ABSTRACT
The concept of artificial evolution has been applied to numerous real world applications in different domains. In this paper, we use this concept in the domain of virology to evolve computer viruses. We call this domain as "Evolvable Malware". To this end, we propose an evolutionary framework that consists of three modules: (1) a code analyzer that generates a high-level genotype representation of a virus from its machine code, (2) a genetic algorithm that uses the standard selection, cross-over and mutation operators to evolve viruses, and (3) the code generator converts the genotype of a newly evolved virus to its machinelevel code. In this paper, we validate the notion of evolution in viruses on a well-known virus family, called Bagle. The results of our proof-of-concept study show that we have successfully evolved new viruses-previously unknown and known-variants of Bagle-starting from a random population of individuals. To the best of our knowledge, this is the first empirical work on evolution of computer viruses. In future, we want to improve this proof-of-concept framework into a full-blown virus evolution engine.
- F-Secure Virus Description Database, available at http://www.f-secure.com/v-descs/.Google Scholar
- The IDA pro disassembler and debugger, available at http://www.hex-rays.com/idapro/.Google Scholar
- Offensive Computing, available at http://www.offensivecomputing.net.Google Scholar
- VX Heavens Virus Collection, VX Heavens website, available at http://hvx.netlux.org.Google Scholar
- Kaspersky Lab, VirusList.Com, available at http://www.viruslist.com/en/viruses/encyclopedia/.Google Scholar
- J.M. Bauer, J.G. Michel and Y. Wu. "ITU Study on the Financial Aspects of Network Security: Malware and Spam", ICT Applications and Cybersecurity Division, International Telecommunication Union, Final Report, July 2008, available at http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-study-financial-aspects-of-malware-and-spam.pdf.Google Scholar
- F. Cohen, "Computer Viruses", PhD thesis, University of Southern California, 1985.Google Scholar
- G. Gabrani, P. Bhargava, B. Bhawana and G.S. Gill. "Use of Genetic Algorithms for Indian Music Mixing", ACM Ubiquity, 9(10), Article 1, ACM Press, 2008. Google ScholarDigital Library
- J.R. Koza, F.H. Bennett, D. Andre and M.A. Keane "Reuse, parameterized reuse, and hierarchical reuse of substructures in evolving electrical circuits using genetic programming", International Conference on Evolvable Systems: From Biology to Hardware, Volume 1259 of Lecture Notes in Computer Science, pp. 312--326, Springer, UK, 1996. Google ScholarDigital Library
- J.R. Koza and J.P. Rice, "Automatic Programming of Robots using Genetic Programming" 10th National Conference on Artificial Intelligence, pp. 194--201, Association for the Advancement of Artificial Intelligence (AAAI), 1992.Google Scholar
- M.A. Ludwing, "Computer Viruses, Artificial Life and Evolution", American Eagle Publications, 1993.Google Scholar
- J. Gray, R. Klefstad, "Adaptive and Evolvable Software Systems: Techniques, Tools, and Applications", 38th Annual Hawaii International Conference on System Sciences (HICSS), page 274, IEEE Press, 2005. Google ScholarDigital Library
- M.H. Marghny and A.F. Ali, "Web Mining based on Genetic Algorithm", IGCST International Journal on Artificial Intelligence and Machine Learning, Special Issue on AI Classification&Analysis Techniques, 2006.Google Scholar
- H.J.F. Moen and S. Kristoffersen, "Multi-resistant radar jamming using genetic algorithms", Genetic and Evolutionary Computation Conference (GECCO), pp. 1595--1602, ACM Press, USA, 2008. Google ScholarDigital Library
- D. Montana, T. Hussain and T. Saxena, "Adaptive Reconfiguration Of Data Networks Using Genetic Algorithms", Genetic and Evolutionary Computation Conference (GECCO), pp. 1141--1149, ACM Press, USA, 2002.Google Scholar
- K. Rozinov, "Reverse code engineering: An In-depth Analysis of the Bagle Virus", 6th Annual IEEE SMC Information Assurance Workshop (IAW), pp. 380--387, IEEE Press, USA, 2005.Google ScholarCross Ref
- E.H. Spafford, "Computer viruses as Artificial Life", Journal of Artificial Life, 1(3), pp. 249--265, MIT Press, 1994. Google ScholarDigital Library
- G. Stein, B. Chen, A.S. Wu and K.A. Hua, "Decision tree classifier for Network Intrusion Detection with GA-based Feature Selection", 43rd Annual ACM Southeast Regional Conference, pp. 136--141, USA, 2005. Google ScholarDigital Library
- O.D. Tabibi, M. Koppel and N.S. Netanyahu, "Genetic algorithms for mentor-assisted evaluation function optimization", Genetic and Evolutionary Computation Conference (GECCO), pp. 1469--1476, ACM Press, USA, 2008. Google ScholarDigital Library
- G. Weinberg, M. Godfrey, A. Rae and J. Rhoads, "A Real-time Genetic Algorithm in Human-robot Musical Improvisation", 4th International Symposium on Computer Music Modeling and Retrieval, Sense of Sounds, Volume 4969 of Lecture Notes in Computer Science, pp. 351--359, Springer, 2008. Google ScholarDigital Library
- D. Whitley, "An Overview of Evolutionary Algorithms: Practical Issues and Common Pitfalls", Information and Software Technology, 43(14), pp. 817--831, 2001.Google ScholarCross Ref
Index Terms
- Evolvable malware
Recommendations
Testing malware detectors
In today's interconnected world, malware, such as worms and viruses, can cause havoc. A malware detector (commonly known as virus scanner) attempts to identify malware. In spite of the importance of malware detectors, there is a dearth of testing ...
The Research of Malware Prevention Technology Based on UEFI
ICECC '12: Proceedings of the 2012 International Conference on Electronics, Communications and ControlUEFI is an international standard which describes an interface between the OS and the platform firmware. To solve the low-level attack threats to computer system, a malicious software prevention system based on UEFI firmware is proposed in this paper. ...
Metamorphic virus variants classification using opcode frequency histogram
ICCOMP'10: Proceedings of the 14th WSEAS international conference on Computers: part of the 14th WSEAS CSCC multiconference - Volume IIn order to prevent detection and evade signature-based scanning methods, which are normally exploited by antivirus softwares, metamorphic viruses use several various obfuscation approaches. They transform their code in new instances as look entirely or ...
Comments