Introducing Adjuvants to Dendritic Cell Algorithm for Stealthy Malware Detection

Jun Fu, Huan Yang

The 28th Research Institute of CETC, Nanjing, ChinaEmail: doctorfj@163.com, happyfairy106@163.com

Abstract—The increase in stealth of malware has broughtthe Dendritic Cell Algorithm (DCA) many difficulties in mal-ware detection. To solve this problem, in this paper we takeinspiration from immunological adjuvant which can enhancethe immune responses to weak antigens, and propose itscounterpart namely artificial adjuvant as an improvement forthe DCA. Artificial adjuvants are capable of increasing the‘immunogenicity’ of stealthy malware and accelerating thereaction of the dendritic cells (DCs). In such a way, they shedsome lights for the DCA on improving the performance ofstealthy malware detection in respect of not only improvingthe detection rate, but also helping detecting hidden malwareas soon as possible.

Keywords-Adjuvants; Dendritic Cell Algorithm (DCA);Stealthy Malware; Artificial Immune System (AIS)

I. INTRODUCTION

The Dendritic Cell Algorithm (DCA) is a second-

generation Artificial Immune System (AIS) algorithm. It is

based on an abstract model of the function of dendritic cells

and their ability to discriminate between healthy and infected

tissue [1]. As a context-aware anomaly detection algorithm,

the DCA performs well in malware detection. Current re-

search with this algorithm [2][3][4][5] have suggested that

the DCA shows not only excellent performance on detection

rate, but also promise in assisting in reducing the number of

false positive errors shown with similar systems.

However, as the defenses evolve, so does the malware.

The DCA distinguishes between normal and potentially ma-

licious antigens on the basis of the concentration of danger

signals they cause and neighboring antigens. This feature can

be exploited by crafty malware via mimicry attacks (such

as blending with normal activities or mimicking normal

behavior) to evade detection by the DCA [3]. For example,

some stealthy malware communicate with remote servers

only when they detect user activities (such as requesting web

pages). This reduces both the frequency and significance

of malicious behavior, making the malware less active and

more likely to avoid detection by the DCA [5].

In [6], Gu et al. proposed an improvement for the

DCA namely antigen multiplier to overcome the problem

of ‘antigen deficiency’. As an additional function of the

DCA, antigen multiplier can make several copies of each

individual antigen which can be fed to multiple dendritic

cells (DCs). Then the classification decision is averaged over

the replicated population. The experimental results showed

that antigen multiplier helped in improving the classification

accuracy [3]. But, as antigen multiplier copies every antigen

it meets indifferently, it may show less resistance to mimicry

attacks since the concentration of potentially malicious anti-

gens is not increased.

Similar to the inefficient detection to hidden and inactive

malware by the DCA, biological immune system (BIS)

also shows inefficiency when responds to some antigens.

Vaccines made up of inactive foreign proteins are often dif-

ficult to stimulate the body to produce an effective immune

response. This is because the vaccines are essentially live-

attenuated or inactivated pathogens, and thus have poor or

no immunogenicity (the ability of antigen to elicit immune

response). Therefore, they require adjuvants to enhance the

immunogenicity of weak antigens and elicit an adequate

immune response [7].

In this paper, we imitate the mechanisms of immunologi-

cal adjuvants and propose the concept of artificial adjuvants

in AIS domains. Because DCs play an important role when

immunological adjuvants take effect [7], we design two

concrete artificial adjuvants as the additional functions for

the DCA, namely signal-inducing adjuvant and danger-

amplifying adjuvant. Like their biological counterparts, they

can increase the ‘immunogenicity’ of stealthy malware and

enhance the detection capability of the DCA.

II. DENDRITIC CELL ALGORITHM AND ITS VARIATIONS

The Dendritic Cell Algorithm (DCA) is one of the newest

members in the AIS family. Unlike other AIS, the DCA does

not rely on the pattern matching of antigen, but instead uses

principles from the danger theory [8] to perform ‘context

aware’ anomaly detection. It has the ability to combine

current context of the environment evaluated from multiple

signals with suspect antigen to form the basis of anomaly

detection. In this section, we briefly introduce the funda-

mentals and variations of the DCA.

