基于免疫原理的程序自动保护技术研究
|
摘要
计算机病毒出现以来,已对个人计算机系统及网络安全造成了巨大危害。随着计算机应用范围的进一步扩大,计算机病毒数量急增,并一直处于不断进化和高速发展的过程。目前,大多数反病毒软件能够有效地预防已知病毒,但无法很好地预防未知病毒,结果是先有病毒发作后有防护,始终处于被动防御状态,滞后于病毒攻击技术的发展,无法从根本上解决计算机中用户资源的保护问题。
计算机病毒检测中遇到的问题与生物免疫系统遇到的问题极为相似,生物免疫系统使用一系列免疫机制有效解决了该问题,所以模拟使用免疫机制的人工免疫系统是解决该问题的一个方向。本课题在这种:背景下开展工作,它借鉴了生物免疫系统的基本原理,将人工免疫技术应用于反病毒的研究中。
论文的主要工作包括:
1.研究了计算机病毒的最新发展,分析了传统病毒检测技术存在的问题,阐述了计算机免疫的基本原理以及计算机病毒免疫系统的研究现状。
2.将传统的反病毒技术与计算机免疫原理相结合,提出了一个基于免疫原理的程序自动保护系统方案,指出了该系统应具有的功能和特性目标,并设计了程序自动保护系统的整体结构。该系统采用层次结构,实施三层防御,具有多种免疫特性,能够预防各种已知和未知病毒,保护计算机中资源的完整性。
3.研究了程序保护系统中使用的关键技术,具体包括Self集、Nonself集的构造技术,检测器的构造与检测匹配算法,检测器集的构造技术。其中重点研究了支持恢复原始数据的Self集的构造技术,并提出了一种新的检测器集构造方法。支持恢复原始数据的Self集对于诸如工业现场控制等小规模程序系统的保护具有重要意义,新的检测器集构造方法则大大压缩了检测器的空间存储复杂度,降低了对“非自我”检测的计算复杂度,能够很好地用于实际的程序保护系统。
论文的最后,对本课题的研究工作进行了总结,并对下一步工作进行了展望。
The appearance of computer viruses has caused huge damage to personal computersystems and network securities. With the expansion of computer applications to newareas, the number of viruses has been increasing rapidly. Virus has been evolving andunder fast development. So far most of the anti-virus software are capable of protectingfrom known viruses effectively, however they can hardly guard against unknownviruses. The result is, protection always comes after the damage caused by virus. Theprotection is always passive, and lags behind the development of attacking techniquesof viruses. This is not a good solution to the problem of protecting computer resources.The problems in computer virus detection are similar to those in biological immunesystem. The immune mechanisms in biological immune system have solved theproblems effectively. Simulating the biological immune system in computer artificialimmune system is one of the ways to solve the problem. This research is conducted onapplying the principle of biological immune system to anti-virus investigation viaartificial immune system.
This thesis includes the followings:
1. The most recent development of computer virus is investigated. Problems intraditional virus detection techniques are analyzed. The principle on artificialimmune system is explained and present situation in the research is described.
2. A proposal on program automatic protection system is suggested based onimmune principle and traditional anti-virus techniques. The functionalities andfeatures of the system are indicated. The overall architecture of the system isdesigned. The system has layered structure with 3 layers' defense. It has multipleimmune properties and is capable of preventing known and unknown viruses,protecting the resource integrity in computer.
3. The key techniques in program protection system are investigated, whichinclude structure of Self set and Nonself set, structure of detector and matchalgorithm, and the structure techniques of detector set. Emphasis is put on theconstruction technology of Self set that supports the recovering of original data,and a new construction method of detector set is proposed. Self set hassignificant importance in the protection of small scale program systems such asindustry worksite control. The construction of new detector set greatly decreasedthe complexity of detector storing space. It also decreases the computingcomplexity on "Nonself" detection. This can be well applied to practicalprogram protection systems.
At the end of this paper, it summarizes the work as well as looks ahead about the futureresearch.
