Skip to main content

Table 1 Parameters used for AIS and mAIS development

From: An artificial immunity approach to malware detection in a mobile platform

Parameter

Model

Description

Value/range

Number of malicious apps

AIS, mAIS

The number of malicious apps in our test set.

5

Number of benign apps

AIS, mAIS

The number of benign apps in our test set

5

Initial detector set

AIS, mAIS

Number of detectors randomly generated

1000

Width of detector

AIS, mAIS

The range for each interval during detector generation

1.0

Tao

AIS, mAIS

Number of standard deviations to add or subtract from the mean when detectors are split

1

rns

AIS, mAIS

The r value for the “non-self” identifying detector set

+GEFeS (1…100)a

−GEFeS (100…200)

rs

mAIS

The r value for the “self” identifying detector set

+GEFeS (1…100)a

−GEFeS (100…200)

Non-self detector set size

AIS, mAIS

The number of non-self mature detectors.

(1…40000)b

Self detector set size

mAIS

The number self mature detectors

(1…40000)b

Number of malicious apps detected

AIS, mAIS

Standard AIS: The number of malicious apps the mature detector set matched.

mAIS: the number of malicious apps our committee machine was able to successfully classify.

(0…5)

Number of benign apps detected

AIS, mAIS

Standard AIS: The number of benign apps the mature detector set did not match.

mAIS: The number of benign apps our committee machine was able to unsuccessfully classify.

(0…5)

Accuracy

AIS, mAIS

Percentage of correctly classified apps.

(0…100%)

True positive rate

AIS, mAIS

Percentage of malicious apps correctly classified as malicious

(0…100%)

True negative rate

AIS, mAIS

Percentage of benign apps correctly classified as benign

(0…100%)

False positive rate

AIS, mAIS

Percentage of classified benign apps incorrectly classified as malicious

(0…100%)

False negative rate

AIS, mAIS

Percentage of malicious apps incorrectly classified as benign

(0…100%)

  1. a+GEFeS denotes a variation that used GEFeS, −GEFeS denotes a variation that does not use GEFeS
  2. bThe maximum number for split detectors is 2 × n × d where n = training set size and d = initial detector set size. Therefore, 2 × 20 × 1000 = 40,000