A. Classical Dendritic Cell Algorithm

The DCA is derived from an abstract model of DC biology

resulting in a population based algorithm, with each agent

represented as a DC. Each cell has the capacity to collect

input signals (PAMP, danger, safe) which can show the

changes of the conditions of the monitored system and

antigens who are responsible for the changes. The combina-

tion of the input signals forms cumulative output signals

(CSM, semi-mature, mature) of DCs. The transformation

2012 Fifth International Symposium on Computational Intelligence and Design

978-0-7695-4811-1/12 $26.00 © 2012 IEEE

DOI 10.1109/ISCID.2012.156

19

2012 Fifth International Symposium on Computational Intelligence and Design

978-0-7695-4811-1/12 $26.00 © 2012 IEEE

DOI 10.1109/ISCID.2012.156

18

2012 Fifth International Symposium on Computational Intelligence and Design

978-0-7695-4811-1/12 $26.00 © 2012 IEEE

DOI 10.1109/ISCID.2012.156

18

from input to output signal per cell is performed using a

simple weighted sum as:Oj =∑i=2

i=0 Wij ∗ Si,∀j, where Wis the weight matrix, S is the input signal vector, O is the

output signal vector, i refers to the category of input signal,

j refers to the category of output signal.The weight values

are described in [9].

DC spends time to collect signals and antigens. As the

level of input signal experienced increases, the CSM output

signal (O1) also increases. Once CSM reaches a ‘migration’

threshold, the cell stops signal and antigen collection and

is removed from the population for antigen presentation. In

order to derive a context for the presented antigen, semi-

mature output signal (O2) and mature output signal (O3)

are compared in value. The context is termed as safe if O2

is greater than O3, and vice-versa. To keep the population

static, the cell is replaced by a new one. Each DC is assigned

a different migration threshold value, causing different cells

sampling for different durations and experience different

input signal combinations.

Each antigen is sampled multiple times so that it can

appear in different contexts. In order to identify potentially

malicious antigens, they are tagged with a mature context

antigen coefficient, MAC [2]. The MAC value is calculated

as: MACi = Nmi∑Ag , where i refers to the antigen type, Nmi

refers to the number of mature antigens of type i and∑

Agis the total number of antigens.

B. Antigen Multiplier and Moving Time-Windows

Since the seminal work of Greensmith et al., Gu et al.

enhanced the DCA with two additional features, called

antigen multiplier and moving time-windows.

The DCA requires multiple instances of identical antigens,

termed the ‘antigen type’, so processing across a population

can be performed in order to generate the MCAV for each

antigen type. The concept of antigen multiplier caters for

this requirement. Each antigen is copied multiple times to

feed to multiple DCs. Experimental results show that antigen

multiplier overcome the problem of ‘antigen deficiency’ and

improve the detection accuracy to some extent. However, as

antigen multiplier copies every antigen it meets indifferently,

it may show less resistance to mimicry attacks since the con-

centration of potentially malicious antigens is not increased.

The signals in our body do not die suddenly but fade

slowly over a period of time. This temporal effect of signals

is captured by introducing the concept of moving time-

windows in the DCA . New signals are computed using:

Nij = 1w

∑i+wn=i Onj ,∀j, where Nij is new signal value of

ith antigen of jth category, w is the window size and Onj is

original signal of nth antigen and jth category. New signals

(N ) are the average of old signals (O) in a particular time-

window. Intuitively speaking, averaging of signals reduces

the noise in input signals. But experimental results show that

moving time-windows show little relevance in improving the

detection accuracy.

III. IMMUNOLOGICAL ADJUVANTS

Adjuvants are compounds that enhance the immune re-

sponse against antigens with the word adjuvant coming from

the Latin word adjuvare, which means to help or to enhance

[10]. With the in-depth development of vaccine engineering,

adjuvants are often used in combination with vaccines,

to accelerate, prolong or improve the immune response.

This is because new-generation vaccine antigens are poorly

immunogenic and difficult to induce an effective immune

response when administered alone, even though they offer

advantages such as reduced toxicity compared to traditional

vaccines. Therefore, a great need exists for immunological

adjuvants that can enhance the immunogenicity of weak

antigens and the level of immune responses to them [11].

The mechanisms underlying the adjuvant activity are di-

verse and generally can be categorized as follows according

to five recently proposed concepts of immunogenicity [7]:

1) Danger signal: According to the ‘danger model’ of

the immune response [8], signals from damaged or

stressed cells activate antigen presenting cells (APCs,

the commander of the immune system) and start an

immune response. An adjuvant could be defined as

a danger (-inducing) signal, thereby increasing the

capture and presentation capacities of the APCs.

