Upload
huan
View
220
Download
4
Embed Size (px)
Citation preview
Introducing Adjuvants to Dendritic Cell Algorithm for Stealthy Malware Detection
Jun Fu, Huan Yang
The 28th Research Institute of CETC, Nanjing, ChinaEmail: [email protected], [email protected]
Abstract—The increase in stealth of malware has broughtthe Dendritic Cell Algorithm (DCA) many difficulties in mal-ware detection. To solve this problem, in this paper we takeinspiration from immunological adjuvant which can enhancethe immune responses to weak antigens, and propose itscounterpart namely artificial adjuvant as an improvement forthe DCA. Artificial adjuvants are capable of increasing the‘immunogenicity’ of stealthy malware and accelerating thereaction of the dendritic cells (DCs). In such a way, they shedsome lights for the DCA on improving the performance ofstealthy malware detection in respect of not only improvingthe detection rate, but also helping detecting hidden malwareas soon as possible.
Keywords-Adjuvants; Dendritic Cell Algorithm (DCA);Stealthy Malware; Artificial Immune System (AIS)
I. INTRODUCTION
The Dendritic Cell Algorithm (DCA) is a second-
generation Artificial Immune System (AIS) algorithm. It is
based on an abstract model of the function of dendritic cells
and their ability to discriminate between healthy and infected
tissue [1]. As a context-aware anomaly detection algorithm,
the DCA performs well in malware detection. Current re-
search with this algorithm [2][3][4][5] have suggested that
the DCA shows not only excellent performance on detection
rate, but also promise in assisting in reducing the number of
false positive errors shown with similar systems.
However, as the defenses evolve, so does the malware.
The DCA distinguishes between normal and potentially ma-
licious antigens on the basis of the concentration of danger
signals they cause and neighboring antigens. This feature can
be exploited by crafty malware via mimicry attacks (such
as blending with normal activities or mimicking normal
behavior) to evade detection by the DCA [3]. For example,
some stealthy malware communicate with remote servers
only when they detect user activities (such as requesting web
pages). This reduces both the frequency and significance
of malicious behavior, making the malware less active and
more likely to avoid detection by the DCA [5].
In [6], Gu et al. proposed an improvement for the
DCA namely antigen multiplier to overcome the problem
of ‘antigen deficiency’. As an additional function of the
DCA, antigen multiplier can make several copies of each
individual antigen which can be fed to multiple dendritic
cells (DCs). Then the classification decision is averaged over
the replicated population. The experimental results showed
that antigen multiplier helped in improving the classification
accuracy [3]. But, as antigen multiplier copies every antigen
it meets indifferently, it may show less resistance to mimicry
attacks since the concentration of potentially malicious anti-
gens is not increased.
Similar to the inefficient detection to hidden and inactive
malware by the DCA, biological immune system (BIS)
also shows inefficiency when responds to some antigens.
Vaccines made up of inactive foreign proteins are often dif-
ficult to stimulate the body to produce an effective immune
response. This is because the vaccines are essentially live-
attenuated or inactivated pathogens, and thus have poor or
no immunogenicity (the ability of antigen to elicit immune
response). Therefore, they require adjuvants to enhance the
immunogenicity of weak antigens and elicit an adequate
immune response [7].
In this paper, we imitate the mechanisms of immunologi-
cal adjuvants and propose the concept of artificial adjuvants
in AIS domains. Because DCs play an important role when
immunological adjuvants take effect [7], we design two
concrete artificial adjuvants as the additional functions for
the DCA, namely signal-inducing adjuvant and danger-
amplifying adjuvant. Like their biological counterparts, they
can increase the ‘immunogenicity’ of stealthy malware and
enhance the detection capability of the DCA.
II. DENDRITIC CELL ALGORITHM AND ITS VARIATIONS
The Dendritic Cell Algorithm (DCA) is one of the newest
members in the AIS family. Unlike other AIS, the DCA does
not rely on the pattern matching of antigen, but instead uses
principles from the danger theory [8] to perform ‘context
aware’ anomaly detection. It has the ability to combine
current context of the environment evaluated from multiple
signals with suspect antigen to form the basis of anomaly
detection. In this section, we briefly introduce the funda-
mentals and variations of the DCA.
