Prophylaxis for “virus” propagation and general computer security policy

Viruses propagate easily with economic consequences that are difficult to estimate. Appropriate means of prevention, detection and protection are needed to preserve integrity and availability of computer systems. Prophylaxis effects first have to be reasearched to provide data for choice of appropriate measures according to the general security policy. Several models for virus propagations borrowed from biology have been developed in the continuous case to indicate that segregation controls imposed by file value increase the population density of virus. This confirm previous experimental results obtained by F. Cohen on personal computers and mainframes.Uniform virus prevention is highly recommended rather than segregation by file value which is basically the principle of most of centralized packages. Also, security measures offered by most of the resource access security systems are not effective for virus infections which can pass high security levels when they are introduced by trusted users. It is suggested to apply a flexible management prevention program adapted to environment, men and virus changes in relation with a normal use of information systems which have to play their economic and strategic roles without losses.Two perspectives are suggested. The first makes reference to the SRI's real-time Inrusion-Detection Expert System (IDES) based on statistical tests for abnormality, considering deviations from an expected behavior. It works for individual as well as group users or remote hosts. The second proposes the use of neural networks as another technical solution actually available. It should work for such an anomaly detection based on behavior segregation rather than value.

[1]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[2]  Harold Joseph Highland Computer virus handbook , 1990, Computers and security.

[3]  Clinton E. White,et al.  The IPM model of computer virus management , 1990, Comput. Secur..

[4]  Klaus Brunnstein Zur Klassifikation von Computer-Viren: Der "Computer-Virus-Katalog" , 1989, GI Jahrestagung.

[5]  Edward J. McCluskey,et al.  Concurrent Error Detection Using Watchdog Processors - A Survey , 1988, IEEE Trans. Computers.

[6]  D. Guinier Proposal for a “C virus” database , 1989, SGSC.

[7]  Yvo Desmedt,et al.  Defending systems against viruses through cryptographic authentication , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[8]  Fred Cohen,et al.  On the implications of computer viruses and methods of defense , 1988, Comput. Secur..

[9]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  D. Guinier,et al.  Biological versus computer viruses , 1989, SGSC.

[11]  Morton G. Swimmer,et al.  Response to the proposal for a “C-Virus” database , 1990, SGSC.