selection) 


Main Properties of Clonal 

Selection (Burnet, 1978) 

• Elimination of self antigens 

• Proliferation and differentiation on contact of 

mature lymphocytes with antigen 

• Restriction of one pattern to one differentiated 

cell and retention of that pattern by clonal 

descendants; 

• Generation of new random genetic changes, 

subsequently expressed as diverse antibody 

patterns by a form of accelerated somatic 

mutation 


Immune Network Theory 

• Idiotypic network (Jerne, 1974) 

• B cells co-stimulate each other 

– Treat each other a bit like antigens 

• Creates an immunological memory 

Paratope 

Ag 

Suppression 

Negative response 

Idiotope 

1 

2 

3 

Antibody 

Activation 

Positive response 


Reinforcement Learning and 

Immune Memory 

• Repeated exposure to an antigen 

throughout a lifetime 

• Primary, secondary immune responses 

• Remembers encounters 

– No need to start from scratch 

– Memory cells 

• Continuous learning 


Learning (2) 

Primary Response 

Secondary Response 

Cross-Reactive 

Response 

Antibody Concentration 

Lag 

Response 

to Ag 1 

Lag 

... 

... 

Response 

to Ag 1 

Response 

to Ag 2 

Lag 

... 

... 

Response to 

Ag 1 ’ =Ag 1 + Ag 3 

Antigen Ag 1 

Antigens 

Ag 1 , Ag 2 

Antigen 

Ag 1 + Ag 3 

Time 


Back 

Immune System: Summary 

• Define host (body cells) from external entities. 

• When an entity is recognized as foreign (or 

dangerous)- activate several defense 

mechanisms leading to its destruction (or 

neutralization). 

• Subsequent exposure to similar entity results in 

rapid immune response. 

• Overall behavior of the immune system is an 

emergent property of many local interactions. 


Back 

Immune metaphors 

Other areas 

Idea! Idea ‘ 

Immune System 

Artificial Immune 

Systems 


Definition 

What is an Artificial Immune 

System? 

Dasgupta’99: “Artificial immune systems (AIS) are 

intelligent and adaptive systems inspired by the 

immune system toward real-world problem solving” 

de Castro and Timmis: “Artificial Immune Systems 

(AIS) are adaptive systems, inspired by 

theoretical immunology and observed immune 

functions, principles and models, which are 

applied to problem solving” 

http://www.cs.kent.ac.uk/people/staff/jt6/aisbook/ 

•Using natural immune system as a metaphor for solving complex computational problems. 

•Not modelling the immune system 


AI models and their 

corresponding natural prototypes 

Natural prototype 

Natural language 

Brain nervous net 

Biological cells 

Molecules of 

proteins 

Genetic code 

Biological level 

Left hemisphere 

of brain 

Cells 

Cells 

Molecular 

Molecular 

AI model 

Formal logic 

Formal linguistic 

Neural computing (NC) 

Neural networks (NN) 

Cellular automata (CA) 

Artificial immune 

systems (AIS) 

Genetic Algorithms 

(GA) 


Some History 

• Developed from the field of theoretical 

immunology in the mid 1980’s. 

– Suggested we ‘might look’ at the IS 

• 1990 – Bersini first use of immune 

algorithms to solve problems 

• Forrest et al – Computer Security mid 

1990’s 

• Hunt et al, mid 1990’s – Machine learning 

• More…… 


AIS’ Scope 

• Pattern recognition; 

• Fault and anomaly detection; 

• Data analysis; 

• Data mining (classification/clustering) 

• Agent-based systems; 

• Scheduling; 

• Machine-learning; 

• Autonomous navigation and control; 

• Search and optimization methods; 

• Artificial life; 

• Security of information systems; 

• Optimization; 

• Just to name a few. 


Back 

Typical Applications of AIS 

• Computer Security(Forrest’94’96’98, Kephart’94, Lamont’98’01,02, 

Dasgupta’99’01, Bentley’00’01,02) 

• Anomaly Detection (Dasgupta’96’01’02) 

• Fault Diagnosis (Ishida’92’93, Ishiguro’94) 

• Data Mining & Retrieval (Hunt’95’96, Timmis’99’01, ’02) 

• Pattern Recognition (Forrest’93, Gibert’94, de Castro ’02) 

• Adaptive Control (Bersini’91) 

• Job shop Scheduling (Hart’98, ’01, ’02) 

• Chemical Pattern Recognition (Dasgupta’99) 

• Robotics (Ishiguro’96’97,Singh’01) 

• Optimization (DeCastro’99,Endo’98, de Castro ’02) 

• Web Mining (Nasaroui’02,Secker’05) 

• Fault Tolerance (Tyrrell, ’01, ’02, Timmis ’02) 

