research-article

Evolvable malware

Authors:

Shafaq Murtaza,

M. Zubair Shafiq,

Muddassar FarooqAuthors Info & Claims

GECCO '09: Proceedings of the 11th Annual conference on Genetic and evolutionary computation

Pages 1569 - 1576

https://doi.org/10.1145/1569901.1570111

Published: 08 July 2009 Publication History

Abstract

The concept of artificial evolution has been applied to numerous real world applications in different domains. In this paper, we use this concept in the domain of virology to evolve computer viruses. We call this domain as "Evolvable Malware". To this end, we propose an evolutionary framework that consists of three modules: (1) a code analyzer that generates a high-level genotype representation of a virus from its machine code, (2) a genetic algorithm that uses the standard selection, cross-over and mutation operators to evolve viruses, and (3) the code generator converts the genotype of a newly evolved virus to its machinelevel code. In this paper, we validate the notion of evolution in viruses on a well-known virus family, called Bagle. The results of our proof-of-concept study show that we have successfully evolved new viruses-previously unknown and known-variants of Bagle-starting from a random population of individuals. To the best of our knowledge, this is the first empirical work on evolution of computer viruses. In future, we want to improve this proof-of-concept framework into a full-blown virus evolution engine.

References

[1]

F-Secure Virus Description Database, available at http://www.f-secure.com/v-descs/.

[2]

The IDA pro disassembler and debugger, available at http://www.hex-rays.com/idapro/.

[3]

Offensive Computing, available at http://www.offensivecomputing.net.

[4]

VX Heavens Virus Collection, VX Heavens website, available at http://hvx.netlux.org.

[5]

Kaspersky Lab, VirusList.Com, available at http://www.viruslist.com/en/viruses/encyclopedia/.

[6]

J.M. Bauer, J.G. Michel and Y. Wu. "ITU Study on the Financial Aspects of Network Security: Malware and Spam", ICT Applications and Cybersecurity Division, International Telecommunication Union, Final Report, July 2008, available at http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-study-financial-aspects-of-malware-and-spam.pdf.

[7]

F. Cohen, "Computer Viruses", PhD thesis, University of Southern California, 1985.

[8]

G. Gabrani, P. Bhargava, B. Bhawana and G.S. Gill. "Use of Genetic Algorithms for Indian Music Mixing", ACM Ubiquity, 9(10), Article 1, ACM Press, 2008.

Digital Library

[9]

J.R. Koza, F.H. Bennett, D. Andre and M.A. Keane "Reuse, parameterized reuse, and hierarchical reuse of substructures in evolving electrical circuits using genetic programming", International Conference on Evolvable Systems: From Biology to Hardware, Volume 1259 of Lecture Notes in Computer Science, pp. 312--326, Springer, UK, 1996.

Digital Library

[10]

J.R. Koza and J.P. Rice, "Automatic Programming of Robots using Genetic Programming" 10th National Conference on Artificial Intelligence, pp. 194--201, Association for the Advancement of Artificial Intelligence (AAAI), 1992.

[11]

M.A. Ludwing, "Computer Viruses, Artificial Life and Evolution", American Eagle Publications, 1993.

[12]

J. Gray, R. Klefstad, "Adaptive and Evolvable Software Systems: Techniques, Tools, and Applications", 38th Annual Hawaii International Conference on System Sciences (HICSS), page 274, IEEE Press, 2005.

Digital Library

[13]

M.H. Marghny and A.F. Ali, "Web Mining based on Genetic Algorithm", IGCST International Journal on Artificial Intelligence and Machine Learning, Special Issue on AI Classification&Analysis Techniques, 2006.

[14]

H.J.F. Moen and S. Kristoffersen, "Multi-resistant radar jamming using genetic algorithms", Genetic and Evolutionary Computation Conference (GECCO), pp. 1595--1602, ACM Press, USA, 2008.

Digital Library

[15]

D. Montana, T. Hussain and T. Saxena, "Adaptive Reconfiguration Of Data Networks Using Genetic Algorithms", Genetic and Evolutionary Computation Conference (GECCO), pp. 1141--1149, ACM Press, USA, 2002.

[16]

K. Rozinov, "Reverse code engineering: An In-depth Analysis of the Bagle Virus", 6th Annual IEEE SMC Information Assurance Workshop (IAW), pp. 380--387, IEEE Press, USA, 2005.

[17]

E.H. Spafford, "Computer viruses as Artificial Life", Journal of Artificial Life, 1(3), pp. 249--265, MIT Press, 1994.

Digital Library

[18]

G. Stein, B. Chen, A.S. Wu and K.A. Hua, "Decision tree classifier for Network Intrusion Detection with GA-based Feature Selection", 43rd Annual ACM Southeast Regional Conference, pp. 136--141, USA, 2005.

Digital Library

[19]

O.D. Tabibi, M. Koppel and N.S. Netanyahu, "Genetic algorithms for mentor-assisted evaluation function optimization", Genetic and Evolutionary Computation Conference (GECCO), pp. 1469--1476, ACM Press, USA, 2008.

Digital Library

[20]

G. Weinberg, M. Godfrey, A. Rae and J. Rhoads, "A Real-time Genetic Algorithm in Human-robot Musical Improvisation", 4th International Symposium on Computer Music Modeling and Retrieval, Sense of Sounds, Volume 4969 of Lecture Notes in Computer Science, pp. 351--359, Springer, 2008.

Digital Library

[21]

D. Whitley, "An Overview of Evolutionary Algorithms: Practical Issues and Common Pitfalls", Information and Software Technology, 43(14), pp. 817--831, 2001.

