International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)

Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com

Volume 3, Issue 2, March April 2014 ISSN 2278-6856


Volume 3, Issue 2 March April 2014 Page 68


Abstract: As computer viruses accumulate intelligence and
continuously change their signature, they simulate the act of
biological viruses. Based on the biological immunity system,
this paper aims to implement an algorithm that utilizes the
concept of artificial immune system in the computer viruses
field. The virus evolution concept achieved by the biological
clonal selection process is incorporated in an algorithm that
anticipates computer virus evolution and works to detect any
virus signature modification prior to eliminate it. This
algorithm is based on CLONALG algorithm and will be
termed computer virus clonal detection CVCD algorithm.
Preliminary experimental calculations were promising and
resulted into detection rate of over 95%, however, more
investigation is underway to improve the detection process
and get satisfactory results.

Keywords: CLONALG, Clonal Selection Algorithm,
Artificial Immune System; Anti-Virus programs,
Computer Virus.

1. INTRODUCTION
A computer virus simply can be defined as a program that
makes copies of itself using a host computer besides many
annoying purposes ranges from consuming excess of
memory space, showing some funny and peculiar actions
up to resulting into serious temporary or permanent
damage to the system [1]. To complete its action,
computer virus life cycle passes through three distinct
stages; enters the host system and locates a receptive
home, reproduces itself within the system, and gets
activated to perform the task for which it was designed.
Malicious code is any code that adds changes or removes
parts from a software system in order to intentionally
cause harm or subvert the intended function. To stop or
remove computer viruses, lots of efforts has been spent in
developing antivirus software, which are the concern in
this paper.

The typical antivirus approach consists of the following
steps; waiting for a number of computers to be infected,
detecting the virus, designing a solution, and delivering
and deploying the solution as summarized in fig 1.
In such situation, it is extremely difficult to prevent every
machine from being compromised by virus [2]. Moreover,
detection methods using antivirus inherently experiences
serious and fatal drawbacks as they are only effective
against known viruses but not evolutionary or new
viruses, tend to take a noticeable amount of time to scan a
system or networks for the patterns, and require frequent
virus pattern database updates.

Fig (1) Typical antivirus approach

2. ARTIFICIAL IMMUNE SYSTEMS
Artificial Immune systems are the new technique based
on the metaphoric concept of the biological inspired
computation that relies on the experimental knowledge of
the vertebrate immune system [3, 4]. It is one of the
biological processes to destroy or prevent the disease in
the body. The immune system is known to be adaptive in
terms of function and all the features are used for solving
problems faced in the field of artificial intelligence.
Basically an immune system has the following properties.
1) Detection: Identification takes place in an immune
system when the infective fragment and sensory receptor
on lymph cell surface is bonded chemically.
2) Diversity: Identification in an immune system is
related to non-self bodies of the organism, thus the
immune system has a number of sensory receptor, out of
which some of the lymph cells will react with the foreign
organism.
3) Learning: An immune system has the capability of
detecting and eliminating the foreign organism as soon as
possible from the human body. This principle allows the
lymphocytes to find out and adjust themselves to specific
foreign protein structure. It is done by the B-cells.
4) Tolerance: The particles which mark themselves as self
bodies are contained in the chromosomal section [5].

3. CLONAL SELECTION THEORY AND
ALGORITHM
3.1 Clonal Selection Theory
The basic function of biological immune system is to
prevent and/or eradicate infections. It identifies foreign
entities and responds to protect the body from their harm.
Immunity can be classified into two types; innate that
mediates initial infection (represented by the skin and
physiological conditions) and acquired which develops
more slowly and mediates the later, even more effective,
defense against infections. The clonal selection theory
which is proposed by Burnet [6] was inspired by the
acquired immunity and it diversifies the antibodies to
shield the organs from disease attack. This theory is used
to explain basic response of adaptive immune system to
antigenic stimulus. It establishes the idea that only those
cells capable of recognizing an antigen will proliferate
while other cells are selected against it. Clonal selection
Computer Virus Detection Based on Artificial
Immunity Concept

Hamza A. ali
1
and Duaa Jawad Hussain
2

1
Faculty of Information Technology, Isra University, Queen Alia Airport Road, Amman, J ordan
2
College of Engineering, University of Basrah, Garmet Ali, Basrah, Iraq.
International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 2, March April 2014 ISSN 2278-6856


Volume 3, Issue 2 March April 2014 Page 69


operates on both B and T cells. B cells, when their
antibodies bind with an antigen, are activated and
differentiated into plasma or memory cells. Prior to
this process, clones of B cells are produced and undergo
somatic hyper mutation. As a result, diversity is
introduced into the B cell population. Plasma cells
produce antigen-specific antibodies that work against
antigen [7].

