可发展的恶意软件

Proceedings of the 11th Annual conference on Genetic and evolutionary computation Pub Date : 2009-07-08 DOI:10.1145/1569901.1570111

S. Noreen, Shafaq Murtaza, M. Shafiq, M. Farooq

{"title":"可发展的恶意软件","authors":"S. Noreen, Shafaq Murtaza, M. Shafiq, M. Farooq","doi":"10.1145/1569901.1570111","DOIUrl":null,"url":null,"abstract":"The concept of artificial evolution has been applied to numerous real world applications in different domains. In this paper, we use this concept in the domain of virology to evolve computer viruses. We call this domain as \"Evolvable Malware\". To this end, we propose an evolutionary framework that consists of three modules: (1) a code analyzer that generates a high-level genotype representation of a virus from its machine code, (2) a genetic algorithm that uses the standard selection, cross-over and mutation operators to evolve viruses, and (3) the code generator converts the genotype of a newly evolved virus to its machinelevel code. In this paper, we validate the notion of evolution in viruses on a well-known virus family, called Bagle. The results of our proof-of-concept study show that we have successfully evolved new viruses-previously unknown and known-variants of Bagle-starting from a random population of individuals. To the best of our knowledge, this is the first empirical work on evolution of computer viruses. In future, we want to improve this proof-of-concept framework into a full-blown virus evolution engine.","PeriodicalId":193093,"journal":{"name":"Proceedings of the 11th Annual conference on Genetic and evolutionary computation","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"59","resultStr":"{\"title\":\"Evolvable malware\",\"authors\":\"S. Noreen, Shafaq Murtaza, M. Shafiq, M. Farooq\",\"doi\":\"10.1145/1569901.1570111\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The concept of artificial evolution has been applied to numerous real world applications in different domains. In this paper, we use this concept in the domain of virology to evolve computer viruses. We call this domain as \\\"Evolvable Malware\\\". To this end, we propose an evolutionary framework that consists of three modules: (1) a code analyzer that generates a high-level genotype representation of a virus from its machine code, (2) a genetic algorithm that uses the standard selection, cross-over and mutation operators to evolve viruses, and (3) the code generator converts the genotype of a newly evolved virus to its machinelevel code. In this paper, we validate the notion of evolution in viruses on a well-known virus family, called Bagle. The results of our proof-of-concept study show that we have successfully evolved new viruses-previously unknown and known-variants of Bagle-starting from a random population of individuals. To the best of our knowledge, this is the first empirical work on evolution of computer viruses. In future, we want to improve this proof-of-concept framework into a full-blown virus evolution engine.\",\"PeriodicalId\":193093,\"journal\":{\"name\":\"Proceedings of the 11th Annual conference on Genetic and evolutionary computation\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-07-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"59\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 11th Annual conference on Genetic and evolutionary computation\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1569901.1570111\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 11th Annual conference on Genetic and evolutionary computation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1569901.1570111","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 59

摘要

人工进化的概念已经被应用到许多现实世界的不同领域。在本文中，我们在病毒学领域使用这一概念来进化计算机病毒。我们称这个域名为“可进化的恶意软件”。为此，我们提出了一个由三个模块组成的进化框架:(1)从病毒的机器码生成病毒的高级基因型表示的代码分析器，(2)使用标准选择、交叉和突变操作符进化病毒的遗传算法，以及(3)代码生成器将新进化病毒的基因型转换为其机器级代码。在本文中，我们验证了病毒进化的概念在一个著名的病毒家族，称为Bagle。我们的概念验证研究的结果表明，我们已经成功地从随机的个体群体中进化出了新的病毒——以前未知和已知的bagle变体。据我们所知，这是计算机病毒进化的第一次实证研究。在未来，我们希望将这个概念验证框架改进为一个成熟的病毒进化引擎。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Evolvable malware

The concept of artificial evolution has been applied to numerous real world applications in different domains. In this paper, we use this concept in the domain of virology to evolve computer viruses. We call this domain as "Evolvable Malware". To this end, we propose an evolutionary framework that consists of three modules: (1) a code analyzer that generates a high-level genotype representation of a virus from its machine code, (2) a genetic algorithm that uses the standard selection, cross-over and mutation operators to evolve viruses, and (3) the code generator converts the genotype of a newly evolved virus to its machinelevel code. In this paper, we validate the notion of evolution in viruses on a well-known virus family, called Bagle. The results of our proof-of-concept study show that we have successfully evolved new viruses-previously unknown and known-variants of Bagle-starting from a random population of individuals. To the best of our knowledge, this is the first empirical work on evolution of computer viruses. In future, we want to improve this proof-of-concept framework into a full-blown virus evolution engine.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 11th Annual conference on Genetic and evolutionary computation

自引率

0.00%

发文量