• Autonomous Systems (Varela’92,Ishiguro’96) 

• Engineering Design Optimization (Hajela’96 ’98, Nunes’00) 


Basic Immune Models and 

Algorithms 

• Bone Marrow Models 

• Negative Selection Algorithms 

• Clonal Selection Algorithm 

• Immune Network Models 

• Somatic Hypermutation 


Bone Marrow Models 

• Gene libraries are used to create antibodies 

from the bone marrow 

• Antibody production through a random 

concatenation from gene libraries 

• Simple or complex libraries 

An individual genome corresponds to four libraries: 

Library 1 Library 2 Library 3 Library 4 

A1 A2 A3 A4 A5 A6 A7 A8 

B1 B2 B3 B4 B5 B6 B7 B8 C1 C2 C3 C4 C5 C6 C7 C8 D1 D2 D3 D4 D5 D6 D7 D8 

A3 

B2 

C8 

D5 

A3 

B2 

C8 

D5 

= four 16 bit segments 

A3 B2 C8 D5 

Expressed Ab molecule 

= a 64 bit chain 


Negative Selection (NS) Algorithms 

• Forrest 1994: Idea taken from the negative 

selection of T-cells in the thymus 

• Applied initially to computer security 

• Split into two parts: 

–Censoring 

– Monitoring 

Self 

strings (S) 

DetectorSet 

(R ) 

Generate 

random strings 

(R 0) 

Match 

No 

Detector 

Set (R) 

Protected 

Strings (S) 

Match 

No 

Yes 

Yes 

Reject 

Non-self 

Detected 

Censoring 

Monitoring 


Clonal Selection Algorithm (de 

Castro & von Zuben, 2001) 

1. Initialisation: Randomly initialise a population (P) 

2. Antigenic Presentation: for each pattern in Ag, do: 

2.1 Antigenic binding: determine affinity to each P 

2.2 Affinity maturation: select n highest affinity from P and 

clone and mutate prop. to affinity with Ag, then add new 

mutants to P 

3. Metadynamics: 

3.1 select highest affinity P to form part of M 

3.2 replace n number of random new ones 

4. Cycle: repeat 2 and 3 until stopping criteria (e.g. Max Generation) 


CLONALG for 

PR, Learning, 

Optimization 

Ab j 

* 

Ab {d} 

Ab {r} 

Ab {m} 

Ag j 

Select 

f j 

Select 

F j 

* 

Ab {n} 

L.N. de Castro, et.al., Learning and 

optimization using the clonal selection 

principle, IEEE Trans. Evolutionary 

computation, vol.6, no.3, June 2002, pp.239- 

251 

C j* 

Select 

Clone 

C j 


Discrete Immune Network 

Models (Timmis & Neal, 2001) 

1. Initialisation: create an initial network from a sub-section of the antigens 

2. Antigenic presentation: for each antigenic pattern, do: 

2.1 Clonal selection and network interactions: for each network cell, 

determine its stimulation level (based on antigenic and network interaction) 

2.2 Metadynamics: eliminate network cells with a low stimulation 

2.3 Clonal Expansion: select the most stimulated network cells and 

reproduce them proportionally to their stimulation 

2.4 Somatic hypermutation: mutate each clone 

2.5 Network construction: select mutated clones and integrate 

3. Cycle: Repeat step 2 until termination condition is met 


Immune Network Models 

• Timmis & Neal, 2000 

• Used immune network theory as a basis, 

proposed the AINE algorithm 

Initialize AIN 

For each antigen 

Present antigen to each ARB in the AIN 

Calculate ARB stimulation level 

Allocate B cells to ARBs, based on stimulation level 

Remove weakest ARBs (ones that do not hold any B cells) 

If termination condition met 

exit 

else 

Clone and mutate remaining ARBs 

Integrate new ARBs into AIN 


Immune Network Models 

• De Castro & Von Zuben (2000c) 

• aiNET, based in similar principles 

At each iteration step do 

For each antigen do 

Determine affinity to all network cells 

Select n highest affinity network cells 

Clone these n selected cells 

Increase the affinity of the cells to antigen by reducing the 

distance between them (greedy search) 