3.2 The Clonal Selection Algorithm
The main computational mechanisms for the clonal
selection algorithm proposed by de Castro & Von Zuben
[8] are selection and mutation. This algorithm mimics
biological immune system in its operation and these two
mechanisms were fulfilled by the property of relating the
proliferation and mutation rates for cells to their affinity.
They named this algorithm as CLONALG with an
illustrating block diagram as shown in fig. 2. Therefore,
the clonal selection algorithm is a general-purpose
artificial immune algorithm, based on the clonal selection
theory in the human immune system. It is capable of
solving problems in various areas of research such as
pattern-recognition, machine-learning and optimization
[8].

Fig 2. Block diagram of CLONALG [8].

CLONALG is a recursive algorithm that starts with
initialization process where an initial random population
of antibodies (Abs) is created. Then the affinity for each
antigen (Ag) is calculated, Cloning is performed to select
number n of Abs (those with highest affinity, where
number of clones is related to the affinity), these clones
are mutated and their affinities are recalculated next.
Then, a certain number of clones that have the highest
affinity are re-selected to be added to the antibodies
population (Abs) in order to replace those with lowest
affinity.

4. RELATED WORKS
As stated by Burnet [6], the clonal selection theory is a
general purpose artificial immune one capable of solving
problems in various areas of research such as pattern
recognition, machine learning and optimization. Castro
and Zuben [8] proposed the CLONALG algorithm for
learning and optimization. It generates a population of N
antibodies; each specifies a random solution for the
optimization process. During each iteration, few
antibodies with highest fitness are selected, cloned and
mutated in order to construct a new candidate population.
Then Castro and Timmis [3] work in 2002 introduced
AIS as computational intelligence paradigm to perform
pattern recognition. They reviewed three classes of
artificial immune system algorithms to perform pattern
recognition; namely clonal selection, negative selection,
and immune network models. Clonal selection algorithm
learnt to recognize patterns through an evolutionary like
procedure.
In 2005, Brownlee J. work [9] focused on the CLONALG
algorithm, specifically the techniques history, previous
research and algorithm function. In addition, this work
borrowed some desirable elements from CLONALG
implementations and devised and tested a clonal selection
based classification algorithm, CSCA.
Li L. et.al. in 2005 [10] proposed clonal selection theory
which is used in security optimization. The selection
operators are used for finding quick and accurate optimal
solution.
Campels et. al. in 2005 [11] proposed a Real-Coded
Clonal Selection Algorithm (RCSA) for electromagnetic
design optimization. It suggests some modifications to the
clonal selection algorithm to enable the treatment of real
valued variables for optimization problems.
Cutello et. al. in 2005 [12] an immunological algorithm is
introduced for continuous global optimization problems
named OPT-IA. The main feature of the proposed
algorithm was cloning operator that explores the
neighborhood at each point within the search space and
the inversely proportional hyper mutation operator used
in the algorithm. Besides, the aging operator is used to
remove the oldest candidate solution from the current
populations in order to introduce diversity and avoid local
minima during the search process.
Also, based on the concept of Immunodominance and
Antibody Clonal Selection JIAO L. et. al. in 2005 [13]
proposed a new artificial immune system algorithm,
Immune Dominance Clonal Multi-objective Algorithm
(IDCMA).
Gao X.Z. et. al. in 2008 [14] propose a novel optimization
scheme: CSADE. Differential evaluation DE is
employed to improve the affinities of the clones of the
antibodies (Abs) in the Clonal selection algorithm.
Mara C. R. et. al. in 2010 [15] introduced a new
parameter control strategy for CLONALG in order to
control the population size of clones according to the
problem at hand. Afaneh S. in 2010 [16] proposed virus
detection clonal algorithm using AIS with genetic
algorithm.
Chan F. et. al. in 2013 [17] proposed an Artificial
Immune System based approach for anomaly based
network intrusion detection system.