计算机病毒检测中遇到的问题与生物免疫系统遇到的问题极为相似,生物免疫系统使用一系列免疫机制有效解决了该问题,所以模拟使用免疫机制的人工免疫系统是解决该问题的一个方向。本课题在这种:背景下开展工作,它借鉴了生物免疫系统的基本原理,将人工免疫技术应用于反病毒的研究中。
论文的主要工作包括:
1.研究了计算机病毒的最新发展,分析了传统病毒检测技术存在的问题,阐述了计算机免疫的基本原理以及计算机病毒免疫系统的研究现状。
2.将传统的反病毒技术与计算机免疫原理相结合,提出了一个基于免疫原理的程序自动保护系统方案,指出了该系统应具有的功能和特性目标,并设计了程序自动保护系统的整体结构。该系统采用层次结构,实施三层防御,具有多种免疫特性,能够预防各种已知和未知病毒,保护计算机中资源的完整性。
3.研究了程序保护系统中使用的关键技术,具体包括Self集、Nonself集的构造技术,检测器的构造与检测匹配算法,检测器集的构造技术。其中重点研究了支持恢复原始数据的Self集的构造技术,并提出了一种新的检测器集构造方法。支持恢复原始数据的Self集对于诸如工业现场控制等小规模程序系统的保护具有重要意义,新的检测器集构造方法则大大压缩了检测器的空间存储复杂度,降低了对“非自我”检测的计算复杂度,能够很好地用于实际的程序保护系统。
论文的最后,对本课题的研究工作进行了总结,并对下一步工作进行了展望。
The appearance of computer viruses has caused huge damage to personal computersystems and network securities. With the expansion of computer applications to newareas, the number of viruses has been increasing rapidly. Virus has been evolving andunder fast development. So far most of the anti-virus software are capable of protectingfrom known viruses effectively, however they can hardly guard against unknownviruses. The result is, protection always comes after the damage caused by virus. Theprotection is always passive, and lags behind the development of attacking techniquesof viruses. This is not a good solution to the problem of protecting computer resources.The problems in computer virus detection are similar to those in biological immunesystem. The immune mechanisms in biological immune system have solved theproblems effectively. Simulating the biological immune system in computer artificialimmune system is one of the ways to solve the problem. This research is conducted onapplying the principle of biological immune system to anti-virus investigation viaartificial immune system.
This thesis includes the followings:
1. The most recent development of computer virus is investigated. Problems intraditional virus detection techniques are analyzed. The principle on artificialimmune system is explained and present situation in the research is described.
2. A proposal on program automatic protection system is suggested based onimmune principle and traditional anti-virus techniques. The functionalities andfeatures of the system are indicated. The overall architecture of the system isdesigned. The system has layered structure with 3 layers' defense. It has multipleimmune properties and is capable of preventing known and unknown viruses,protecting the resource integrity in computer.
3. The key techniques in program protection system are investigated, whichinclude structure of Self set and Nonself set, structure of detector and matchalgorithm, and the structure techniques of detector set. Emphasis is put on theconstruction technology of Self set that supports the recovering of original data,and a new construction method of detector set is proposed. Self set hassignificant importance in the protection of small scale program systems such asindustry worksite control. The construction of new detector set greatly decreasedthe complexity of detector storing space. It also decreases the computingcomplexity on "Nonself" detection. This can be well applied to practicalprogram protection systems.
At the end of this paper, it summarizes the work as well as looks ahead about the futureresearch.
引文
[1] 有关熊猫烧香防治的专题报道.Http://www.shaoxiang.org/.
[2] S. Forrest, A. Perelson, L. Allen, et al. Self-Nonself Discrimination in a Computer. In: Proc. of IEEE Symposium on Research in Security and Privacy. Oakland, 1994:202-212.
[3] S. Forrest, S. Hofmeyr, & A. Somayaji. Computer Immunology. Communications of the ACM, Vol.40, No.10, pp. 88-96 (1997).
[4] Somayaji A, Hofmeyr S, Forrest S. Principles of a Computer Immune System. New Security Paradigms Workshop. 1998.
[5] Hofmeyr A, Forrest S. Architecture for an Artificial Immune System[J]. Evolutionary Computation. 2000, 7(1):45-68.
[6] Dasgupta D, Forrest S. Artificial Immune Systems in Industrial Applications. In Accepted for presentation at the International conference on Intelligent Processing and Manufacturing Material. Honolulu, HI, 1999.
[7] Forrest S,Hofmeyr S,Somayaji A, et al. A Sense of Self for Unix Processes. In Proceedings of 1996 IEEE Symposium on Computer Security and Privacy, 1996.
[8] Kephart J.O. et al. Biologically inspired defense against computer viruses, proceedings of IJCAI'95, 1995.
[9] T. Okamoto and Y. Ishida. A distributed approach against computer virus inspired 妙 the immune system. IEICE Transactions on Communications, Tokyo. E83-B(5): 908-915.2000.
[10] Paul K.Harmer, Gary B.Lamont. An Agent Based Architecture for a Computer Virus Immune System. Proc of the Genetic and Evolutionary Computation Conference, Orlando, Florid, USA, 1999.
[11] 李欢,梁意文.一个基于Multi Agent的计算机交全免疫系统模型.计算机科学.2001(8).
[12] 梁意文,康立山.一种基于用户行为的Self集构造和演化方法.计算机应用研究.2001(9).
[13] 梁意文,汪朝霞,刘冬梅.基于食物链的计算机免疫多识别器协同识别模型.计算机工程与应用.2002(5).
[14] 戴志锋,何军.一种基于主机分布式安全扫描的计算机免疫系统模型.计算机应用.2001(10).
[15] 张慧敏,何军,黄厚宽.一个基于免疫的网络入侵检测模型.计算机工程与应用.2002(6).
[16] 白晓冰,曹阳,张维明等.基于人工免疫模型的网络入侵检测系统.计算机工程与应用.2002(9).
[17] 姜梅,丁秋林.一种基于生物免疫系统的计算机抗病毒新技术.计算机应用研究.2001(6)
[18] 张彦超等.一种基于免疫原理的网络入仪检测模型.计算机工程与应用.2002(10).
[19] F. Cohen. Computer Viruses: Theory and Experiments. Computers & Security, 1987,pp.22-35.
[20] 中华人民共和国计算机信息系统安全保护条例.http://www.china.org.cn/chinese/zhuanti/198455.htm.1994.
[21] Anti-Phishing Working Group. http://www.antiphishing.org/.
[22] Peter Szor. The Art of Computer Virus Research and Defense, Pearson Education, 2005.
[23] F. Cohen. Computer Viruses. Ph.D. Thesis. University of Southern California, 1986.
[24] 何江安等.计算机病毒防治使用教程.清华大学出版社.1990.
[25] 程胜利等.计算机病毒及其防治技术.清华大学出版社.2004.
[26] Dr. Vesselin Bontchev. Methodology of Computer Anti-Virus Research. University of Hamburg, Dissertation. 1998.
[27] Dr. Harold Highland. A Macro Virus. Computers & Security, 1989, pp. 178-188.
[28] Roger Riordan. Polysearch: An Extremely Fast Parallel Search Algorithm. Computer Virus and security Conference. 1992,pp.631-640.
[29] Frans Veldman. Why Do We Need Heuristics? Virus Bulletin Conference. 1995
[30] Eugene Kaspersky. Personal communication. 1997
[31] Dr. Igor Muttik. Personal communication. 2001
[32] 莫宏伟等.人工免疫系统:一个新兴的交叉学科.计算机工程与科学.2004,26(5):70-73.
[33] 吴敏毓,刘恭柏.医学免疫学.中国科学技术大学出版社.
[34] 李涛.计算机免疫学.北京:电子工业出版社.2004.
[35] 郭振河.基于人工免疫的计算机免疫技术研究.中国科学技术大学博士学位论文.2004
[36] 莫宏伟.人工免疫系统原理与应用.哈尔工业大学出版社.2002.
[37] Ishiguro A, Ichikawa S, Uchikawa Y. A gait acquisition of a 6-legged robot using immune networks. In: Proc IEEE/RSJ/GI International Conference on Intelligent Robots and Systems, Munich, Germany, 1994, 2: 1-34-1-41.