Calculate improved affinity of these n cells 

Re-select a number of improved cells and place into matrix M 

Remove cells from M whose affinity is below a set threshold 

Calculate cell-cell affinity within the network 

Remove cells from network whose affinity is below 

a certain threshold 

Concatenate original network and M to form new network 

Determine whole network inter-cell affinities and remove all those 

below the set threshold 

Replace r% of worst individuals by novel randomly generated ones 

Test stopping criterion 


Back 

Somatic Hypermutation 

• Mutation rate in proportion to affinity 

• Very controlled mutation in the natural immune 

system 

• Trade-off between the normalized antibody 

affinity D* and its mutation rate α, 

1 

0 . 9 

0 . 8 

α 

0 . 7 

0 . 6 

0 . 5 

0 . 4 

ρ = 5 

ρ = 1 0 

0 . 3 

ρ = 2 0 

0 . 2 

0 . 1 

0 

0 0 . 1 0 . 2 0 . 3 0 . 4 0 . 5 0 . 6 0 . 7 0 . 8 0 . 9 1 

2005-12-13 Y. Tan---Artificial Immune Sys. 34 

D *

General Framework of AIS 

Solution 

Immune Algorithms 

Affinity Measures 

Representation 

Problem 

Application Domain 


Representation – Shape Space 

• Describe the general shape of a molecule 

Antigen 

Antibody 

•Describe interactions between molecules 

•Degree of binding between molecules 


Representation 

•Vectors 

Ab = 〈Ab , Ab , ..., Ab 〉 

1 2 L 

Ag = 〈Ag , Ag , ..., Ag 〉 

1 2 L 

• Real-valued shape-space 

• Integer shape-space 

• Binary shape-space 

• Symbolic shape-space 


Define their Interaction 

• Define the term Affinity 

• Affinity is related to distance 

– Euclidian 

D 

= 

L 

∑ 

i= 

1 

( Ab i 

− Ag i 

• Other distance measures such as Hamming, 

Manhattan etc. etc. 

• Affinity Threshold 

2 

) 


Shape Space Formalism 

• Repertoire of the 

immune system is 

V ε 

ε 

´ 

V 

complete (Perelson, 

1989) 

´ 

V ε 

´ 

ε 

´ 

• Extensive regions of 

complementarity 

V ε 

´ 

ε 

´ 

´ 

• Some threshold of 

recognition 


Back 

AIS Design 

• Problem description 

• Deciding the immune principles used for 

problem solving 

• Engineering the AIS 

– Defining the types of immune components used 

– Defining the representation for the elements of the AIS 

– Applying immune principle to problem solving 

– The meta-dynamics of an AIS 

• Reverse mapping from AIS to the real problem 


Back 

Case Studies of AIS 

• Malicious Executables Detection --- 

From Z.H. Guo, Z.K. Liu, and Y. Tan, An NNbased 

Malicious Executables Detection Algorithm 

based on Immune Principles, F.Yin, J.Wang, C. 

Guo (Eds.): ISNN 2004, Springer, Lecture Notes 

in Computer Science 3174, pp. 675-680, 2004. 

(http://dblp.uni-trier.de) 

• Film Recommender --- From Dr. Dr Uwe 

Aickelin (http://www.aickelin.com), University of 

Nottingham, U.K. 2004 


New! 

Immuneocomputing -- IC 

By Tarakanov, A. 2001. 

Aims of 

• A proper mathematical framework; 

• A new kind of computing; 

• A new kind of hardware. 

New concepts of 

formal protein (FP) ------- 

formal immune networks (FIN)------- 

vs. neuron 

vs. NN 

Refer to 

•A.O. Tarakanov, V.A. skormin, and S.P. Sokolova, 

Immunocomputing: Principles and Applications, Springer, 2003. 


Problems of Traditional Self/Non-self View 

• No reaction to foreign bacteria in gut (friendly 

bacteria…). 

• No reaction to food / air / etc. 

• The human body changes over its life. 

• Auto-immune diseases. 

• How do we produce antibodies that react against 

antigens and yet avoid self? 

• Is it necessary to attack all non-self or a specific self? 


New! 

The Danger Theory 

• In the danger model, the idea is to recognise ‘danger’ 

rather than non self. 

• The screening is accomplished post production through 

an external ‘danger’ signal. Thus the production of 

autoreactive antibodies (which react to self) is allowed. 

• If an (e.g. autoreactive) antibody matches a stimulus in 

the absence of danger, it is removed. Thus harmless 

antigens are tolerated, and changing self accommodated. 

Matzinger (2002). The Danger Model: A renewed sense of self , Science 296: 

301-304. 


Danger Theory (con’t) 

• Danger Theory 

– Not self/non-self but Danger/Non-Danger 

– Immune response is initiated in the tissues. 

Danger Zone. 

– This makes it context dependant 

• Matzinger (2002) The Danger Model: A renewed sense of self 

Science 296: 301-304 

• Aickelin & Cayzer (2002) The Danger Theory and Its Application 

to Artificial Immune Systems, Proc. International Conference on AIS 

(ICARIS 2002) 


Danger Zone 

Danger 

Zone 

Stimulation 

Match, but 

too far 

No match 

away 

Antibodies 

Antigens 

Cells 

Damaged Cell 

Danger Signal 


Towards a ‘dangerous’ IDS 

“The danger theory suggests that the 

immune system reacts to threats based on 

the correlation of various (danger) signals, 

providing a method of ‘grounding’ the 

immune response, i.e. linking it directly to 

the attacker.” 

