Abstract
This paper presents a statistical model of the malware detection problem. Where Chess and White (An undetectable computer virus. In: Virus Bulletin Conference, 2000) just partially addressed this issue and gave only existence results, we give here constructive results of undetectable malware. We show that any existing detection techniques can be modelled by one or more statistical tests. Consequently, the concepts of false positive and non detection are precisely defined. The concept of test simulability is then presented and enables us to gives constructive results how undetectable malware could be developped by an attacker. Practical applications of this statistical model are proposed. Finally, we give a statistical variant of Cohen’s undecidability results of virus detection.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Aho A.V., Hopcroft J.E. and Ulman J.D. (1974). The Design and Analysis of Computer Algorithms. Addison-Wesley, Reading
Boyer R.S. and et Moore J.S. (1977). A fast string-searching algorithm. Commun ACM 10(20): 762–772
Cohen, F.: Computer viruses. Ph.D. Thesis, University of Southern California, Janvier (1986)
Filiol, E.: Computer Viruses: from Theory to Applications, IRIS International Series, Springer, France. ISBN 2-287-23939-1 (2005)
Filiol, E.: Malware pattern scanning schemes secure against black-box analysis. In: Broucek, V., Turner, P. (eds.) EICAR Conference Best Paper Proceedings, Hamburg, Germany: EICAR. An extended version has been published in the EICAR 2006 Special Issue, J. Comput. Virol. 2(1), pp. 35–50 (2006)
Filiol, E., Jacob, G., Le Liard, M.: Evaluation methodology and theoretical model for antiviral behavioural detection strategies. In: Bonfante, G., Marion, J.-Y. (eds) WTCV’06 Special Issue, J. Comput. Virol. 3(1) (2007)
Filiol, E.: Techniques virales avancées, IRIS Series, Springer, France. An English translation is pending (due mid 2007) (2007)
Chess, D.M., White, S.R.: An undetectable computer virus. In: Virus Bulletin Conference (2000)
Karp, R.M., et Rabin, M.O.: Efficient Randomized Pattern-Matching Algorithms, Technical report TR-31-81. Ayken Computation Laboratory, Harvard University (1981)
Knuth D.E., Morris J.H. and Pratt V.R. (1977). Fast pattern-matching in strings. SIAM J. Comput. 2(6): 323–350
Schmall, M.: Heuristische Viruserkennung. Diplom Thesis, Universität Hamburg (1998)
Schmall, M.: Classification and identification of malicious code based on heuristic techniques utilizing Meta languages. Ph.D. Thesis, University of Hamburg (2003)
Yoo I. and Ultes-Nitsche U. (2006). Non-signature-based virus detection: towards establishing unknown virus detection technique using SOM. J. Comput. Virol. 3(2): 163–186
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Filiol, E., Josse, S. A statistical model for undecidable viral detection. J Comput Virol 3, 65–74 (2007). https://doi.org/10.1007/s11416-007-0041-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-007-0041-5