The Numerical Differential Method Of Danger Theory In Computer Immune System

Computer immune system is a bionic intelligent computing method which using the characteristics of body’s immune system to solve practical problems. Its main objective is introducing the immune defense mechanism in organism into the information systems to solve the intelligent problems, especially which is about information security.Danger Theory is a new immune theory which was introduced into the computer immunology to overcome the problems of Self-Nonself (SNS) theory, such as high computational complexity and poor detection efficiency. The cause of these problems is that the SNS depends on the division of the "Self" and "Non-self".As the research of danger theory is still in the exploratory stage, many issues such as definition of danger signals and perception of danger state are lack of effective description method. It often dependent on experience, all of these not only reduced the intelligent and self-adaptive of danger theory, but also limited the development and application of it.To overcome these obstacles, this paper established a danger perception system which is based on the idea of change percept danger, and using numerical differential as the formal method. This framework is a simulation of immune system, reflecting the characteristics of self-adaptive, intelligent, and synergy inherent in the immune system. The paper completed the following work:1. This paper started from the essence of immune system which is protecting the body from infringement, achieving the physiological balance and maintain healthy. Based on this idea, this paper formed the thought that dangers originates in imbalance, imbalance due to changes. According to the thought, this paper defined various change factors in information system as danger signals, defined changes of balance status as danger. This thought did not depend on the prior knowledge and artificial experience, made the definition of danger signals and danger becomes more flexible, more intelligent and more in line with the body immune system’s work way.2. Based on the thinking that change bring out danger, this paper learned from the method which described variation of function in mathematics, systematically explained the application of numerical differential in definition of danger signals, analysis of balance, and perception of dangers. Using numerical differential as formalized means this paper established the description and perception system of change and dangers. Under this framework of the system, this paper described and analyzed the various change factors and their mutual relations in the problem space. It also portrayed the balance relations in information systems to determine whether these changes threaten the system security to tracing and locating the sources of dangers.3. Immune system is a multi-level, autonomous, distributed giant system. A variety of cells in the system operated independently and cooperated with each other, all the cells jointed together to achieve defense function. The danger perception system described in this paper simulated the structural features of immune system, created the multilayer structure contains immune body and immune center. In this architecture, immune body act as an independent immune cell, immune center realized the share of danger features and mutual transfer of danger signals. This formation make up the defense loopholes which caused by the differences in the ability of immune bodies. Utilizing swarm intelligence this architecture can achieve the precise positioning and tracking of the source of danger, and also effectively improve the security of the entire network.4. This paper using botnet which has typical latent characteristics as an example to verify the feasibility of this method. The experimental results show that using the introduced method can adaptively generate danger signals without any empirical knowledge. These danger signals are in a certain extent, embodies the characteristics of malicious behaviors. And verified the validity of the danger feature extraction method. Using this method, the danger characteristics can effectively express malicious behaviors, based on the danger characteristics it can improve the detection efficiency of similar malicious.