A Constructive Induction Approach to Computer Immunology
AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH SCHOOL OF ENGINEERING
Pagination or Media Count:
With the increasing birth rate of new viruses and the rise in interconnectivity and interoperability among computers, the burden of detecting and destroying computer viruses is severe. This research integrated four domains computer virus detection, human immunology, computer immunology and an automated form of machine learning called constructive induction. First, a Computer Health System, based on the public health system, was defined to improve the global approach to computer virus protection. Second, a computer immune model, based on the human immune system, was defined to improve the local approach to virus detection. Third, the detection component of this computer immune model was developed, represented by the prototype MERCURY. This model utilized constructive induction, capturing the human immune characteristics of detection, self-adaptation and memory. The results of analyzing MERCURY demonstrate a lack of representational power of computer virus byte patterns using selective induction. Therefore, constructive induction is needed to provide new, potentially powerful, and often necessary representations. However, the results confirmed constructive inductions main deficiency, the explosion in the number of hypotheses generated. The effects of this deficiency can be improved by utilizing key pieces of knowledge to guide construction. Process optimization through statistical techniques provides insight into this knowledge.
- Computer Systems Management and Standards