Aickelin U, Bentley P, Cayzer S, Kim J and McLeod J (2003): 'Danger 

Theory: The Link between AIS and IDS?', Proceedings ICARIS-2003, 2nd 

International Conference on Artificial Immune Systems, LNCS 2787, pp 

147-155 


Other ways of using danger 

Danger = Crime, Antigen = Suspect 

or... 

Danger = Context ? 

It could also be useful for data mining, where the ‘danger’ 

signal is a proxy measure of interest 

‘Danger Zone’ can be spatial or temporal 

Andrew Secker, Alex Freitas, and Jon Timmis (2005) “Towards a danger theory inspired 

artificial immune system for web mining” in A Scime, editor, Web Mining: applications and 

techniques, pages 145-168 (Idea Group) 


Back 

Some Recent Applications of 

Danger Theory 

• Anjum Iqbal, Mohd Aizaini Maarof, “Danger 

Theory and Intelligent Data Processing,” 

International Journal of Information Technology, 

Vol.1, No.1, 2004. 

• Andrew Secker, Alex A. Freitas, and Jon Timmis, 

“A Danger Thory Inspired Approach to Web 

Mining,” Computing Lab. University of Kent, 

Canterbury, Kent, UK.2005 

• So on. 


The Future 

• More formal approach required? 

• Wide possible application domains. 

• What makes the immune system 

unique? 

• More work with immunologists: 

– Danger theory. 

– Idiotypic Networks. 

– Self-Assertion. 


Reference for further reading 

Books 

• Artificial Immune Systems and Their 

Applications by Dipankar Dasgupta (Editor) 

Springer Verlag, January 1999. 

• L.N. de Castro and J. Timmis, Artificial Immune 

Systems: A New Computational Intelligence 

Approach, Springer, 2002. 

• A.O. Tarakanov, V.A. skormin, and S.P. Sokolova, 

Immunocomputing: Principles and Applications, 

Springer, 2003. 

Related academic papers 

• J. Timmis, P.Bentley, and Emma Hart (Eds.): Artificial Immune Systems, 

Proceedings of Second International Conference, ICARIS 2003, 

Edinburgh, UK, September 2003. LNCS 2787, Springer. 


New Events: 

• Special Session on Artificial Immune Systems at the Congress 

on Evolutionary Computation (CEC), December 8-12, 2003, 

Canberra, Australia. 

• Special Session on Immunity-Based Systems at Seventh 

International Conference on Knowledge-Based Intelligent 

Information & Engineering Systems (KES), September 3-5, 

2003, University of Oxford, UK. 

• Second International Conference on Artificial Immune Systems 

(ICARIS), September 1-3, 2003, Napier University, Edinburgh, 

UK. 

• Tutorial on Artificial Immune Systems at 1st Multidisciplinary 

International Conference on Scheduling: Theory and 

Applications (MISTA), 12 August 2003, The University of 

Nottingham, UK. 

• Tutorial on Immunological Computation at International Joint 

Conference on Artificial Intelligence (IJCAI), August 10, 2003, 

Acapulco, Mexico. 

• Special Track on Artificial Immune Systems at Genetic and 

Evolutionary Computation Conference (GECCO), Chicago, USA, 

July 12-16, 2003 


AIS Resources 

• Artificial Immune Systems and Their Applications by D 

Dasgupta (Editor), Springer Verlag, 1999. 

• Artificial Immune Systems: A New Computational 

Intelligence Approach by L de Castro, J Timmis, Springer 

Verlag, 2002. 

• Immunocomputing: Principles and Applications by A 

Tarakanov et al, Springer Verlag, 2003. 

• Third International Conference on Artificial Immune Systems 

(ICARIS), September 13-16, 2004, University of Catania, Italy. 

• 4th International Conference on Artificial Immune 

Systems(ICARIS), 14th-17th August, 2005 in Banff, 

Alberta, Canada 


First Page 

That’s all 


Case Study 1: 

Malicious Executables Detection 

based on Artificial Immune Principles* 

From Z.H. Guo, Z.K. Liu, and Y. Tan, An NN-based Malicious 

Executables Detection Algorithm based on Immune Principles, F.Yin, 

J.Wang, C. Guo (Eds.): ISNN 2004, Springer Lecture Notes on 

Computer Science 3174, pp. 675-680, 2004. (http://dblp.unitrier.de) 

* This work was supported by Natural Science Foundation 

of China with Grant No. 60273100. 