A. Classical Dendritic Cell Algorithm
The DCA is derived from an abstract model of DC biology
resulting in a population based algorithm, with each agent
represented as a DC. Each cell has the capacity to collect
input signals (PAMP, danger, safe) which can show the
changes of the conditions of the monitored system and
antigens who are responsible for the changes. The combina-
tion of the input signals forms cumulative output signals
(CSM, semi-mature, mature) of DCs. The transformation
2012 Fifth International Symposium on Computational Intelligence and Design
978-0-7695-4811-1/12 $26.00 © 2012 IEEE
DOI 10.1109/ISCID.2012.156
19
2012 Fifth International Symposium on Computational Intelligence and Design
978-0-7695-4811-1/12 $26.00 © 2012 IEEE
DOI 10.1109/ISCID.2012.156
18
2012 Fifth International Symposium on Computational Intelligence and Design
978-0-7695-4811-1/12 $26.00 © 2012 IEEE
DOI 10.1109/ISCID.2012.156
18
from input to output signal per cell is performed using a
simple weighted sum as:Oj =∑i=2
i=0 Wij ∗ Si,∀j, where Wis the weight matrix, S is the input signal vector, O is the
output signal vector, i refers to the category of input signal,
j refers to the category of output signal.The weight values
are described in [9].
DC spends time to collect signals and antigens. As the
level of input signal experienced increases, the CSM output
signal (O1) also increases. Once CSM reaches a ‘migration’
threshold, the cell stops signal and antigen collection and
is removed from the population for antigen presentation. In
order to derive a context for the presented antigen, semi-
mature output signal (O2) and mature output signal (O3)
are compared in value. The context is termed as safe if O2
is greater than O3, and vice-versa. To keep the population
static, the cell is replaced by a new one. Each DC is assigned
a different migration threshold value, causing different cells
sampling for different durations and experience different
input signal combinations.
Each antigen is sampled multiple times so that it can
appear in different contexts. In order to identify potentially
malicious antigens, they are tagged with a mature context
antigen coefficient, MAC [2]. The MAC value is calculated
as: MACi = Nmi∑Ag , where i refers to the antigen type, Nmi
refers to the number of mature antigens of type i and∑
Agis the total number of antigens.
B. Antigen Multiplier and Moving Time-Windows
Since the seminal work of Greensmith et al., Gu et al.
enhanced the DCA with two additional features, called
antigen multiplier and moving time-windows.
The DCA requires multiple instances of identical antigens,
termed the ‘antigen type’, so processing across a population
can be performed in order to generate the MCAV for each
antigen type. The concept of antigen multiplier caters for
this requirement. Each antigen is copied multiple times to
feed to multiple DCs. Experimental results show that antigen
multiplier overcome the problem of ‘antigen deficiency’ and
improve the detection accuracy to some extent. However, as
antigen multiplier copies every antigen it meets indifferently,
it may show less resistance to mimicry attacks since the con-
centration of potentially malicious antigens is not increased.
The signals in our body do not die suddenly but fade
slowly over a period of time. This temporal effect of signals
is captured by introducing the concept of moving time-
windows in the DCA . New signals are computed using:
Nij = 1w
∑i+wn=i Onj ,∀j, where Nij is new signal value of
ith antigen of jth category, w is the window size and Onj is
original signal of nth antigen and jth category. New signals
(N ) are the average of old signals (O) in a particular time-
window. Intuitively speaking, averaging of signals reduces
the noise in input signals. But experimental results show that
moving time-windows show little relevance in improving the
detection accuracy.
III. IMMUNOLOGICAL ADJUVANTS
Adjuvants are compounds that enhance the immune re-
sponse against antigens with the word adjuvant coming from
the Latin word adjuvare, which means to help or to enhance
[10]. With the in-depth development of vaccine engineering,
adjuvants are often used in combination with vaccines,
to accelerate, prolong or improve the immune response.
This is because new-generation vaccine antigens are poorly
immunogenic and difficult to induce an effective immune
response when administered alone, even though they offer
advantages such as reduced toxicity compared to traditional
vaccines. Therefore, a great need exists for immunological
adjuvants that can enhance the immunogenicity of weak
antigens and the level of immune responses to them [11].
The mechanisms underlying the adjuvant activity are di-
verse and generally can be categorized as follows according
to five recently proposed concepts of immunogenicity [7]:
1) Danger signal: According to the ‘danger model’ of
the immune response [8], signals from damaged or
stressed cells activate antigen presenting cells (APCs,
the commander of the immune system) and start an
immune response. An adjuvant could be defined as
a danger (-inducing) signal, thereby increasing the
capture and presentation capacities of the APCs.
