The ecology of Malware

Crandall, Jedidiah R.; Ensafi, Roya; Forrest, Stephanie; Ladau, Joshua; Shebaro, Bilal

doi:10.1145/1595676.1595692

Cited by 15 publications

(9 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, [53] is an empirical study of malware evolution. Arguments for employing nature-inspired technologies for cyber security that mention how biological and ecological systems use information to adapt in an unpredictable world include [34,45,60,85,114].…”

Section: Cyber Securitymentioning

confidence: 99%

Adversarial genetic programming for cyber security: a rising application domain where GP matters

O’Reilly¹,

Toutouh²,

Pertierra³

et al. 2020

Genet Program Evolvable Mach

View full text Add to dashboard Cite

Cyber security adversaries and engagements are ubiquitous and ceaseless. We delineate Adversarial Genetic Programming for Cyber Security, a research topic that, by means of genetic programming (GP), replicates and studies the behavior of cyber adversaries and the dynamics of their engagements. Adversarial Genetic Programming for Cyber Security encompasses extant and immediate research efforts in a vital problem domain, arguably occupying a position at the frontier where GP matters. Additionally, it prompts research questions around evolving complex behavior by expressing different abstractions with GP and opportunities to reconnect to the Machine Learning, Artificial Life, Agent-Based Modeling and Cyber Security communities. We present a framework called RIVALS which supports the study of network security arms races. Its goal is to elucidate the dynamics of cyber networks under attack by computationally modeling and simulating them.

show abstract

Section: Cyber Securitymentioning

confidence: 99%

Adversarial genetic programming for cyber security: a rising application domain where GP matters

O’Reilly¹,

Toutouh²,

Pertierra³

et al. 2020

Genet Program Evolvable Mach

View full text Add to dashboard Cite

show abstract

“…Finally, the relationships and interactions between existing malware (so called malware ecology) have been investigated in [6]. Numbers of interactions, both accidental and intentional, between different types of malware were analyzed and the main conclusion was to seek ecologicallyinspired defense techniques, because many ideas from ecology can be directly applied to all aspects of malware defense.…”

Section: Bio-inspired Cybersecurity Inspired By Organisms' Interactionsmentioning

confidence: 99%

Towards a Systematic View on Cybersecurity Ecology

Mazurczyk

Drobniak

Moore

2016

Advanced Sciences and Technologies for Security Applications

View full text Add to dashboard Cite

Current network security systems are progressively showing their limitations. One credible estimate is that only about 45% of new threats are detected. Therefore it is vital to find a new direction that cybersecurity development should follow. We argue that the next generation of cybersecurity systems should seek inspiration in nature. This approach has been used before in the first generation of cybersecurity systems; however, since then cyber threats and environment have evolved significantly, and accordingly the first-generation systems have lost their effectiveness. A next generation of bioinspired cybersecurity research is emerging, but progress is hindered by the lack of a framework for mapping biological security systems to their cyber analogies. In this paper, using terminology and concepts from biology, we describe a cybersecurity ecology and a framework that may be used to systematically research and develop bio-inspired cybersecurity.

show abstract

“…At the same time, the effectiveness of centrally-placed intrusion detection and prevention systems (IDS/IPS), which attempt to discover infected systems and attacks by monitoring the aggregate traffic of many end systems, continues to diminish with the growth in traffic volume, and with the increasing sophistication of malware and the botnets within which they operate [2,13]. Signature-based solutions will always lag behind the deployment of new malware variants and attempts at achieving zero-day detection and prevention of malware have had disappointing results.…”

Section: And Implemented As a Preprocessor Module For The Open Sourcementioning

confidence: 99%

“…Despite some success at take-down [11], it periodically resurfaces. This malware operates within Microsoft Windows* hosts which become infected with the worm through a variety of vectors ranging from port 445 attack to drive-by infection of vulnerable browsers [2]. Infected systems behind firewalls become slave nodes while those with full access to the Internet operate as relay nodes participating in the botnet's C&C relay structure.…”

Section: Detailed Example: Nobot Detection Of the W32waledac Wormmentioning

confidence: 99%

NoBot: Embedded malware detection for endpoint devices

Menten¹,

Chen²,

Stiliadis

2011

Bell Labs Tech. J.

View full text Add to dashboard Cite

and implemented as a preprocessor module for the open source Snort Intrusion detection and prevention System (IDS/IPS). © 2011 Alcatel-Lucentoccasionally become, themselves, the cause of operating system damage and denial of service [6,14]. At the same time, the effectiveness of centrally-placed intrusion detection and prevention systems (IDS/IPS), which attempt to discover infected systems and attacks by monitoring the aggregate traffic of many end systems, continues to diminish with the growth in traffic volume, and with the increasing sophistication of malware and the botnets within which they operate [2,13]. Signature-based solutions will always lag behind the deployment of new malware variants and attempts at achieving zero-day detection and prevention of malware have had disappointing results.Although one can reduce the frequency of attack with firewalls, IDS/IPS, and host-based protections,

show abstract

The ecology of Malware

Cited by 15 publications

References 19 publications

Adversarial genetic programming for cyber security: a rising application domain where GP matters

Adversarial genetic programming for cyber security: a rising application domain where GP matters

Towards a Systematic View on Cybersecurity Ecology

NoBot: Embedded malware detection for endpoint devices

Contact Info

Product

Resources

About