Information Technology Reference
In-Depth Information
replication is present in the computer code of the virus. The function of self-
replication can be implemented in many ways. Therefore, there is more than one se-
quence of operations that can perform this task. Moreover, it is expected that these
sequences are dispersed throughout the entire body of the code and cannot be detected
as an explicit pattern.
This research is aimed at the development of a methodology that would facilitate
detection of the “gene of self-replication” in computer codes. Unlike existing anti-
virus software, this methodology could allow preventative protection from previously
known and unknown viruses. The feasibility of this task is justified by the following
considerations. While the self-replication could be achieved in a number of different
ways, this number is definitely finite. