The Method of Classified Danger Sensed for Windows Process Intrusion Detection

Once the computer system is intruded, the change from normal to abnormal is a gradual procedure. Setting up a calculating model based on Danger Theory for danger signal during the procedure will improve the accuracy and efficiency of Artificial Immune System (AIS) greatly. In this paper, the method of classified danger sensed (MCDS) for Windows process intrusion detection based on Danger Theory is proposed. This method divides the process's behavior parameters into two types: numeric and non-numeric types, using the function's difference and correlation coefficient to analyze the rule and relevance of numeric parameters' change, and evaluating the degree of danger of non-numeric parameters by analyzing the danger level and Time Relationship(TR) of data. Based on these methods, we establish calculating models of numeric and non-numeric danger signals separately, finally give the definition and calculating method of "Danger Degree".