Cited By

Coscia ADentamaro VGalantucci SMaci APirlo G(2023)YAMME: a YAra-byte-signatures Metamorphic Mutation EngineIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.329405918(4530-4545)Online publication date: 2023
https://doi.org/10.1109/TIFS.2023.3294059
Geng JWang JFang ZZhou YWu DGe W(2023)A Survey of strategy-driven evasion methods for PE malware: Transformation, concealment, and attackComputers & Security10.1016/j.cose.2023.103595(103595)Online publication date: Nov-2023
https://doi.org/10.1016/j.cose.2023.103595
Miura HKimura TAman HHirata K(2023)Game-theoretic approach to epidemic modeling of countermeasures against future malware evolutionComputer Communications10.1016/j.comcom.2023.05.001206(160-171)Online publication date: Jun-2023
https://doi.org/10.1016/j.comcom.2023.05.001
Show More Cited By

Index Terms

Evolvable malware
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security

Recommendations

Testing malware detectors

In today's interconnected world, malware, such as worms and viruses, can cause havoc. A malware detector (commonly known as virus scanner) attempts to identify malware. In spite of the importance of malware detectors, there is a dearth of testing ...
The Research of Malware Prevention Technology Based on UEFI
ICECC '12: Proceedings of the 2012 International Conference on Electronics, Communications and Control

UEFI is an international standard which describes an interface between the OS and the platform firmware. To solve the low-level attack threats to computer system, a malicious software prevention system based on UEFI firmware is proposed in this paper. ...
Metamorphic virus variants classification using opcode frequency histogram
ICCOMP'10: Proceedings of the 14th WSEAS international conference on Computers: part of the 14th WSEAS CSCC multiconference - Volume I

In order to prevent detection and evade signature-based scanning methods, which are normally exploited by antivirus softwares, metamorphic viruses use several various obfuscation approaches. They transform their code in new instances as look entirely or ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

GECCO '09: Proceedings of the 11th Annual conference on Genetic and evolutionary computation

July 2009

2036 pages

ISBN:9781605583259

DOI:10.1145/1569901

General Chair:
Franz Rothlauf
University of Mainz, Germany

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 July 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

GECCO09

Sponsor:

GECCO09: Genetic and Evolutionary Computation Conference

July 8 - 12, 2009

Québec, Montreal, Canada

Acceptance Rates

Overall Acceptance Rate 1,669 of 4,410 submissions, 38%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

32
Total Citations
View Citations
901
Total Downloads

Downloads (Last 12 months)28
Downloads (Last 6 weeks)5

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Coscia ADentamaro VGalantucci SMaci APirlo G(2023)YAMME: a YAra-byte-signatures Metamorphic Mutation EngineIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.329405918(4530-4545)Online publication date: 2023
https://doi.org/10.1109/TIFS.2023.3294059
Geng JWang JFang ZZhou YWu DGe W(2023)A Survey of strategy-driven evasion methods for PE malware: Transformation, concealment, and attackComputers & Security10.1016/j.cose.2023.103595(103595)Online publication date: Nov-2023
https://doi.org/10.1016/j.cose.2023.103595
Miura HKimura TAman HHirata K(2023)Game-theoretic approach to epidemic modeling of countermeasures against future malware evolutionComputer Communications10.1016/j.comcom.2023.05.001206(160-171)Online publication date: Jun-2023
https://doi.org/10.1016/j.comcom.2023.05.001
Murali RVelayutham CWagner M(2022)Adapting novelty towards generating antigens for antivirus systemsProceedings of the Genetic and Evolutionary Computation Conference10.1145/3512290.3528693(1254-1262)Online publication date: 8-Jul-2022
https://dl.acm.org/doi/10.1145/3512290.3528693
Smtith MVerzi SJohnson NZhou XKhanna KQuynn SKrishnakumar R(2021)Malware Generation with Specific Behaviors to Improve Machine Learning-based Detection2021 IEEE International Conference on Big Data (Big Data)10.1109/BigData52589.2021.9671886(2160-2169)Online publication date: 15-Dec-2021
https://doi.org/10.1109/BigData52589.2021.9671886
Zhao TChen WMa XWu X(2021)Evolutionary Computation in Social Propagation over Complex Networks: A SurveyInternational Journal of Automation and Computing10.1007/s11633-021-1302-318:4(503-520)Online publication date: 1-Aug-2021
https://dl.acm.org/doi/10.1007/s11633-021-1302-3
Hammar KStadler R(2020)Finding Effective Security Strategies through Reinforcement Learning and Self-Play2020 16th International Conference on Network and Service Management (CNSM)10.23919/CNSM50824.2020.9269092(1-9)Online publication date: 2-Nov-2020
https://doi.org/10.23919/CNSM50824.2020.9269092
Murali RVelayutham C(2020)A Conceptual Direction on Automatically Evolving Computer Malware using Genetic and Evolutionary Algorithms2020 International Conference on Inventive Computation Technologies (ICICT)10.1109/ICICT48043.2020.9112509(226-229)Online publication date: Feb-2020
https://doi.org/10.1109/ICICT48043.2020.9112509
Truong TZelinka ISenkerik R(2020)Neural Swarm VirusSwarm, Evolutionary, and Memetic Computing and Fuzzy and Neural Computing10.1007/978-3-030-37838-7_12(122-134)Online publication date: 3-Jan-2020
https://doi.org/10.1007/978-3-030-37838-7_12
Castro RSchmitt CDreo G(2019)AIMED: Evolving Malware with Genetic Programming to Evade Detection2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)10.1109/TrustCom/BigDataSE.2019.00040(240-247)Online publication date: Aug-2019
https://doi.org/10.1109/TrustCom/BigDataSE.2019.00040
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents