Formal affordance-based models of computer virus reproduction | Journal of Computer Virology and Hacking Techniques Skip to main content
Springer Nature Link
Log in

Formal affordance-based models of computer virus reproduction

  • Original Paper
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

We present a novel classification of computer viruses using a formalised notion of reproductive models based on Gibson’s theory of affordances. A computer virus reproduction model consists of: a labelled transition system to represent the states and actions involved in that virus’s reproduction; a notion of entities that are active in the reproductive process, and are present in certain states; a sequence of actions corresponding to the means of reproduction of the virus; and a formalisation of the actions afforded by entities to other entities. Informally, an affordance is an action that one entity allows another to perform. For example, an operating system might afford a computer virus the ability to read data from the disk. We show how computer virus reproduction models can be classified according to whether or not any of their reproductive actions are afforded by other entities. We give examples of reproduction models for three different computer viruses, and show how reproduction model classification can be automated. To demonstrate this we give three examples of how computer viruses can be classified automatically using static and dynamic analysis, and show how classifications can be tailored for different types of anti-virus behaviour monitoring software. Finally, we compare our approach with related work, and give directions for future research.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Adleman, L.M.: An abstract theory of computer viruses. In: Advances in Cryptology—CRYPTO ‘88. Lecture Notes in Computer Science, vol. 403, pp. 354–374 (1990)

  2. Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. Technical Report CSE-TR-530-07, Department of Electrical Engineering and Computer Science, University of Michigan (2007)

  3. Bonfante G., Kaczmarek M. and Marion J.-Y. (2006). On abstract computer virology: from a recursion-theoretic perspective. J. Comput. Virol. 1(3–4): 45–54

    Article  Google Scholar 

  4. Bonfante, G., Kaczmarek, M., Marion, J.-Y.: A classification of viruses through recursion theorems. In: Cooper, S.B., Löwe, B., Sorbi, A. (eds.) CiE 2007. Lecture Notes in Computer Science, vol. 4497. Springer, Berlin (2007)

  5. Carrera, E., Erdélyi, G.: Digital genome mapping—advanced binary malware analysis. In: Virus Bulletin Conference (2004)

  6. Clavel M., Durán F., Eker S., Lincoln P., Martí-Oliet N., Meseguer J. and Quesada J.F. (2002). Maude: specification and programming in rewriting logic. Theor. Comput. Sci. 285(2): 187–243

    Article  MATH  Google Scholar 

  7. Cohen F. (1987). Computer viruses—theory and experiments. Comput. Secur. 6(1): 22–35

    Article  Google Scholar 

  8. Cohen F. (1989). Computational aspects of computer viruses. Comput. Secur. 8: 325–344

    Article  Google Scholar 

  9. Cohen F.B. (1994). It’s Alive! The New Breed of Living Computer Programs. Wiley, New York

    MATH  Google Scholar 

  10. Cormen T.H., Leiserson C.E., Rivest R.L. and Stein C. (2001). Introduction to Algorithms, 2nd edn. MIT Press, Cambridge

    MATH  Google Scholar 

  11. Filiol E. (2005). Computer Viruses: from Theory to Applications. Springer, Heidelberg, ISBN 2287239391

    MATH  Google Scholar 

  12. Filiol E., Jacob G. and Liard M.L. (2007). Evaluation methodology and theoretical model for antiviral behavioural detection strategies. J. Comput. Virol. 3: 23–37

    Article  Google Scholar 

  13. Gheorghescu, M.: An automated virus classification system. In: Virus Bulletin Conference (2005)

  14. Gibson, J.J.: The theory of affordances. In: Perceiving, Acting and Knowing: Toward an Ecological Psychology, pp. 67–82 (1977)

  15. Gibson J.J. (1979). The Ecological Approach to Visual Perception. Houghton–Mifflin, Boston, ISBN 0395270499

    Google Scholar 

  16. Goguen, J.A., Walker, T., Meseguer, J., Futatsugi, K., Jouannaud, J.-P.L: Introducing OBJ. In: Goguen, J.A., Malcolm, G. (eds.) Software Engineering with OBJ: Algebraic Specification in Action. Kluwer, Dordrecht (2000). ISBN 0792377575

  17. Goldberg L.A., Goldberg P.W., Phillips C.A. and Sorkin G.B. (1998). Constructing computer virus phylogenies. J. Algorithms 26(1): 188–208

    Article  MATH  MathSciNet  Google Scholar 

  18. Gordon, S.: Virus and vulnerability classification schemes: Standards and integration. Symantec Security Response White Paper (2003). http://www.symantec.com/avcenter/reference/virus.and.vulnerability.pdf.. Accessed 28 Oct 2007

  19. Hilker, M., Schommer, C.: SANA—security analysis in internet traffic through artificial immune systems. In: Autexier, S., Merz, S., van der Torre, L., Wilhelm, R., Wolper, P. (eds.) Workshop “Trustworthy Software” 2006. IBFI, Schloss Dagstuhl, Germany (2006)

  20. Enamul Karim, Md., Walenstein, A., Lakhotia, A.: Malware phylogeny using maximal pi-patterns. In: EICAR 2005 Conference: Best Paper Proceedings, pp. 156–174 (2005)

  21. Enamul Karim Md., Walenstein A., Lakhotia A. and Parida L. (2005). Malware phylogeny generation using permutations of code. J. Comput. Virol. 1: 13–23

    Article  Google Scholar 

  22. Kephart, J.O.: A biologically inspired immune system for computers. In: Brooks, R.A., Maes, P. (eds.) Artificial Life IV, Proceedings of the Fourth International Workshop on Synthesis and Simulation of Living Systems, pp. 130–139. MIT Press, Cambridge (1994)

  23. Knuth D.E., Morris J.H. and Pratt V.R. (1977). Fast pattern matching in strings. SIAM J. Comput. 6(2): 323–350

    Article  MATH  MathSciNet  Google Scholar 

  24. Kuo, J., Beck, D.: The common malware enumeration initiative. Virus Bull. September, 14–15 (2005)

  25. Meseguer J. and Roşu G. (2007). The rewriting logic semantics project. Theor. Comput. Sci. 373(3): 213–237

    Article  MATH  Google Scholar 

  26. Morales, J.A., Clarke, P.J., Deng, Y., Golam Kibria, B.M.: Testing and evaluating virus detectors for handheld devices. J. Comput. Virol. 2(2) (2006)

  27. Reynaud-Plantey, D.: The Java mobile risk. J. Comput. Virol. 2(2) (2006)

  28. Skulason, F., Bontchev, V.: A new virus naming convention. CARO meeting (1991)

  29. Somayaji, A., Hofmeyr, S., Forrest, S.: Principles of a computer immune system. In: 1997 New Security Paradigms Workshop. ACM Press, New York (1997)

  30. Spafford E.H. (1994). Computer viruses as artificial life. J. Artif. Life 1(3): 249–265

    Article  Google Scholar 

  31. Ször P. (2005). The Art of Computer Virus Research and Defense. Addison-Wesley, Reading, ISBN 0321304543

    Google Scholar 

  32. Taylor, T.J.: From Artificial Evolution to Artificial Life. PhD thesis, University of Edinburgh (1999). http://www.tim-taylor.com/papers/thesis/. Accessed 28 Oct 2007

  33. Töyssy, S., Helenius, M.: About malicious software in smartphones. J. Comput. Virol. 2(2), 109–119 (2006)

    Article  Google Scholar 

  34. Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In: WORM ’03: Proceedings of the 2003 ACM Workshop on Rapid Malcode, pp. 11–18. ACM Press, New York (2003)

  35. Webster, M., Malcolm, G.: Reproducer classification using the theory of affordances: Models and examples. Int. J. Inf. Technol. Intell. Comput. 2(2) (2007)

  36. Webster, M., Malcolm, G.: Detection of metamorphic computer viruses using algebraic specification. J. Comput. Virol. 2(3), 149–161 (2006). doi:10.1007/s11416-006-0023-z

    Google Scholar 

  37. Webster, M., Malcolm, G.: Formal affordance-based models of computer virus reproduction—Maude specification, October 2007. http://www.csc.liv.ac.uk/~matt/pubs/maude/1/

  38. Webster, M., Malcolm, G.: Reproducer classification using the theory of affordances. In: Proceedings of the 2007 IEEE Symposium on Artificial Life (CI-ALife 2007), pp. 115–122. IEEE Press, New York (2007)

  39. Wehner, S.: Analyzing worms and network traffic using compression. J. Comput. Secur. 15(3), 303–320 (2007). arXiv:cs/ 0504045v1 [cs.CR]

    Google Scholar 

  40. Xenakis, C.: Malicious actions against the GPRS technology. J. Comput. Virol. 2(2) (2006)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Liverpool, Liverpool, L69 3BX, UK

    Matt Webster & Grant Malcolm

Authors
  1. Matt Webster
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Grant Malcolm
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Matt Webster.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Webster, M., Malcolm, G. Formal affordance-based models of computer virus reproduction. J Comput Virol 4, 289–306 (2008). https://doi.org/10.1007/s11416-007-0079-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-007-0079-4

Keywords