[38] Takahashi K, Yamada T. Application of an Immune Feedback Controller for Controlling Mechanical Systems. JSME International Joumal, Series C, 1998, 41 (2): 184-191.
[39] J.O. Kephart. A biologically inspired immune system for computers. Proc. of the 4th International Workshop on the Synthesis and Simulation of Living Systems. MIT Press, 1994.
[40] S. Hofmeyr. An Immunological Model of Distributed Detection and its Application to Computer Security. Ph.D. dissertation, Univ. New Mexico, 1999.
[41] 张汉亭,计算机病毒与反病毒技术,清华大学出版社,1996.
[42] S. R White, M. Swimmer, E. J. Pring, W, C. Arnold, D. M. Chess, J. F. Morar. Anatomy of a commercial-grade immune system. IBM Thomas J. Watson Research Center, Yorktown Heights, New York, USA, 2000.
[43] 陆阳等,计算机免疫系统的实现利分析,计算机工程,2003.5.
[44] 景岩等,基于文件指纹的病毒免疫系统设计,河南科技,2005.9.
[45] 汪朝霞.基于系统调用的计算机免疫系统.武汉大学硕士学位论文.2002.p26.
[46] 孙勇智.人工免疫系统模型、算法及其应用研究.浙江大学博士学位论文.2004.
[47] 届建平.基于免疫机制的快速异常检测算法.中国科技大学硕士学何论文.2005.
[48] 张楠等.一种改进的计算机免疫模型.西南民族大学学报(自然科学版).2005.3.
[49] 罗雪峰.计算机免疫系统中识别器的改进.计算机工程.2004.9.
[50] 张海峰等.计算机免疫识别规则的演化挖掘.计算机工程.2001.11.
[2] S. Forrest, A. Perelson, L. Allen, et al. Self-Nonself Discrimination in a Computer. In: Proc. of IEEE Symposium on Research in Security and Privacy. Oakland, 1994:202-212.
[3] S. Forrest, S. Hofmeyr, & A. Somayaji. Computer Immunology. Communications of the ACM, Vol.40, No.10, pp. 88-96 (1997).
[4] Somayaji A, Hofmeyr S, Forrest S. Principles of a Computer Immune System. New Security Paradigms Workshop. 1998.
[5] Hofmeyr A, Forrest S. Architecture for an Artificial Immune System[J]. Evolutionary Computation. 2000, 7(1):45-68.
[6] Dasgupta D, Forrest S. Artificial Immune Systems in Industrial Applications. In Accepted for presentation at the International conference on Intelligent Processing and Manufacturing Material. Honolulu, HI, 1999.
[7] Forrest S,Hofmeyr S,Somayaji A, et al. A Sense of Self for Unix Processes. In Proceedings of 1996 IEEE Symposium on Computer Security and Privacy, 1996.
[8] Kephart J.O. et al. Biologically inspired defense against computer viruses, proceedings of IJCAI'95, 1995.
[9] T. Okamoto and Y. Ishida. A distributed approach against computer virus inspired 妙 the immune system. IEICE Transactions on Communications, Tokyo. E83-B(5): 908-915.2000.
[10] Paul K.Harmer, Gary B.Lamont. An Agent Based Architecture for a Computer Virus Immune System. Proc of the Genetic and Evolutionary Computation Conference, Orlando, Florid, USA, 1999.
[11] 李欢,梁意文.一个基于Multi Agent的计算机交全免疫系统模型.计算机科学.2001(8).
[12] 梁意文,康立山.一种基于用户行为的Self集构造和演化方法.计算机应用研究.2001(9).
[13] 梁意文,汪朝霞,刘冬梅.基于食物链的计算机免疫多识别器协同识别模型.计算机工程与应用.2002(5).
[14] 戴志锋,何军.一种基于主机分布式安全扫描的计算机免疫系统模型.计算机应用.2001(10).
[15] 张慧敏,何军,黄厚宽.一个基于免疫的网络入侵检测模型.计算机工程与应用.2002(6).
[16] 白晓冰,曹阳,张维明等.基于人工免疫模型的网络入侵检测系统.计算机工程与应用.2002(9).
