Artificial Immune Clonal Selection Classification Algorithms for Classifying Malware and Benign Processes Using API Call Sequences

Machine learning is an important field of artificial intelligence in which models are generated by extracting rules and functions from large datasets. Machine learning includes a diversity of methods and algorithms such as decision trees, lazy learning, knearest neighbors, Bayesian methods, Gaussian processes, artificial neural networks, support vector machines, kernel algorithms, and artificial immune systems (AIS). AIS are computation tools that emulate processes and mechanisms of the biological immune system. AIS use the learning, memory, and optimization capabilities of the immune system to develop computational algorithms for function optimization, pattern recognition, novelty detection, and process control, and classification. There are four main sub fields of research that have emerged in AIS cantered on prominent immunological theories; negative selection algorithms, immune network algorithms, danger theory algorithms, and clonal selection algorithms. In this paper, we will analyze API call sequence of a process to classify it as benign or malicious. We have collected API call traces of real malware and benign processes running on Windows operating system. We will employ eight commonly used clonal selection algorithms: AIRS1, AIRS2, AIRS2 Parallel, CLONALG, CSCA, IMMUNOS-1, IMMUNOS -81, and IMMUNOS -99. We evaluate the accuracy of these algorithms for classifying between malware and benign processes using API call sequences.