A Malicious Code Detection Method Based on Dendritic Cell Algorithm

Abstract

The invention provides a malicious code detection method based on a dendritic cell algorithm. The method includes that improvements are performed mainly on the dendritic cell algorithm, and the problem of generation and classification of signals when the dendritic cell algorithm is applied to perform malicious code monitoring is solved; numerical values of a mature context antigen value (MCAV) and an abnormal threshold value are compared, a process is judged to be illegal when the MCAV is larger than the abnormal threshold value, and the process is judged to be legal when the MCAV is smaller than the abnormal threshold value. By the method, detection efficiency of malicious codes is improved, false positive rate is lowered, and detection of unknown viruses is realized. Compared with other detection methods, the method has the advantages that a working principle of a biological immunity system is simulated, and the problem of malicious code detection can be solved better.

Description

technical field [0001] The invention proposes a malicious code detection method based on a dendritic cell algorithm, which mainly improves the dendritic cell algorithm, solves the problem of signal generation and classification when the dendritic cell algorithm is used for malicious code monitoring, and belongs to the field of information security question. Background technique [0002] With the rapid development of communication network technology, the IP-based packet switching network is growing stronger and stronger, bringing rapid changes to the whole society. However, the rapid development of network technology has also brought many security problems. Among them, malicious codes account for the largest proportion of social, economic and military losses. Malicious code is a program or code that spreads from one computer system to another through storage media and networks, and destroys the integrity of the computer system without authorization. It includes computer vir...

AI Technical Summary

Problems solved by technology

The dendritic cell algorithm is abstracted from the function of dendritic cells in the human immune system on the basis of risk theory, and has a clearer definition of each part of the immune system, but the DCA algorithm also has some limitations: first , the algorithm is based on the fact that the system knows the type of input signal, and there is less research on how the system determines the type of signal, and it is generally assumed that the signal is detected and determined by "professional" cells

Secondly, the weighted sum formula is used to model the biological signal conversion mechanism, and the weights used are empirical data. Although the calculation cost is reduced, it is too simple and cannot accurately reflect the fusion of signals.

Third, DCA randomly assigns thresholds to each DC, and unreasonable thresholds may cause DC detection failures

That is to say, if the threshold is too large, the cumulative CSM (Co-Stimulatory Molecules, co-stimulatory molecules) value of DC cannot exceed the threshold, resulting in the inability of DC cells to differentiate

Conversely, if the threshold is too small, the DC update frequency is too fast, increasing the calculation intensity

Images