International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 2, March April 2014 ISSN 2278-6856


Volume 3, Issue 2 March April 2014 Page 70


5. THE CVCD ALGORITHM
An algorithm that implements the clonal selection
concept which is inspired by the principles of CLONALG
is adopted in this work. It is a virus clonal selection
prototype algorithm that aims to detect and eliminate
computer viruses and will be referred to as computer virus
clonal detection (CVCD) algorithm. The designing and
implementation of this algorithm was done under the
concept of the artificial immune system that simulates
biological immunity system action. It consists of the
following main activities; cloning, mutation and
reselection. It is illustrated in the road map shown in fig
3.
The algorithm starts with the set of viruses and their
signatures that were available which were downloaded
from VX Heaven website. The algorithm invokes the
process by creating virus clones first and infects some
already selected benign files with these virus clones.
Various file piles were arranged that have combinations
of different percentage of benign and infected files. These
piles were then used for testing the algorithm for virus
identification and elimination using the proposed CVCD
algorithm.

5.1 Creation of data
A program is written in MALAB to perform the proposed
CVCD algorithm whose road map is shown in fig 3. A
data base of viruses and uninfected files is first prepared.
They are organized in two pile sets; file pile set that
consists of file_name and file_content of benign files and
virus set that consists of virus name (V_name) and
signature (V_sig). Any field is addressed by simply using
the notation virus_file.name or virus_file.sig,
respectively. This structure is saved in a file named
virus_file.mat. It can be loaded using the command load
virus_file.mat. Any field can be addressed afterward by
its index for example; virus_file (3).v_name means the
third name, i.e. third row of the virus list. This virus file
will be used only at the commencement of algorithm
execution as it will be updated in later generations.
Similarly, the file pile sets is also created as a data base
structure in the same manner as the virus set.
Copies of benign files were infected with viruses from the
updated virus list, then five piles of data sets are prepared,
each set consists of 40 program files, each with different
percentage of benign and infected files. In this prototype,
the percentage of infected files was 0, 25, 50 75 and
100%. This data set is used in the learning and testing
phase of the CVCD algorithm.

5.2 The program
After loading the virus pile set, all parameters that will be
used in this program are initialized. These parameters are
the selected number of copies in each virus clone
(multiplication Factor) f, size of virus file N, hyper
mutation probability Pm (0 to 1), fitness multiplication
factor (value taken is 10), and generation limit
adopted Gen_limit.
The program then proceeds with the following steps
which include virus cloning, sorting, mutation, adjusting
fitness, loading and matching the files and finally
reselecting viruses, as shown in the following steps:
i. Load virus file: The virus set is loaded first, and a
fitness factor F is randomly generated for each virus
within a certain range, and then viruses with highest
fitness were selected. The range of the fitness may be
selected freely.

ii. Initialization: Parameters; f, N, Pm, , and Gen_limit
are initialized.
Note: values given to these parameters are decided
according to programming convenience. However, this
paper will list results of CVCD algorithm investigation
for the following two cases:
Case 1; Gen =1, f =0.2 & Pm=0.6, and
Case 2; Gen=5 then f =0.5 & Pm=0.8.





















Fig 3. Road map of the VCSA

iii. Cloning: Cloning process is done only to a convenient
portion of the virus file, in order not to have large number
of viruses resulting into long time of execution. Therefore
only half of the virus file pile is cloned. This is achieved
by sorting the fitness in descending order and choosing
the upper half that has the highest fitness as they are
more likely to spread. The number of clones was chosen
as a fraction of the number of viruses, where number of
clones =f *N.

