Detecting Malicious Codes by the Presence of Their “Gene of Self-replication”
A high percentage of information attacks are perpetrated by deploying computer viruses and worms, which result in very costly and destructive “epidemics”. Spread of malicious codes is achieved by the built-in ability to self-replicate through the Internet and computer media. Since most legitimate codes do not self-replicate, and the number of ways to achieve self-replication is limited to the order of fifty, the detection of malicious codes could be reduced to the detection of the “gene of self-replication” in the code in question. This paper present the analysis of the self-replication mechanism of one of the recent computer viruses and discusses the ways to detect the ability of a computer code to self-replicate before the execution.
KeywordsKernel Mode Malicious Code Computer Virus Target Computer Viral Code
Unable to display preview. Download preview PDF.
- 1.Skormin, V.: A Biological Approach to System Information Security (BASIS). A New Paradigm in Autonomic Information Assurance. CONTRACT #30602-01-0509. Report to the AFRL at Rome NY. Binghamton NY (2002)Google Scholar
- 2.Leitold, F.: Mathematical Model of Computer Viruses. In: EICAR 2000 Best Paper Proceedings, pp. 194–217 (2000)Google Scholar
- 3.Skormin, V., Summerville, D., Moronski, J., Sidoran, J.: Application of Genetic Optimization and Statistical Analysis for Detecting Attacks on a Computer Network. In: Proceedings of the Real-time Intrusion Detection NATO Symposium, Lisbon, Portugal, May 27–29 (2002)Google Scholar
- 4.Tarakanov, A.O., Skormin, V.A., Sokolova, S.P.: Immunocomputing. In: Principles and Applications. Springer, New York (2003)Google Scholar
- 5.Drosnin, M.: The Bible Code. Simon & Schuster, New York (1997)Google Scholar