Skip to Main Content
Detecting unknown virus is a challenging task. Most of the current virus detection approaches, such as anti-virus tools, require precognition of virus signatures for detection, but they are hard to detect unknown virus. In this paper, we present a new immunity based virus detection approach. This approach collects arguments of process calls instead of the sequence of process, which obtain more information of process, and then utilizes them to train detectors with real-valued negative selection (RVNS) algorithm. In the stage of testing, user feedback is analyzed to adjust the threshold between normal files and viruses. We took two experiments to evaluate the performance of the approach, and the detection rate achieved is 0.7, which proved this approach could cope with unknown virus.
Date of Conference: 10-12 Dec. 2007