iv. Mutation: A random changes to one character in the
virus signature is made. This was achieved by generating
random vector M, whose value is decided according to the
value of a generated random number, RD which is
between 0 & 1. Mutation occurs if RD is greater than a
pre-defined permutation probability factor (Pm),
i- Load virus file:
l oad ( ' vi r us_f i l e. mat ' ) ;
ii- Initialization:
f =0. 2;
Pm=0. 6;
Del t a=10;
Gen_l i mi t =1;
Gen=0;
whi l e Gen < Gen_l i mi t
N=si ze( vi r us_dat a, 1) ;
Hal f _Num= f l oor ( N/ 2) ;
I t er _i t ems=f *N;
iii- Cloning:
Pop_Tab = cr eat e_pop
( vi r us_dat a, Hal f _Num, I t er _i t ems) ;
Sor t i ng:
Pop_Tab= sor t o( Pop_Tab) ;
iv- Mutation:
NPop_Tab= mut e( Pop_Tab, Pm) ;
v- Adjusting fitness
Pop_Fi t =Fi t assess( NPop_Tab) ;
vi- Loading and matching
l oad ( ' f i l e_pool . mat ' ) ;
Fi l o=f i l e_pool ;
Pop_Fi t Fi l =Fi t AssFi l es( Pop_Fi t , Fi l o, Del t a)
vii- Reselection
vi r us_dat a =appendPop( Pop_Fi t Fi l , vi r us_dat a) ;
Gen=Gen+1;
end
save ' newvi r us_f i l e. mat ' vi r us_dat a

International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 2, March April 2014 ISSN 2278-6856


Volume 3, Issue 2 March April 2014 Page 71


otherwise no mutation occurs (V=1: mutation occur, V=0:
no mutation).

v. Adjusting fitness: Fitness will change if there is
mutation; therefore, a vector is randomly generated to
all virus clones with values that adjust the fitness if there
is a mutation. Parameter has the values -1, 0, or 1.
Hence, the fitness either increment, decrement or stay
unchanged, i.e. the adjusted fitness F* is be calculated by:

F* = F+ . . . . . . . (1)

vi. Loading and matching: The file piles of the created
data sets will be used here. One file pile will be loaded
each time. Each file pile under consideration is loaded,
and then matched with the virus signature of the current
virus file set (i.e. the update virus file set). It must be
noted that different file pools contain different
percentages of infected and benign files.

Once a match for a virus is found, the virus fitness is
adjusted by adding a pre-selected value called ( is
chosen to have a reasonable high value in order to give
the detection process higher weight than mutation
process), therefore the final fitness FF is calculated as:

FF=F*+ if match occurs, else FF=F* . . . (2)

vii. Reselection: Let FF
n
be the fitness of each virus
normalized to the maximum final fitness value for all
viruses. Then if FF
n
is >, then this virus is selected in a
new list otherwise it is ignored. Where is a pre-defined
threshold which is randomly generated in the range of 0.6
to 1 according to the following equation:

=0.6+rand ( )*(1-0.6) . . . . (3)

The selected viruses is sorted in descending order
according to the final fitness and only a limited number of
them, namely those with the highest fitness will be
reselected and added to update the virus file set which
will be used in the next iteration. This process is adopted
in order to limit the number of viruses in the virus list.

6. IMPLEMENTATION
In order to limit the viruses' population to a reasonable
number in the experiment under consideration, only half
of the initial virus population list is considered (those
with highest fitness). The initial fitness F is randomly
generated in the range 5 to 100. Hence, the number of
clones for each virus is created which is a fraction f of N.
For example if N =20 for the first generation and f =0.2
then number of clones =f *N =4 clones. After each
generation only limited number of new clones with
highest fitness is selected and added to the virus list, (it
was 10 clones in this work). Table 1 displays the selected
10 viruses for cloning, together with their signatures and
initial fitness. Hence, the creation of 4 clones for each
virus will result into 40 viruses, as shown in table 2.

Table 1. The selected initial virus list




















Table 2. The initial list of four clones for each virus.


























Now the virus signatures of table 2 are mutated according
to the process illustrated in section 4.2.iv. Mutation
occurs when V = 1, therefore a modification factor
(either 1, 0 or -1) is generated and added to the clone
fitness after each iteration by equation 1. At this point,
the prepared data files are loaded to the program and each
file is matched with the virus signature list. When a
SN
1