Outline 

• Definition of Terms 

• Goal and Motivation 

• Previous Research works 

• Immune Principle for Malicious Executable 

Detection 

• Malicious Executable Detection Algorithm 

• Experiments and Discussion 

• Concluding Remarks 


Back 

Definition of Terms 

• Malicious Executable 

is generally defined as a program that has some 

malicious functions, such as compromising a 

system’s security, damaging a system or 

obtaining sensitive information without the 

permission of users. It includes virus, trojan 

horse, worm etc. 

• Benign Executable 

is a normal program without any malicious 

function. 


tens of thousands of 

new viruses / year 

Appear! 

But: Current antivirus systems 

attempt to detect these new 

malicious programs with 

heuristics by hand (costly 

and ineffective) 

Dos/Win32 viruses 

Trojan horses 

Computers / Information Systems 

Worms 

eMail attached viruses 

Malicious executables 

Current Task: 

Devise new methods 

for detecting new ME 


Back 

Definition of Symbols and 

Structures 

B: binary code alphabet, B={0,1}. 

Seq(s,k,l): short sequence cutting operation. 

Supposing s is binary sequence, and s=b(0)b(1)…b(n-1), b(i)∈B, 

then Seq(s,k,l)=b(k)b(k+1)…b(k+l-1). 

E(k): executable set, k∈{m,b}, 

m denotes malicious executable, b benign executable. 

E: whole set of executables, i.e., E= E(m)∪E(b). 

e(f j 

,n): executable as binary sequence of length n, 

and f j 

is executable identifier. 

l d 

: detector code length. 

l step 

: step size of detector generation. 

d l 

: detector, dl = Seq(s,k,l). 

D l 

: set of detector with code length l, 

i.e., D l 

={ d l 

(0), d l 

(1),…, d l 

(n d 

-1)}, |D l 

|= n d 

. 


Back 

Goal and Motivation 

• Aiming at developing an automatic 

detection approach of new malicious 

executables. 

• Aiming at trying to use artificial immune 

system (AIS) and artificial neural networks 

(ANN), to detect malicious executable with 

a high Detection Rate (DR) with low False 

Positive Rate (FPR) over others. 


Back 

Previous Related Works 

• Signature-based Methods 

• Expert Knowledge-based Methods 

• Machine Learning Methods 


Back 

Signature-based Methods 

It creates a unique tag for each malicious program so that future 

examples of it can be correctly classified with a small error rate. 

And relies on signatures of known malicious executable to generate 

detection models. 

Drawbacks: 

• Can not detect unknown and mutated viruses. 

• As increase of the number and type of viruses, its detection speed 

become slow dramatically. At the same time, the analysis of the 

signatures of viruses become very difficult, in particular, for the 

encrypted signatures. 

(refer to IBM Anti-virus Group’s report: R.W. Lo, K.N. Levitt, and R.A. 

Olsson. MCF: a Malicious Code Filter. Computers & Security, 

14(6):541–566., 1995.) 


Back 

Expert Knowledge-based 

Methods 

Using the knowledge of a group of virus 

experts to construct heuristic classifiers 

for detection of unknown viruses. 

Drawbacks: 

• Time-consuming analysis method. 

• Only discover some unknown viruses, but its false 

detection rate is very high. 

For detecting unknown virus based on ANN, IBM Anti-virus 

Group also proposes one method to detect Boot Sector 

viruses only. 

(refer to W. Arnold and G. Tesauro. Automatically Generated Win32 Heuristic 

Virus Detection. Proceedings of the 2000 International Virus Bulletin 

Conference, 2000.) 


Back 

Machine Learning Methods 

• M.G. Schultz developed a framework that used 

data mining algorithms, i.e., Multi-Naïve Bayes 

method, to train multiple classifiers on a set of 

malicious and benign executables to detect new 

examples (unknown ME). 

(refer to M.G. Schultz.,E. Eskin and E. Zadok . Data Mining Methods for 

Detection of New Malicious Executables. IEEE Symposium on Security 

and Privacy, May 2001.) 


Biologically-motivated Information 

Processing Systems 

• Brain-nervous systems – Neural Networks (NN) 

• Genetic systems – Genetic Algorithms(GA) 

• Immune systems – Artificial Immune Systems(AIS) 

or immunological computation. 

