文档详细内容(约13页)
Malware and Artificial Immune Systems Chris Musselle Bristol Centre for Complexity Sciences(BCCS) University of Bristol Supervised by Dave Cliff and Ayalvadi Ganesh Nottingham University 2010 04/10/2010 Presentation
Malware and Artificial Immune Systems Chris Musselle Bristol Centre for Complexity Sciences (BCCS) University of Bristol Supervised by Dave Cliff and Ayalvadi Ganesh 04/10/2010 Nottingham University 2010 Presentation
Malware Evolution >Pre 1990-Experimental /intellectual pranks.E.g.Morris Worm. >1990-1999-More sophisticated Viruses and Worms e.g Macro virus,encryption,polymorphic viruses. >2000-2003-Explosion of Worms.CodeRed,Nimda,Slammer etc... >2003-present-Increase in malware sophistication,blended threats,countermeasures,updating.e.g.Conficker. >Shift in motive towards financial gain has driven the increased sophistication and prevalence of malware. The Web today provides cyber-criminals with the targets, exploitable weaknesses,and anonymity required for large- scale fraud
Malware Evolution � Pre 1990 – Experimental /intellectual pranks. E.g. Morris Worm. � 1990-1999 – More sophisticated Viruses and Worms e.g. Macro virus, encryption, polymorphic viruses. � 2000-2003 – Explosion of Worms. CodeRed, Nimda, Slammer etc... � 2003-present – Increase in malware sophistication, blended threats, countermeasures, updating. e.g. Conficker. � Shift in motive towards financial gain has driven the increased sophistication and prevalence of malware. � The Web today provides cyber-criminals with the targets, exploitable weaknesses, and anonymity required for largescale fraud
Modern 'Malware'Economy >Cyber-criminals have embraced Web 2.0 technologies,and specialise in various roles. >Tools of the trade are readily available for purchase, with some malware authors even offering technical support and updates to their products. >Basic strategy is to host new malicious sites/ compromise legitimate ones,and then lure victims to them. >Shift towards more stealthy and sophisticated malware e.g.Drive by Downloading,large surge in data theft Trojans malware
Modern ‘Malware’ Economy �Cyber-criminals have embraced Web 2.0 technologies, and specialise in various roles. �Tools of the trade are readily available for purchase, with some malware authors even offering technical support and updates to their products. �Basic strategy is to host new malicious sites / compromise legitimate ones, and then lure victims to them. �Shift towards more stealthy and sophisticated malware e.g. Drive by Downloading, large surge in data theft Trojans malware
PhD Focus >Anomaly detection techniques to better distinguish between normal and potentially malicious behaviour within a computer system. >Avenues of investigation Artificial Immune Systems 。Machine Learning Statistical Techniques
PhD Focus �Anomaly detection techniques to better distinguish between normal and potentially malicious behaviour within a computer system. �Avenues of investigation • Artificial Immune Systems • Machine Learning • Statistical Techniques
The Dendritic Cell Algorithm(DCA) >An abstract model of Dendritic Cell behaviour based on the paradigm of Danger Theory. >Aims to perform anomaly detection by correlating a series of informative signals with a sequence of abstract events(termed 'antigens'). >Signals>Multiple time series set to give approximations of normal or anomalous aggregate behaviour(termed either 'danger'or 'safe'). >Antigens>Symbolic IDs of the individual events. >The goal is to determine which event is most likely responsible for an observed rise in danger signals
The Dendritic Cell Algorithm (DCA) �An abstract model of Dendritic Cell behaviour based on the paradigm of Danger Theory. �Aims to perform anomaly detection by correlating a series of informative signals with a sequence of abstract events (termed `antigens'). �Signals Multiple time series set to give approximations of normal or anomalous aggregate behaviour (termed either `danger' or `safe'). �Antigens Symbolic IDs of the individual events. �The goal is to determine which event is most likely responsible for an observed rise in danger signals . ��
