« CCS 2006 | Main | Early Detection Of Active Internet Worms »

Optimising Malware

In this paper, the authors look at ways of fine tuning the efficacy of malware, ie making it speedier and more lethal.

In recent years, malicious software (malware) has become one of the most insidious threats in computer security, having been used, in its various forms, with high level of success for a myriad of nefarious purposes. However, this is arguably not the result of increased sophistication in malware design or attack strategies, but rather of the increased presence of computers and computer networks within every aspect of society, offering an increased number of services through increasingly complex and vulnerability-ridden software.

In this paper, we address and defend the commonly shared point of view that the worst is very much yet to come. We introduce an aim-oriented performance theory for malware and malware attacks, within which we identify some of the performance criteria for measuring their “goodness” with respect to some of the typical objectives for which they are currently used. We also use the OODA-loop model, a wellknown paradigm of command and control borrowed from military doctrine, as a tool for organising (and reasoning about) the behavioural characteristics of malware and orchestrated attacks using it. We then identify and discuss particular areas of malware design and deployment strategy in which very little development has been seen in the past, and that are likely sources of increased future malware threats. Finally, we discuss how standard optimisation techniques could be applied to malware design, in order to allow even moderately equipped malicious actors to quickly converge towards optimal malware attack strategies and tools fine-tuned for the current Internet.

Source: Optimising Malware, José M. Fernandez and Pierre-Marc Bureau.

Update 5 October: Update the paper link to a newer version, from Pierre-Marc.

September 30, 2006 in malware , papers | Permalink
Tell others: digg submit | del.icio.us this | Reddit

Comments

The comments to this entry are closed.