NN and GA have extensively studied with wide 

applications but AIS has relative few applications 


Natural prototypes vs. their models 

Natural 

prototype 

Natural language 

Brain nervous 

net 

Biological cells 

Molecules of 

proteins 

Genetic code 

Cells 

Cells 

Biological 

level 

Left 

hemisphere of 

brain 

Molecular 

Molecular 

Computing model 

Formal logic 

Formal linguistic 

Artificial Neural 

networks (ANN) 

Cellular automata 

(CA) 

Artificial immune 

systems (AIS) 

Genetic Algorithms 

(GA) 


Comparison of Three Algorithms 

GA (Optimisation) 

NN (Classification) 

AIS 

Components 

Chromosome Strings 

Artificial Neurons 

Attribute Strings 

Location of 

Components 

Dynamic 

Pre-Defined 

Dynamic 

Structure 

Discrete Components 

Networked Components 

Discrete components / 

Networked Components 

Knowledge Storage 

Chromosome Strings 

Connection Strengths 

Component 

Concentration / Network 

Connections 

Dynamics 

Evolution 

Learning 

Evolution / Learning 

Meta-Dynamics 

Recruitment / Elimination 

of Components 

Construction / Pruning of 

Connections 

Recruitment / Elimination 

of Components 

Interaction between 

Components 

Crossover 

Network Connections 

Recognition / Network 

Connections 

Interaction with 

Environment 

Fitness Function 

External Stimuli 

Recognition / Objective 

Function 


Back 

Immune Principles for Malicious 

Executable Detection 

• Non-self Detection Principle 

• Anomaly Detection Based on Thickness 

• The Diversity of Detector Representation 

vs. Anomaly Detection Hole 


Non-self Detection Principle 

• For natural immune system, all cells of body are 

categorized as two types of self and non-self. The 

immune process is to detect non-self from cells. 

• To realize the non-self detection, the maturation 

process of lymphocytes T cell undergoes two 

selection stages of Positive Selection and Negative 

Selection since antigenic encounters may result in 

cell death. Some computer scientists inspired by 

these two stages had proposed some algorithms 

used to detect anomaly information. Here, we will 

use the Positive Selection Algorithm (PSA) to 

perform the non-self detection for recognizing the 

malicious executable. 


Back 

Non-self Detection by PSA 

Detector Set D l 

Short sequence to 

be detected 

(Its length is l) 

Match ?? 

Y 

N 

self 

non-self 

Process of anomaly detection with PSA 


Back 

Anomaly Detection Based on 

Thickness 

• Anomaly recognition process is one 

process that immune cells detect 

antigens and are activated. 

• The activated threshold of immune cells 

is decided by the thickness of immune 

cells matching antigens. 


The Diversity of Detector Representation 

vs. Anomaly Detection Hole 

• The main difficulty of anomaly detection is utmost 

decreasing the anomaly detection hole. The natural 

immune system resolves this problem well by use of the 

diversity of MHC (Major Histocompatibility Complex) cell 

representations, which decides the diversity of anti-body 

touched in surface of T cells. This property is very useful 

in increasing the power of detecting mutated antigens, 

and decreasing the anomaly detection hole. 

• According to the principle, we can use the diversity of 

detector representation to decrease the anomaly 

detection hole. As was illustrated by following schematic 

drawings. 


Schematic diagram of abnormal 

detection holes (cont’) 

Abnormal 

detection holes 

Self Space 

Nonself Space 

Detectors 


ack 

Reduction of abnormal detection 

holes by use of the diversity of 

detector representations 

Detector 

Representation 1 

Detector 


Detector 


Combination of detectors 


Malicious Executable Detection 

Algorithm (MEDA) 

MEDA based on AIS includes three 

parts, 

• Detector generation, 

• Anomaly information extraction , 

•andClassification. 


Back 

Flow Chart of Malicious Executable 

Detection Algorithm (MEDA) 

Gene 

(…01101001…) 

Generating detector set 

MEDA 

Extracting 

property 

anomaly 

Classifier 

Update Gene 

(…10101101…) 

Executable to be detected 

(…00111101…) 

Output 


Generation of Detector Set 

Detector generation algorithm: 

• Begin initialize l step 、l d 、k=0 

• Do cutting e(f k ,n) from Eg(b) 

• i=0; 

• While i

Back 

Illustration of Detector Generating 

Process 

File Hex Sequence: 56 32 12 0A 34 ED FF 00 2D…. . 00 0A 34 ED FF FA 11 00 

Extracting Detector: 56 32 12 

32 12 0A 

12 0A 34 

┋……………………………………………┋ 

FF FA 11 

FA 11 00 

Generating Process of 24-bit Detectors with 8-bit stepsize (l d 

=24, l step 

=8) 


Extraction of Anomaly Characteristics -- 

Non-self Thickness (NST) 

• Non-self Detection 

• NST, as Anomaly Property, is defined 

as the ratio of number of non-self units 

to file binary sequence, p l =n n /(n n +n s ). 

• If there are m kinds of detectors, the file 

has a NST Vector P=(p l1, p l2, … , p lm ) T . 