2

3

4

5

6

7

8

9

10
Virus name
Backdoor.DOS.Spy
dor.13';
'Backdoor.FreeBSD
.Rooter.a';
'Backdoor.J S.Agent
.a';
'Backdoor.MySQL.
Blobdll.a';
'Backdoor.PHP.By
Pass.a';
'Backdoor.PHP.NF
Mshell.c';
'Constructor.Multi.
Viplus';
'Constructor.Perl.D
AV.a';
'Constructor.Perl.M
achd.a';
'Email-Flooder.
BAT.Prob.10';
Virus signature
'ca6cb8bd15d5dd21a0c889434fbdb36928d67f9375f459d0d
b0861e7867449234ad2d60d 11990';
'140a8885d33d86830c12cb421f31d8a29bbe80abdf629ae8eb
697ad8fcb18d76fafe7791 5092';
'ba01fb17ed3ed17cdd1942bec9723cf3f96ab8f3f8785129356
fa1387381d5b85572df4e7277';
'92340d558ad812643c9887a77789c1ab1316d02876c6785f0
8fe2dcc444ae130f423415581301';
'638bc43a0adc97d703d52e6407fd0ce28b68b274eaa8f44d948
6e4603aebea6790c9a5ad 36303';
'acdbba993a5a4186fd864c5e4ea0ba4f192ed9aed35b46a073c
34071a5a6823af1f82a1f 122250';
'54758e9813d0cfd998f551116f3ca82914342c53f93949e216c0
fcf9022c1c82d8b54a4c 4720';
'90182adc91ea436308b8ccc3a777e10c4781805eb6c7d23a932
73c255ba87ea7853921249839';
'9367d81a2ee78d6b607a783e8d386df58f6673380eb8fc3f4e8
54abc2ce4fd87f571b78d 5976';
'92140da56ed9087e4d9e0bcb897c60ef56e746f9bf35b3d98fe
e685cc275e6c55f74bc021466';
Fitness
81

90

16

91

64

13

30

56

95

96
SN
1

2

3

4

5

6

7

8
.
.

37

38

39

40
Virus name
Backdoor.DOS.
Spydor.13';






'Backdoor.Free
BSD.Rooter.a'



.
.



'Email-Flooder.
BAT.Prob.10';
Virus signature
'ca6cb8bd15d5dd21a0c889434fbdb36928d67f9375f459d0db0861
e7867449234ad2d60d 11990';
'ca6cb8bd15d5dd21a0c889434fbdb36928d67f9375f459d0db0861
e7867449234ad2d60d 11990';
'ca6cb8bd15d5dd21a0c889434fbdb36928d67f9375f459d0db0861
e7867449234ad2d60d 11990';
'ca6cb8bd15d5dd21a0c889434fbdb36928d67f9375f459d0db0861
e7867449234ad2d60d 11990';
'140a8885d33d86830c12cb421f31d8a29bbe80abdf629ae8eb697ad
8fcb18d76fafe7791 5092';
'140a8885d33d86830c12cb421f31d8a29bbe80abdf629ae8eb697ad
8fcb18d76fafe7791 5092';
'140a8885d33d86830c12cb421f31d8a29bbe80abdf629ae8eb697ad
8fcb18d76fafe7791 5092';
'140a8885d33d86830c12cb421f31d8a29bbe80abdf629ae8eb697ad
8fcb18d76fafe7791 5092';
.
.
'92140da56ed9087e4d9e0bcb897c60ef56e746f9bf35b3d98fee685c
c275e6c55f74bc021466';
'92140da56ed9087e4d9e0bcb897c60ef56e746f9bf35b3d98fee685c
c275e6c55f74bc021466';
'92140da56ed9087e4d9e0bcb897c60ef56e746f9bf35b3d98fee685c
c275e6c55f74bc021466';
'92140da56ed9087e4d9e0bcb897c60ef56e746f9bf35b3d98fee685c
c275e6c55f74bc021466';
Fitness
81

81

81

81

90

90

90

90
.
.

96

96

96

96

International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 2, March April 2014 ISSN 2278-6856


Volume 3, Issue 2 March April 2014 Page 72


match occurs, the fitness is modifies with a certain value
called according to equation 2, otherwise it stays
unchanged. The value of may be chosen suitably large
in order to distinguish infected files clearly.
Finally, after each iteration, the maximum fitness of the
obtained virus list is determined and normalized to this
maximum value for all elements. This value is compared
with a predetermined threshold value determined by
equation 3 in order to decide whether to add this clone to
the virus list for the next generation or ignore it.

