CAJ | 학술논문

现有的蠕虫检测方法大多通过关闭不安全的端口,切断感染主机与未感染主机之间通信等方法延缓蠕虫传播而达到将损害减少到最低程度的目的.实际上在实施这些方法时往往有许多障碍需要克服,其中的最大障碍就是存在错误检测率高的问题.现将免疫危险理论中的DCs(树突状细胞,Dendritic Cells)-T细胞协同机制用于蠕虫检测,其中DCs属于先天免疫系统细胞,T细胞属于适应性免疫系统细胞.本模型将蠕虫进程触发的系统调用序列当作抗原,将感染蠕虫导致的主机和网络异常当作危险信号.在该模型中,DCs负责危险信号的收集检测并提呈与该危险信号关联的抗原给T细胞检测器进行抗原结构检测.理论分析说明,这样的双重检测方法可以降低伪肯定率和伪否定率,并且记忆T细胞检测器的采用能使系统对类似蠕虫的再次感染反应更加迅速.
현유적연충검측방법대다통과관폐불안전적단구,절단감염주궤여미감염주궤지간통신등방법연완연충전파이체도장손해감소도최저정도적목적.실제상재실시저사방법시왕왕유허다장애수요극복,기중적최대장애취시존재착오검측솔고적문제.현장면역위험이론중적DCs(수돌상세포,Dendritic Cells)-T세포협동궤제용우연충검측,기중DCs속우선천면역계통세포,T세포속우괄응성면역계통세포.본모형장연충진정촉발적계통조용서렬당작항원,장감염연충도치적주궤화망락이상당작위험신호.재해모형중,DCs부책위험신호적수집검측병제정여해위험신호관련적항원급T세포검측기진행항원결구검측.이론분석설명,저양적쌍중검측방법가이강저위긍정솔화위부정솔,병차기억T세포검측기적채용능사계통대유사연충적재차감염반응경가신속.
As most of existing worm detection methods have a number of significant hurdles to overcome in order to employ such actions as blocking unsecure ports,breaking communication between infected and non-infected hosts to slow down worm propagation and minimize potential damage.The most noteworthy obstacle is the high false positive rate problem.A recently developed hypothesis in immunology,the Danger Theory,states that our immune system responds to the presence of intruders through sensing molecules belonging to those invaders,plus signals generated by the host indicating danger and damage.Inspired by the theory,the paper proposed an artificial immune model for worm detection.The model considers the cooperation of Dendritic Cells (DCs) in the innate immune system and T cells in the adaptive immune system,in which system calls comprising a process generated can be viewed as antigens and the corresponding behavioral information of the system and network can be viewed as signals.The theory analysis shows that the dual detection method of DCs detecting the behavioral information caused by antigens and T cells detecting antigens can decrease false positive rate,and the model also has a fast secondary response to the reinfection by the same or similar worm.