NST Extraction Diagram 

Initialization,choose l step 、l d , D l 

“Nonself” Detection 

File to be detected 

(…00111101) 

Is “Nonself” ? 

Y 

N 

n s add 1 n n add 1 

N 

Y 

Completing 

detection ? 

Compute p l =n n /(n n +n s ) 

2005-12-13 Y. Tan---Artificial Immune Sys. 80 

End

Back 

NST Extraction Algorithm 

• Begin open e(f k ,n); 

• Select l step , l d ; 

• Set n s =0, n n =0, i=0; 

• While i

BP Network Classifier 

• We use Anomaly Property Vector 

(APV), i.e., NST vector P, as input 

variable of two-layer BP network 

classifier. The number of nodes of 

input layer equals to APV’s 

dimension. 

• The Sigmoid transfer function is 

chosen for the hidden layer and 

Linear function for the output layer. 


Back 

BP Network Classifier Structure 

Non-Self Thickness (NST) Vector 

P 

p l1 

p l2 

p lm 

Out (1-ME, 0-BE) 


Back 

Experiments and Discussion 

• Experimental Data Set 

• Generation of Detector Set 

• Experimental Result Using Single Detector Set 

• Experimental Result Using Multi-Detector Set 


Back 

Experimental Data Set 

Type 

Files 

Remarks 

BE 

ME 

Total 

915 

3566 

4481 

Win 2K OS and some 

application programs. 

DOS virus, Win32 virus, Trojan, 

Worm, etc. from Internet. 

All Justified by Antivirus 

cleaner Tools 

• BE—Benign Executable 

• ME—Malicious Executable 


Back 

Generation of Detector Set 

• Eg(b) is Gene of generating detector, l d ∈{16, 

24,32,64,96}, and l step =8bits. By using 

the detector generating algorithm, we can get 

D16, D24, D32, D64, and D96, separately. 

Table1: Detectors generation result 

Code Length l d 

16 

24 

32 

64 

96 

|D ld | 

65536 

10,931,62 

7 

8,938,35 

2 

12,768,36 

1 

21,294,85 

7 

store 

structure 

Bitmap 

Index 

Bitmap 

Index 

Tree 

Tree 

Tree 


Detection Result of Malicious 

Executables by D24 

NST p 24 

异己 ” 浓度 P24 

正确检测率 (Detection Rate)% 

File No. 

(a) NST of files, where symbol 

‘x’ represents benign program (Red), 

‘□’ malicious program (Blue) 

误判率 (False Positive Rate)% 

(b) ROC Curve 




NST p 32 



文件序号 


‘x’ represents benign program, 

‘□’ malicious program 


(b) ROC Curve 




NST p 64 



文件序号 


‘x’ represents benign program (Red), 

‘□’ malicious program (Blue) 


(b) ROC Curve 


Experimental Result Using Single 

Detector Set 

100 

Detection Rate (%) 

80 

60 

40 

20 

0 

16bits D a ta S e t 





0 20 40 60 80 100 

False Positive Rate (%) 


Back 

When FPR is fixed, relationship 

curves of DR versus Code 

Length l d 


Code length l d 

( bits) 

Note: from the bottom to up, the FPR is 0%, 0.5%, 1%, 2%, 

4%, 8%, and 16%, in sequence. 


Experimental Result Using Multi- 

Detector Set 

• This experiment selects multi-detector set to detect 

benign and malicious executables. 

• We don’t use D16 because of its zero DR and also set 

D96 as upper limit because almost same DR values 

when ld ≥96. 

• Here we selects D24, D32, D64 and D96 four detector 

sets as anomaly detection data set, and uses them to 

extract Non-self thickness (NST) vector, and finally a 

BP network is exploited as classifier. 

• For the process of classification, we randomly selects 

30% files of E(b) as E g (b) to train a BP network, and 

use the remaining data to illustrate the anomaly 

detection performance. 


NST Distribution and ROC Curve of 

Multi-Detector Set Method 

“ 异己 ” 浓度 (64bits) 


“ 异己 ” 浓度 (24bits) 

“ 异己 ” 浓度 ( 32bits) 


(a) NST of files for mixture of D24, 

D32 and D64. 

‘x’ benign program (in Red), 

‘□’ malicious program (in Blue). 

(b) ROC Curve of mixed detector 

set of D24, D32, D64 and D96 


Comparisons With Bayes Methods 

and Signature-based Method 

100 

80 


60 

40 

20 

M E D A with B P N e two rk 

N a ive B a ye s with S trin g s 

M u lti-N a ive B a ye s with B yte s 

Sig nature M ethod 

0 

0 2 4 6 8 10 12 



Back 

Algorithm Complexities 

Operation type 1 



Store 

Space 

Algorithm 

Name 

Amount 

Name 

Amount 

Name 

Amount 

MEDA 

detectors 

l train 

detector 

matching 

≤80×l tes 

t 

Computing 

NST 

4×l f 

additions 

0.4Gb 

Bayes 

Prob. 