[17] 姜梅,丁秋林.一种基于生物免疫系统的计算机抗病毒新技术.计算机应用研究.2001(6)
[18] 张彦超等.一种基于免疫原理的网络入仪检测模型.计算机工程与应用.2002(10).
[19] F. Cohen. Computer Viruses: Theory and Experiments. Computers & Security, 1987,pp.22-35.
[20] 中华人民共和国计算机信息系统安全保护条例.http://www.china.org.cn/chinese/zhuanti/198455.htm.1994.
[21] Anti-Phishing Working Group. http://www.antiphishing.org/.
[22] Peter Szor. The Art of Computer Virus Research and Defense, Pearson Education, 2005.
[23] F. Cohen. Computer Viruses. Ph.D. Thesis. University of Southern California, 1986.
[24] 何江安等.计算机病毒防治使用教程.清华大学出版社.1990.
[25] 程胜利等.计算机病毒及其防治技术.清华大学出版社.2004.
[26] Dr. Vesselin Bontchev. Methodology of Computer Anti-Virus Research. University of Hamburg, Dissertation. 1998.
[27] Dr. Harold Highland. A Macro Virus. Computers & Security, 1989, pp. 178-188.
[28] Roger Riordan. Polysearch: An Extremely Fast Parallel Search Algorithm. Computer Virus and security Conference. 1992,pp.631-640.
[29] Frans Veldman. Why Do We Need Heuristics? Virus Bulletin Conference. 1995
[30] Eugene Kaspersky. Personal communication. 1997
[31] Dr. Igor Muttik. Personal communication. 2001
[32] 莫宏伟等.人工免疫系统:一个新兴的交叉学科.计算机工程与科学.2004,26(5):70-73.
[33] 吴敏毓,刘恭柏.医学免疫学.中国科学技术大学出版社.
[34] 李涛.计算机免疫学.北京:电子工业出版社.2004.
[35] 郭振河.基于人工免疫的计算机免疫技术研究.中国科学技术大学博士学位论文.2004
[36] 莫宏伟.人工免疫系统原理与应用.哈尔工业大学出版社.2002.
[37] Ishiguro A, Ichikawa S, Uchikawa Y. A gait acquisition of a 6-legged robot using immune networks. In: Proc IEEE/RSJ/GI International Conference on Intelligent Robots and Systems, Munich, Germany, 1994, 2: 1-34-1-41.
[38] Takahashi K, Yamada T. Application of an Immune Feedback Controller for Controlling Mechanical Systems. JSME International Joumal, Series C, 1998, 41 (2): 184-191.
[39] J.O. Kephart. A biologically inspired immune system for computers. Proc. of the 4th International Workshop on the Synthesis and Simulation of Living Systems. MIT Press, 1994.
[40] S. Hofmeyr. An Immunological Model of Distributed Detection and its Application to Computer Security. Ph.D. dissertation, Univ. New Mexico, 1999.
[41] 张汉亭,计算机病毒与反病毒技术,清华大学出版社,1996.
[42] S. R White, M. Swimmer, E. J. Pring, W, C. Arnold, D. M. Chess, J. F. Morar. Anatomy of a commercial-grade immune system. IBM Thomas J. Watson Research Center, Yorktown Heights, New York, USA, 2000.
[43] 陆阳等,计算机免疫系统的实现利分析,计算机工程,2003.5.
[44] 景岩等,基于文件指纹的病毒免疫系统设计,河南科技,2005.9.
[45] 汪朝霞.基于系统调用的计算机免疫系统.武汉大学硕士学位论文.2002.p26.
[46] 孙勇智.人工免疫系统模型、算法及其应用研究.浙江大学博士学位论文.2004.
[47] 届建平.基于免疫机制的快速异常检测算法.中国科技大学硕士学何论文.2005.
[48] 张楠等.一种改进的计算机免疫模型.西南民族大学学报(自然科学版).2005.3.
[49] 罗雪峰.计算机免疫系统中识别器的改进.计算机工程.2004.9.
[50] 张海峰等.计算机免疫识别规则的演化挖掘.计算机工程.2001.11.