2) PAMP signal: The recognition of conserved micro-
bial structures, so-called pathogen-associated micro-
bial patterns (PAMP) is a crucial event for APC activa-
tion [12]. By mimicking these microbial structures and
combining with the antigens, adjuvants can stimulate
APC efficiently to recognize these compounds.
3) Costimulatory molecules: According to the danger
model [8], the expression of costimulatory molecules
on APCs is considered essential for efficient antigen
presentation and adaptive immune response. Adjuvants
such as inflammatory cytokines produced by innate
immune cells can regulate the expression of costimu-
latory molecules and influence the APC polarization.
4) Depot effect: the sustained presence of antigens ap-
pears important for immune responses [13]. Antigen
maintenance is effectively established by some adju-
vants that form a deposit of antigens. These adjuvants
give immune systems enough time for recognition and
response through prolong the existence of the antigens
in the body.
5) Antigen transportation: According to the recently
proposed geographical concept of immune reactivity,
antigen that does not reach the draining lymph nodes
is not responded to [14]. Therefore, Increasing attrac-
tion of APCs towards the injection site, increasing
loading of APCs or increasing transport of antigen-
loaded APCs towards the lymph nodes can result in
immunostimulation by adjuvants.
Each adjuvant can play multiple mechanisms. Mechanism
201919
1), 2) and 4) are antigen targeted. They enhance the immuno-
genicity of weak antigens and prolong the period of immune
responses by changing physical properties and increasing the
harmfulness of the antigens. APCs act as a control center in
the immune system and are important media for adjuvants.
Adjuvants with mechanisms 1), 2), 3) and 5) stimulate the
release of signals which are perceived (such as danger and
PAMP signals) or secreted (such as costimulatory signals)
by APCs, and enhance antigen transport abilities of APCs.
IV. ARTIFICIAL ADJUVANTS
The immunogenicity of antigen is its ability to induce
immune response. As a result, antigen with poor immuno-
genicity cannot elicit an efficient immune response. Like-
wise, the enhancement of the ability to evade detection
by AIS can also be considered to be the weakening of
the ‘immunogenicity’ of malware. To solve this problem,
we take inspiration from immunological adjuvant which
can enhance the immune responses to weak antigens, and
propose its counterpart namely artificial adjuvant. Through
its induction effect on antigen and some important signals of
AIS, the artificial adjuvant can improve the stealthy malware
detection performance of AIS.
The concept of artificial adjuvant we propose in this paper
is as follow:
Definition 1: Artificial adjuvant is an AIS component
run with the malware that can enhance or/and accelerate the
response of AIS to the malware. In detail, artificial adjuvant
is a quaternion below:
Arti Adjuvant(O, S, C, T )
• O (Object): O ⊆ {Malware,Detector}∧O �= ∅. It
describes the targets of the artificial adjuvant, namely
malware or AIS detectors or both, and determines
which manner as follows the artificial adjuvant use to
improve the detection performance of AIS:
1) Enhancing the significance of the behavior of
malware, thereby increasing the immunogenicity
of malware.
2) Enhancing AIS detectors’ ability to identify mal-
ware.
• S (Strategy): strategy set S specifies one or more
induction mechanisms used by artificial adjuvant. S ⊆M , and M is the set of induction mechanisms. Inspired
by mechanisms of immunological adjuvant, we propose
following induction mechanisms :
1) Inducing danger signals (I DS): the release of
artificial adjuvant stimulates the generation of
danger signals.
2) Inducing PAMP signals (I PAMPS): the release
of artificial adjuvant stimulates the generation of
PAMP signals.
3) Inducing cytokines (I CYT): the release of
artificial adjuvant stimulates the generation of
cytokines which can enhance or accelerate the
recognition of AIS detectors.
4) Inducing antigens (I AG): the release of artifi-
cial adjuvant increases the activity of antigens to
ensure sustained stimulation to AIS.
• C (Concentration): the concentration of artificial ad-
juvant controls the intensity of induction and maintains
the AIS response in a reasonable range (effectively
identifying malware without much adverse effects). It
is variable in stimulus period.
• T (stimulate Time): the period when artificial adjuvant
takes effect. In this period, artificial adjuvant will
continue affecting malware with poor ‘immunogenicity’
and stimulating AIS to enhance AIS responses.
