Advertisement

Detecting Malicious Codes by the Presence of Their “Gene of Self-replication”

  • Victor A. Skormin
  • Douglas H. Summerville
  • James S. Moronski
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2776)

Abstract

A high percentage of information attacks are perpetrated by deploying computer viruses and worms, which result in very costly and destructive “epidemics”. Spread of malicious codes is achieved by the built-in ability to self-replicate through the Internet and computer media. Since most legitimate codes do not self-replicate, and the number of ways to achieve self-replication is limited to the order of fifty, the detection of malicious codes could be reduced to the detection of the “gene of self-replication” in the code in question. This paper present the analysis of the self-replication mechanism of one of the recent computer viruses and discusses the ways to detect the ability of a computer code to self-replicate before the execution.

Keywords

Kernel Mode Malicious Code Computer Virus Target Computer Viral Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Skormin, V.: A Biological Approach to System Information Security (BASIS). A New Paradigm in Autonomic Information Assurance. CONTRACT #30602-01-0509. Report to the AFRL at Rome NY. Binghamton NY (2002)Google Scholar
  2. 2.
    Leitold, F.: Mathematical Model of Computer Viruses. In: EICAR 2000 Best Paper Proceedings, pp. 194–217 (2000)Google Scholar
  3. 3.
    Skormin, V., Summerville, D., Moronski, J., Sidoran, J.: Application of Genetic Optimization and Statistical Analysis for Detecting Attacks on a Computer Network. In: Proceedings of the Real-time Intrusion Detection NATO Symposium, Lisbon, Portugal, May 27–29 (2002)Google Scholar
  4. 4.
    Tarakanov, A.O., Skormin, V.A., Sokolova, S.P.: Immunocomputing. In: Principles and Applications. Springer, New York (2003)Google Scholar
  5. 5.
    Drosnin, M.: The Bible Code. Simon & Schuster, New York (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Victor A. Skormin
    • 1
  • Douglas H. Summerville
    • 1
  • James S. Moronski
    • 1
  1. 1.Electrical and Computer Engineering Watson SchoolBinghamton UniversityBinghamtonUSA

Personalised recommendations