关键词: 危险理论，反向选择，免疫记忆，树突状细胞，T细胞，蠕虫检测

Abstract: As most of existing worm detection methods have a number of significant hurdles to overcome in order to employ such actions as blocking unsecure ports, breaking communication between infected and non-infected hosts to slow down worm propagation and minimize potential damage. The most noteworthy obstacle is the high false positive rate problem. A recently developed hypothesis in immunology, the Danger Theory, states that our immune system responds to the presence of intruders through sensing molecules belonging to those invaders, plus signals generated by the host indicating danger and damage. Inspired by the theory,the paper proposed an artificial immune model for worm detection. The model considers the cooperation of Dendritic Cells (DCs) in the innate immune system and T cells in the adaptive immune system, in which system calls comprising a process generated can be viewed as antigens and the corresponding behavioral information of the system and network can be viewed as signals. The theory analysis shows that the dual detection method of DCs detecting the behavioral information caused by antigens and T cells detecting antigens can decrease false positive rate, and the model also has a fast secondary response to the rcinfection by the same or similar worm.

Key words: Danger theory, Negative selection, Immune memory, Dendritic cells (DCs) , T cells, Worm detection