7. RESULTS AND DISCUSSION
Various values for the used parameter combinations;
namely f, N, Pm, , and number of generations were
experimented with for the CVCD algorithm, however the
results for one representative combination will be sown
here, namely for Gen=5, f=0.5 and Pm=0.8. This study
will be carried for the five file piles under consideration.
The percentages of infected files in these piles were taken
for five cases as 0%, 25%, 50%, 75% and 100%. The
calculated final fitness by the CVCD algorithm is plotted
against the initial fitness for these file piles as shown in
fig 4. Any spike in the fitness curves means a detection of
file infection.
An example of tables showing the values for the involved
parameters in this research; initial fitness F, modifying
parameters V, , and the final fitness FF for the viruses
under consideration for one case is included illustrated in
table 3. It is for the case of number of generation =5,
multiplication factor f =0.5 and mutation probability Pm
=0.8.






Fig 4. Fitness calculations for different virus infection
percentages (keeping Gen=5, f=0.5 and Pm=0.8).

Table 3. The parameters variations for the case of 50%
infected files, (Gen=5, f=0.5 and Pm=0.8)













No
1
2
3
4
5
.
.
675
676
F
99
99
98
98
98
.
.
4
4
V
99
99
98
98
98
.
.
4
4

0
-1
1
-1
0
.
.
-1
0
F*
99
98
99
97
98
.
.
3
4

0
0
0
0
10
.
.
0
0
FF
99
98
99
97
108
.
.
3
4
International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 2, March April 2014 ISSN 2278-6856


Volume 3, Issue 2 March April 2014 Page 73


After the run of the CVCD algorithm for each file pile,
the algorithm finds that few viruses have normalized
fitness more than the threshold value and therefore these
clones will be added to the virus list for next generation.
For example, in the case shown here, the number of
added clones in the different generation varies and the
updated virus list becomes 31, 35, 46, 49 and 49,
respectively. It must be noted also that there might be no
virus addition to the virus list in case all normalized
fitness values were below threshold.

Finally, CVCD algorithm is run for different number of
generation for certain values of other parameters (Pm and
f) would give a fair comparison for virus detection. The
detection rate may be calculated as the ratio of number of
detected virus signature to the number of infected files
Calculating the virus detection rate for different number
of generations using Pm=0.6 and f =0.2 for the file piles
under consideration, the results obtained are listed in
table 4 for Gen =1, 5 and 20 generations. It can be seen
clearly that the detection rate improves as the number of
generations increases. The optimum value of the
detection rate would be 100% which means that the
algorithm detects all virus clones correctly, however this
is rarely applicable because of the randomness of the
mutation process.

It can be added that some False Positive cases are possible
and clearly detected in the conducted experiments.

Table 4 Detection rate calculation














It must be noted here that each iteration adds up new
virus clones to the virus list and it is referred to as
generation. The number of added clones in the reselection
process for each generation may vary from one run to
another and from a set of selected parameters to another.
This is due to nature of cloning process.

8. CONCLUSIONS
The CVCD algorithm of this paper is based on
CLONALG concept that was originally developed by
Castro and Zuben and employed for detection of computer
viruses. It is stemmed from the fact that computer viruses
might experience mutation in a manner similar to
biological viruses. Therefore, it designed to look for
expected virus clones in the computer programs in order
to identify and eliminate.
The algorithm involves a lot of parameters such as virus
fitness, number of virus generations, number of infected
files considered, mutation probability and the number of
clones for each virus considered. However, it strongly
relies on clone fitness value for detection.
Moreover, CVCD algorithm has ability to assist in
creating new virus clones in order to build and expand
virus data base with expected or anticipated viruses that
might be created in the future. This is achieved by the
mutation process.
It is found that the virus detection rate improves as the
number of generations increased as expected. The results
obtained for detection and elimination of virus clones
were satisfactory to the researcher concern.

