Information Technology Reference
In-Depth Information
Detect anomaly
Scan for known viruses
Remove virus
Capture samples using decoys
Send signals to
neighbor machines
Segregate
code/data
Algorithmic
virus analysis
Extract signature(s)
Add removal info
to database
Add signature(s) to databases
Figure 7.2
Flow diagram shows Kephart's approach in virus detection.
Finally, the signature and the repair program are stored in an archive of the
anti-virus database, and the updated (new) version needs to be distributed to the
customers (Figure 7.2).
In another work, Lamont et al. (1999) proposed a computer virus immune
system (CVIS), which uses hierarchical intelligent agent architecture for identify-
ing, attacking, and eradicating viruses from computers and networks. Particularly,
coordination among intelligent agents is accomplished at three levels: local, net-
work, and global. h e functions of agents at each level are shown in Figure 7.3.
For example, an agent at local level monitors an individual computer (or node)
for potential viruses, where each node uses decoy program as described earlier
(Kephart, 1994). Agents at the network level keep track of viruses in network tra
c
and inform at the local level, whereas agents at the global level involve in generating
and adapting virus-fi ghting resources.
An automated detection and response system for identifying malicious self-
propagating code and to stop its spread, called Cooperative Automated worm
Response and Detection ImmuNe Algorithm (CARDINAL), was proposed by
Kim et al. (2005). h is method was based on the concepts of diff erentiation states
of T cells. Particularly, three key properties of T cells have been identifi ed: T cell
proliferation to optimize the number of peer hosts polled, T cell diff erentiation to
Search WWH ::
Custom Search