Because DCs play an important role when immunological
adjuvants take effect, we propose two concrete artificial
adjuvants implementation (namely signal-inducing adjuvant
and danger-amplifying adjuvant) for the DCA which is based
on behavioral models of natural DCs based on the general
model described above. As improvements for the DCA,
these artificial adjuvants can increase the significance of the
behavior of stealthy malware, enhance the DCs’ ability to
sense and process signals, and accelerate the maturation of
the DCs.
A. Signal-Inducing Adjuvant
In the DCA, DCs are sensitive to changes in concentration
of different input signals (PAMP, danger and safe signals)
derived from behavioral attributes of the running programs
on the monitored machine. Therefore, decreasing the con-
centration of input signals becomes an effective way for
malware to evade detection by the DCA. Today’s malware
achieve this goal by working in a stealthy manner, such as
mimicry attacks [3].
The object of signal-inducing adjuvant is stealthy mal-
ware. Inspired by the mechanisms of immunological ad-
juvant, such as ‘danger signal’, ‘PAMP signal’ and ‘de-
pot effect’, the signal-inducing adjuvant can enhance the
‘immunogenicity’ of stealthy malware and stimulate the
generation of danger/PAMP signals persistently.
The strategy of the signal-inducing adjuvant is imple-
mented by continuously generating fake user activity (such
as keystrokes, mouse clicks and network requests). By carry-
ing out this enticement strategy, the signal-inducing adjuvant
triggers the stealthy malware’s action and causes it to fall
into a trap. As a result, the concentration of PAMP or danger
signals will remain in a high level. This can be beneficial
for the DCA to accurately identify the potential presence of
stealthy malware as early as possible. The signal-inducing
adjuvant can be described as follows:
• O = {Malware}• S = {I DS, I PAMPS, I AG}• C = the number of fake user activities generated per
round, C ∈ Z+
212020
• T = the number of round of generating fake user
activities, T ∈ Z+
In the induction process, the stimulate time T controls
the number of rounds of generating fake activities. The
value of this parameter cannot be too small, or the transient
increases in the concentration of PAMP or danger signals
are likely to be ignored by the DCA which has the ability to
noise-tolerance [15]. The adjuvant concentration C controls
the number of fake user activities generated per round.
The bigger the value of C is, the stronger the stimulus
to stealthy malware is, and the more obvious the malware
exhibits its malicious behavior. But in the same time, high
concentration of the signal-inducing adjuvant will cause
more side effects (for example, increasing the load on the
system, interfering with the normal applications or affecting
the normal operations of the uses, etc.).
B. Danger-Amplifying Adjuvant
The DCA performs multi-sensor data fusion on a set
of input signals, and in response produces CSM, mature
and semi-mature output signals. The CSM output signal
determines the timing of the differentiation of the DCs, and
the other two output signals are used to represent the state
to which the DCs differentiate. These three output signals
are subject to the regulation of cytokines.
The object of danger-amplifying adjuvant is AIS de-
tectors; here are the DCs in the DCA. Inspired by the
‘costimulatory molecules’ mechanisms of immunological
adjuvant, the danger-amplifying adjuvant accelerates the
accumulation of the CSM signals by amplifying the effect of
the danger/PAMP signal on the maturation of the DCs. The
danger-amplifying adjuvant can be described as follows:
• O = {Detector}• S = {I CY T}• C = R
+∧
C > 1• T = the maximum time (in seconds) the danger-
amplifying adjuvant takes effect.
Inflammatory cytokines are signals that amplify the effects
of the other input signals [16]. By representing or inducing
this kind of cytokines, danger-amplifying adjuvant amplifies
the effects of PAMP signals and danger signals which stand
for potentially malicious behavior, and accelerates the accu-
mulation of output signals. The output signals in the DCA
are calculated as follows after introducing inflammatory
cytokines:
O = WP ∗ SP ∗ IC + WS ∗ SS + WD ∗ SD ∗ IC (1)
where O is the value of output signals, Sx is the value
of input signals, W is the weight value of input signal to
corresponding output signal, IC is the value of inflammatory
cytokines and it is calculated as follows:
IC ={
C, t < T (2a)
1, t > T (2b)
where C is the concentration of the danger-amplifying
adjuvant, T is the stimulate time of the danger-amplifying
adjuvant, t is the elapse time.
V. CONCLUSION AND FUTURE WORK
The increase in stealth of malware has brought the AIS
many difficulties in malware detection. To solve this prob-
lem, inspired by immunological adjuvant which can enhance
the immune responses to weak antigens, we proposed artifi-
cial adjuvant as an improvement for AIS. Artificial adjuvants
are capable of increasing the ‘immunogenicity’ of stealthy
malware and accelerating the recognition of AIS detectors.