References
[1] Filiol E., Computer viruses: from theory to
applications, Springer-Verlag France 2005.
[2] Essam, Iqbal H. Jebriland B. Zaqaibeh, Computer
Virus Strategies and Detection Methods, Int. J.
Open Problems Compt. Math., vol. 1, no. 2,
September 2008.
[3] Castro L. and Timmis J., Artificial Immune
Systems: A Novel Paradigm to Pattern Recognition,
University of Paisley, UK, PP 67-84, 2002.
[4] Leandro N. de Castro and Jonathan Timmis,
Artificial Immune Systems: A New Computational
Intelligence Approach, New York: Springer,
London, 2002.
[5] Schmidt J.R., Immune System for Virus Detection
and Elimination, IMM-THESIS-2002-08-31, PP 18.
[6] Burnet F.M., The Clonal Selection Theory of
Acquired Immunity, Cambridge University Press,
1959.
[7] U.S. Department of Hearlth and Human Services
National Institute of Health, Understanding the
Immune System How It works, National Institute of
Allergy and Infectious Diseases National Cancer
Institute, NIH Publication No. 03-5423, September
2003.
[8] Castro L. de and Zuben F., Learning and
Optimization Using the Clonal Selection Principle
IEEE Transactions on Evolutionary Computation,
vol. 6, no. 3, PP 239-251, 2002.
[9] Brownlee J., Clonal Selection Theory &
CLONALG, The Clonal Selection Classification
Algorithm (CSCA), Centre for Intelligent Systems
and Complex Processes (CISCP) Faculty of
Information & Communication Technologies (ICT)
Swinburne, University of Technology (SUT), January
2005.
[10] Li L., Gong T., Guo C. and Gong X., Improving
Clonal Selection Algorithm in Security
Optimization, Engineering Research Center of
percentage of
infected files
Detection rate (%), Pm =0.6 , f =0.2
Gen =1 Gen =5 Gen =20
0 100 100 100
25 80 85 88
50 70 77 85.5
75 53.3 60.3 80
100 35 45 69.5
Average 67.66 73.46 84.6
International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 2, March April 2014 ISSN 2278-6856


Volume 3, Issue 2 March April 2014 Page 74


Digitized Textile & Fashion Technology, Ministry of
Education, Donghua University, Shanghai 201620,
China.
[11] Campelo F., Guimaraes F., Igarashi H.and Ramirez
J., A Clonal Selection Algorithm for Optimization
in Electromagnetics. IEEE Transactions on
Magnetics, vol. 41, no. 5, 2005.
[12] Cutello V., Narzisi G., Nicosia G., and Pavone M.,
An Immunological Algorithm for Global Numerical
Optimization, Artificial Evolution: 7th Int.
Conference, Evolution Artificielle, Lille, France,
Springer, LNCS 3871:284-295, October 26-28,
2005..
[13] JIAO L., GONG M., SHANG R., DU H., and LU B.,
Clonal Selection with Immune Dominance and
Anergy Based Multiobjective Optimization. 3rd
international conference on Evolutionary Muti-
Criteria Optimization, Guanajuato, Mexico 9-11
March 2005, P474-489.
[14] Gao X.Z. , X. Wang and S.J. Ovaska, Fusion of
clonal selection algorithm and differential evolution
method in training cascadecorrelation neural
network, 5 April 2008.
[15] Riff1 M., Montero E. and Neveu B., C-Strategy: A
Dynamic Adaptive Strategy for the CLONALG
Algorithm, Springer-Verlag Berlin Heidelberg, PP
4155, 2010.
[16] Afaneh S., Virus Detection and Elimination using
Artificial Immune System with Genetic Algorithm,
PhD. Thesis, College of Computer Science and
Informatics, Amman Arab University, Jordan, 2010.
[17] Chan F., Prakash A., R.K. Tibrewal, and M.K.
Tiwari, Clonal Selection Approach for Network
Intrusion Detection, rd International Conference on
Intelligent Computational Systems (ICICS'2013),
Singapore, April 29-30, 2013.


AUTHOR
Hamza A. Ali is currently a professor at the
College of Engineering, University of Basrah,
(Iraq). He got his B.Sc.in 1968 fromBasrah
University, M.Sc. and Ph.D. in 1973 and 1977
respectively, from The University of London, UK. He
worked as associate professor at various universities such
as Basrah University (Iraq), Zarqa University and Isra
University (Jordan), visiting professor at University of
Aizu (Japan). His research interests include Cryptography,
Cryptography, Information and Computer Network
Security, Artificial Intelligence and Neural Networks.

Duaa Jawad Hussain is currently an M.Sc.
student at the College of Engineering,
University of Basrah, Iraq. She is expected to
get M.Sc. degree in April 2014. She received
her B.Sc. degree in Computer Engineering from the same
university in 2010. Her main interest is in Artificial
Intelligence, Information Security and Computer Viruses
detection and elimination.