论文信息 - Formalisation and implementation aspects of K-ary (malicious) codes

Formalisation and implementation aspects of K-ary (malicious) codes

This paper presents a new class of (malicious) codes denoted k-ary codes. Instead of containing the whole instructions composing the program’s action, this type of codes is composed of k distinct parts which constitute a partition of the entire code. Each of these parts contains only a subset of the instructions. When considered alone (e.g. by an antivirus) every part cannot be distinguished from a normal uninfected program while their respective action combined according to different possible modes results in the offensive behaviour. In this paper, we presents a formalisation of this type of codes by means of Boolean functions and give their detailed taxonomy. We first show that classical malware are just a particular instance of this general model then we specifically address the case of k-ary codes. We give some complexity results about their detection based on the interaction between the different parts. As a general result, the detection is proved to be NP-complete.

Eric Filiol | E. Filiol

[1] Éric Filiol. Computer Viruses: from Theory to Applications , 2005 .

[2] Christos H. Papadimitriou,et al. Computational complexity , 1993 .

[3] J. A. Bondy,et al. Basic graph theory: paths and circuits , 1996 .

[4] Diomidis Spinellis,et al. Reliable identification of bounded-length viruses is NP-complete , 2003, IEEE Trans. Inf. Theory.

[5] Fred Cohen,et al. Computer viruses—theory and experiments , 1990 .

[6] Éric Filiol. Techniques de reconstruction en cryptologie et theorie des codes , 2001 .

[7] Helen J. Wang,et al. SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[8] Eric Filiol,et al. Metamorphism, Formal Grammars and Undecidable Code Mutation , 2007 .

[9] Carsten Thomassen,et al. Even Cycles in Directed Graphs , 1985, Eur. J. Comb..

[10] R. Graham,et al. Handbook of Combinatorics , 1995 .

[11] David de Drézigué,et al. In-depth analysis of the viral threats with OpenOffice.org documents , 2006, Journal in Computer Virology.

[12] David S. Johnson,et al. Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[13] Mingtian Zhou,et al. Some Further Theoretical Results about Computer Viruses , 2004, Comput. J..

[14] Bruce Schneier,et al. Environmental Key Generation Towards Clueless Agents , 1998, Mobile Agents and Security.