We designed two concrete artificial adjuvants namely signal-
inducing adjuvant and danger-amplifying adjuvant according
to the mechanisms of the DCA. These artificial adjuvants
shed some lights for the DCA on improving the performance
of stealthy malware detection in respect of not only im-
proving the detection rate, but also helping detecting hidden
malware as soon as possible.
For future research, firstly, experiments on the two
artificial adjuvants (signal-inducing adjuvant and danger-
amplifying adjuvant) are needed to evaluate their effects on
enhancing the detection performance of the DCA. Secondly,
further understanding of the mechanisms of immunological
adjuvants can be beneficial to design more biologically plau-
sible and more sophisticated artificial adjuvants. Thirdly, we
will design artificial adjuvants according to the mechanisms
of other AIS other than the DCA to make them more diverse
and more general.
REFERENCES
[1] J. Greensmith, A. Whitbrook, and U. Aickelin, ArtificialImmune Systems. Springer, 2010, ch. 14, pp. 421–448.
[2] Y. Al-Hammadi, U. Aickelin, and J. Greensmith, “Dca forbot detection,” in Proceedings of the IEEE World Congresson Computational Intelligence (WCCI), 2008, pp. 1807–1816.
[3] M. SalmanManzoor, S. Tabish, and M. Farooq, “A senseof ’danger’ for windows processes,” in Proceedings of the8th International Conference of Artificial Immune System(ICARIS 2009), 2009, pp. 220–233.
[4] J. Fu, Y. Liang, C. Tan, and X. Xiong, “Detecting softwarekeyloggers with dendritic cell algorithm,” in Proceedings ofthe 2010 International Conference on Communications andMobile Computing (CMC), 2010, pp. 111–115.
[5] Y. Al-Hammadi, “Behavioural correlation for malicious botdetection,” Ph.D. dissertation, School of Computer Science,University Of Nottingham, 2010.
[6] F. Gu, J. Greensmith, and U. Aickelin, “Further explorationof the dendritic cell algorithm: Antigen multiplier and timewindows,” in Proceedings of the 7th International Conferenceon Artificial Immune Systems (ICARIS 2008), 2008, pp. 142–153.
222121
[7] V. Schijns, “Immunological concepts of vaccine adjuvantactivity,” Current Opinion in Immunology, vol. 12, no. 4, pp.456–463, 2000.
[8] P. Matzinger, “Tolerance, danger, and the extended family,”Annual Review of Immunology, vol. 12, no. 1, pp. 991–1045,1994.
[9] J. Greensmith, “The dendritic cell algorithm,” Ph.D. disserta-tion, School of Computer Science, University of Nottingham,2007.
[10] F. Vogel, “Adjuvants in perspective,” Developments in biolog-ical standardization, vol. 92, pp. 241–248, 1998.
[11] J. Donnelly, “New developments in adjuvants,” Mechanismsof Ageing and Development, vol. 93, no. 1-3, pp. 171–177,1997.
[12] C. Janeway, “Immunogenecity signals 1, 2, 3... and 0,”Immunology Today, vol. 10, no. 9, pp. 283–286, 1989.
[13] J. Freund, J. Casals, and E. Hosmer, “Sensitization andantibody formation after injection of tubercle bacilli andparaffin oil,” Proc Soc Exp Biol Med, vol. 37, no. 3, pp. 509–513, 1937.
[14] R. Zinkernagel, S. Ehl, P. Aichele, S. Oehen, T. Kundig,and H. Hengartner, “Antigen localisation regulates immuneresponses in a dose-and time-dependent fashion: a geograph-ical view of immune reactivity,” Immunological Reviews, vol.156, no. 1, pp. 199–209, 1997.
[15] R. Oates, G. Kendall, and J. Garibaldi, “Classifying in thepresence of uncertainty: A dca perspective,” in Proceedings ofthe 9th International Conference of Artificial Immune System(ICARIS 2010), 2010, pp. 75–87.
[16] J. Greensmith, U. Aickelin, and S. Cayzer, “Introducingdendritic cells as a novel immune-inspired algorithm foranomaly detection,” in Proceedings of the 4th InternationalConference of Artificial Immune System (ICARIS 2005), 2005,pp. 153–167.
232222