2) PAMP signal: The recognition of conserved micro-

bial structures, so-called pathogen-associated micro-

bial patterns (PAMP) is a crucial event for APC activa-

tion [12]. By mimicking these microbial structures and

combining with the antigens, adjuvants can stimulate

APC efficiently to recognize these compounds.

3) Costimulatory molecules: According to the danger

model [8], the expression of costimulatory molecules

on APCs is considered essential for efficient antigen

presentation and adaptive immune response. Adjuvants

such as inflammatory cytokines produced by innate

immune cells can regulate the expression of costimu-

latory molecules and influence the APC polarization.

4) Depot effect: the sustained presence of antigens ap-

pears important for immune responses [13]. Antigen

maintenance is effectively established by some adju-

vants that form a deposit of antigens. These adjuvants

give immune systems enough time for recognition and

response through prolong the existence of the antigens

in the body.

5) Antigen transportation: According to the recently

proposed geographical concept of immune reactivity,

antigen that does not reach the draining lymph nodes

is not responded to [14]. Therefore, Increasing attrac-

tion of APCs towards the injection site, increasing

loading of APCs or increasing transport of antigen-

loaded APCs towards the lymph nodes can result in

immunostimulation by adjuvants.

Each adjuvant can play multiple mechanisms. Mechanism

201919

1), 2) and 4) are antigen targeted. They enhance the immuno-

genicity of weak antigens and prolong the period of immune

responses by changing physical properties and increasing the

harmfulness of the antigens. APCs act as a control center in

the immune system and are important media for adjuvants.

Adjuvants with mechanisms 1), 2), 3) and 5) stimulate the

release of signals which are perceived (such as danger and

PAMP signals) or secreted (such as costimulatory signals)

by APCs, and enhance antigen transport abilities of APCs.

IV. ARTIFICIAL ADJUVANTS

The immunogenicity of antigen is its ability to induce

immune response. As a result, antigen with poor immuno-

genicity cannot elicit an efficient immune response. Like-

wise, the enhancement of the ability to evade detection

by AIS can also be considered to be the weakening of

the ‘immunogenicity’ of malware. To solve this problem,

we take inspiration from immunological adjuvant which

can enhance the immune responses to weak antigens, and

propose its counterpart namely artificial adjuvant. Through

its induction effect on antigen and some important signals of

AIS, the artificial adjuvant can improve the stealthy malware

detection performance of AIS.

The concept of artificial adjuvant we propose in this paper

is as follow:

Definition 1: Artificial adjuvant is an AIS component

run with the malware that can enhance or/and accelerate the

response of AIS to the malware. In detail, artificial adjuvant

is a quaternion below:

Arti Adjuvant(O, S, C, T )

• O (Object): O ⊆ {Malware,Detector}∧O �= ∅. It

describes the targets of the artificial adjuvant, namely

malware or AIS detectors or both, and determines

which manner as follows the artificial adjuvant use to

improve the detection performance of AIS:

1) Enhancing the significance of the behavior of

malware, thereby increasing the immunogenicity

of malware.

2) Enhancing AIS detectors’ ability to identify mal-

ware.

• S (Strategy): strategy set S specifies one or more

induction mechanisms used by artificial adjuvant. S ⊆M , and M is the set of induction mechanisms. Inspired

by mechanisms of immunological adjuvant, we propose

following induction mechanisms :

1) Inducing danger signals (I DS): the release of

artificial adjuvant stimulates the generation of

danger signals.

2) Inducing PAMP signals (I PAMPS): the release

of artificial adjuvant stimulates the generation of

PAMP signals.

3) Inducing cytokines (I CYT): the release of

artificial adjuvant stimulates the generation of

cytokines which can enhance or accelerate the

recognition of AIS detectors.

4) Inducing antigens (I AG): the release of artifi-

cial adjuvant increases the activity of antigens to

ensure sustained stimulation to AIS.

• C (Concentration): the concentration of artificial ad-

juvant controls the intensity of induction and maintains

the AIS response in a reasonable range (effectively

identifying malware without much adverse effects). It

is variable in stimulus period.

• T (stimulate Time): the period when artificial adjuvant

takes effect. In this period, artificial adjuvant will

continue affecting malware with poor ‘immunogenicity’

and stimulating AIS to enhance AIS responses.

Because DCs play an important role when immunological

adjuvants take effect, we propose two concrete artificial

adjuvants implementation (namely signal-inducing adjuvant

and danger-amplifying adjuvant) for the DCA which is based

on behavioral models of natural DCs based on the general

model described above. As improvements for the DCA,

these artificial adjuvants can increase the significance of the

behavior of stealthy malware, enhance the DCs’ ability to

sense and process signals, and accelerate the maturation of

the DCs.

A. Signal-Inducing Adjuvant

In the DCA, DCs are sensitive to changes in concentration

of different input signals (PAMP, danger and safe signals)

derived from behavioral attributes of the running programs

on the monitored machine. Therefore, decreasing the con-

centration of input signals becomes an effective way for

malware to evade detection by the DCA. Today’s malware

achieve this goal by working in a stealthy manner, such as

mimicry attacks [3].

The object of signal-inducing adjuvant is stealthy mal-

ware. Inspired by the mechanisms of immunological ad-

juvant, such as ‘danger signal’, ‘PAMP signal’ and ‘de-

pot effect’, the signal-inducing adjuvant can enhance the

‘immunogenicity’ of stealthy malware and stimulate the

generation of danger/PAMP signals persistently.

The strategy of the signal-inducing adjuvant is imple-

mented by continuously generating fake user activity (such

as keystrokes, mouse clicks and network requests). By carry-

ing out this enticement strategy, the signal-inducing adjuvant

triggers the stealthy malware’s action and causes it to fall

into a trap. As a result, the concentration of PAMP or danger

signals will remain in a high level. This can be beneficial

for the DCA to accurately identify the potential presence of

stealthy malware as early as possible. The signal-inducing

adjuvant can be described as follows:

• O = {Malware}• S = {I DS, I PAMPS, I AG}• C = the number of fake user activities generated per

round, C ∈ Z+

212020

• T = the number of round of generating fake user

activities, T ∈ Z+

In the induction process, the stimulate time T controls

the number of rounds of generating fake activities. The

value of this parameter cannot be too small, or the transient

increases in the concentration of PAMP or danger signals

are likely to be ignored by the DCA which has the ability to

noise-tolerance [15]. The adjuvant concentration C controls

the number of fake user activities generated per round.

The bigger the value of C is, the stronger the stimulus

to stealthy malware is, and the more obvious the malware

exhibits its malicious behavior. But in the same time, high

concentration of the signal-inducing adjuvant will cause

more side effects (for example, increasing the load on the

system, interfering with the normal applications or affecting

the normal operations of the uses, etc.).

B. Danger-Amplifying Adjuvant

The DCA performs multi-sensor data fusion on a set

of input signals, and in response produces CSM, mature

and semi-mature output signals. The CSM output signal

determines the timing of the differentiation of the DCs, and

the other two output signals are used to represent the state

to which the DCs differentiate. These three output signals

are subject to the regulation of cytokines.

The object of danger-amplifying adjuvant is AIS de-

tectors; here are the DCs in the DCA. Inspired by the

‘costimulatory molecules’ mechanisms of immunological

adjuvant, the danger-amplifying adjuvant accelerates the

accumulation of the CSM signals by amplifying the effect of

the danger/PAMP signal on the maturation of the DCs. The

danger-amplifying adjuvant can be described as follows:

• O = {Detector}• S = {I CY T}• C = R

+∧

C > 1• T = the maximum time (in seconds) the danger-

amplifying adjuvant takes effect.

Inflammatory cytokines are signals that amplify the effects

of the other input signals [16]. By representing or inducing

this kind of cytokines, danger-amplifying adjuvant amplifies

the effects of PAMP signals and danger signals which stand

for potentially malicious behavior, and accelerates the accu-

mulation of output signals. The output signals in the DCA

are calculated as follows after introducing inflammatory

cytokines:

O = WP ∗ SP ∗ IC + WS ∗ SS + WD ∗ SD ∗ IC (1)

where O is the value of output signals, Sx is the value

of input signals, W is the weight value of input signal to

corresponding output signal, IC is the value of inflammatory

cytokines and it is calculated as follows:

IC ={

C, t < T (2a)

1, t > T (2b)

where C is the concentration of the danger-amplifying

adjuvant, T is the stimulate time of the danger-amplifying

adjuvant, t is the elapse time.

V. CONCLUSION AND FUTURE WORK

The increase in stealth of malware has brought the AIS

many difficulties in malware detection. To solve this prob-

lem, inspired by immunological adjuvant which can enhance

the immune responses to weak antigens, we proposed artifi-

cial adjuvant as an improvement for AIS. Artificial adjuvants

are capable of increasing the ‘immunogenicity’ of stealthy

malware and accelerating the recognition of AIS detectors.