Info. 

>>l train 

Searching 

P(F i /C) 

Depend 

on P(F i /C) 

Computing 

Joint Probs. 

n 

∏ 

PC ( ) PF ( / C) 

i= 

1 

i 

l f float 

multiplications 

1Gb 


Remarks 

Back 

• For short binary sequence and single detector 

set for the detection of malicious executables, 

the performance of D 24 is the best, giving out 

DR 80.6% with FPR 3%. 

• For long code length of detector and multidetector 

set, our method obtains the best 

performance of DR 97.46% with FPR 2%, over 

current methods. 

• This result verifies 

– diversity of detector representation can decrease 

anomaly detection holes. 

– “non-self” thickness detection. 

Back 


Case Study 2: 

• Prediction: 

Film Recommender 

From Dr. Dr Uwe Aickelin (http://www.aickelin.com) 

University of Nottingham, U.K., 

– What rating would I give a specific film? 

• Recommendation: 

– Give me a ‘top 10’ list of films I might like. 


Film Recommender (con’t 1) 

• EachMovie database (70k users). 

• User Profile: set of tuples {movie, rating}. 

• Me: My user profile. 

• Neighbour: User profile of others. 

• Similarity metric: Correlation score. 

• Neighbourhood: Group of similar users. 

• Recommendations: From neighbourhood. 



Antigen 

Antibody 

Stimulation 

• User Profile: set of tuples {movie, rating} 

• Me: My user profile. 

• Neighbour: User profile of others. 

• Affinity metric: Correlation score. 

Antibody – Antigen Binding Antibody – Antibody Binding 

Suppression 

• Neighbourhood: Group of similar users. 

Group of antibodies similar to antigen and dissimilar to other 

antibodies 

• Recommendations: From neighbourhood 

Weighted Score based on 

Similarities. 



• Start with empty AIS. 

• Encode target user as an antigen Ag. 

• WHILE (AIS not full) && (More Users): 

– Add next user as antibody Ab. 

– IF (AIS at full size) Iterate AIS. 

• Generate recommendations from AIS. 



Suppose we have 5 users and 4 movies: 

– u1={(m1,v11),(m2,v12),(m3,v13)}. 

– u2={(m1,v21),(m2,v22),(m3,v23),(m4,v24)}. 

– u3={(m1,v31),(m2,v32),(m4,v34)}. 

– u4={(m1,v41),(m4,v44)}. 

– u5={(m1,v51),(m2,v52),(m3,v53), (m4,v54)}. 

• We do not have users’ votes for every film. 

• We want to predict the vote of user u4 on movie 

m3. 


Algorithm walkthrough (1) 

Start with empty AIS: 

AIS 

DATABASE 

u 1 , u 2 , u 3 , u 4 , u 5 

User for whom to predict becomes 

antigen: 

AIS 

DATABASE u 4 

Ag 

u 1 , u 2 , u 3 , u 5 



Add antibodies until AIS is full… 

AIS 

u 

DATABASE 

1 

Ag 

u 2 , u 3 , u 5 Ab 1 

AIS 

u 

DATABASE 

2 ,u 3 Ag 

u 

Ab 1 Ab 2 

4 

Ab 3 



• Table of Correlation between Ab 

and Ag: 

– MS14, MS24, MS34. 

Ab 3 

Ab 1 

Ag 

Ab 2 

• Table of Correlation between 

Antibodies: 

– MS12 = CorrelCoef(Ab1, Ab2) 





• Calculate Concentration of each Ab: 

– Interaction with Ag (Stimulation). 

– Interaction with other Ab (Suppression). 

AIS 

Ag 

Ab 1 

Ab 2 

Ab 3 

Ag 

Ab 

Ab 2 

1 

Ab 2 

Ab 1 

Ab 2 

Ab 2 

Ab 2 

AIS 



• Generate Recommendation based on 

Antibody Concentration. 

AIS 

Ag 

Ab Ab 2 

1 

Ab 2 Ab 

Ab 2 

1 

Ab 

Ab 2 

2 

Recommendation for 

user u 4 on movie m 3 

will be highly based 

on vote on m 3 of user 

u 2 


Film Recommender Results 

• Tested against standard method (Pearson 

k-nearest neighbours). 

• Prediction: 

– Results of same quality. 

• Recommendation: 

– 4 out of 5 films correct (AIS). 

– 3 out of 5 films correct (Pearson). 

Back

Artificial Immune Systems

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?