We designed two concrete artificial adjuvants namely signal-

inducing adjuvant and danger-amplifying adjuvant according

to the mechanisms of the DCA. These artificial adjuvants

shed some lights for the DCA on improving the performance

of stealthy malware detection in respect of not only im-

proving the detection rate, but also helping detecting hidden

malware as soon as possible.

For future research, firstly, experiments on the two

artificial adjuvants (signal-inducing adjuvant and danger-

amplifying adjuvant) are needed to evaluate their effects on

enhancing the detection performance of the DCA. Secondly,

further understanding of the mechanisms of immunological

adjuvants can be beneficial to design more biologically plau-

sible and more sophisticated artificial adjuvants. Thirdly, we

will design artificial adjuvants according to the mechanisms

of other AIS other than the DCA to make them more diverse

and more general.

REFERENCES

[1] J. Greensmith, A. Whitbrook, and U. Aickelin, ArtificialImmune Systems. Springer, 2010, ch. 14, pp. 421–448.

[2] Y. Al-Hammadi, U. Aickelin, and J. Greensmith, “Dca forbot detection,” in Proceedings of the IEEE World Congresson Computational Intelligence (WCCI), 2008, pp. 1807–1816.

[3] M. SalmanManzoor, S. Tabish, and M. Farooq, “A senseof ’danger’ for windows processes,” in Proceedings of the8th International Conference of Artificial Immune System(ICARIS 2009), 2009, pp. 220–233.

[4] J. Fu, Y. Liang, C. Tan, and X. Xiong, “Detecting softwarekeyloggers with dendritic cell algorithm,” in Proceedings ofthe 2010 International Conference on Communications andMobile Computing (CMC), 2010, pp. 111–115.

[5] Y. Al-Hammadi, “Behavioural correlation for malicious botdetection,” Ph.D. dissertation, School of Computer Science,University Of Nottingham, 2010.

[6] F. Gu, J. Greensmith, and U. Aickelin, “Further explorationof the dendritic cell algorithm: Antigen multiplier and timewindows,” in Proceedings of the 7th International Conferenceon Artificial Immune Systems (ICARIS 2008), 2008, pp. 142–153.

222121

[7] V. Schijns, “Immunological concepts of vaccine adjuvantactivity,” Current Opinion in Immunology, vol. 12, no. 4, pp.456–463, 2000.

[8] P. Matzinger, “Tolerance, danger, and the extended family,”Annual Review of Immunology, vol. 12, no. 1, pp. 991–1045,1994.

[9] J. Greensmith, “The dendritic cell algorithm,” Ph.D. disserta-tion, School of Computer Science, University of Nottingham,2007.

[10] F. Vogel, “Adjuvants in perspective,” Developments in biolog-ical standardization, vol. 92, pp. 241–248, 1998.

[11] J. Donnelly, “New developments in adjuvants,” Mechanismsof Ageing and Development, vol. 93, no. 1-3, pp. 171–177,1997.

[12] C. Janeway, “Immunogenecity signals 1, 2, 3... and 0,”Immunology Today, vol. 10, no. 9, pp. 283–286, 1989.

[13] J. Freund, J. Casals, and E. Hosmer, “Sensitization andantibody formation after injection of tubercle bacilli andparaffin oil,” Proc Soc Exp Biol Med, vol. 37, no. 3, pp. 509–513, 1937.

[14] R. Zinkernagel, S. Ehl, P. Aichele, S. Oehen, T. Kundig,and H. Hengartner, “Antigen localisation regulates immuneresponses in a dose-and time-dependent fashion: a geograph-ical view of immune reactivity,” Immunological Reviews, vol.156, no. 1, pp. 199–209, 1997.

[15] R. Oates, G. Kendall, and J. Garibaldi, “Classifying in thepresence of uncertainty: A dca perspective,” in Proceedings ofthe 9th International Conference of Artificial Immune System(ICARIS 2010), 2010, pp. 75–87.

[16] J. Greensmith, U. Aickelin, and S. Cayzer, “Introducingdendritic cells as a novel immune-inspired algorithm foranomaly detection,” in Proceedings of the 4th InternationalConference of Artificial Immune System (ICARIS 2005), 2005,pp. 153–167.

232222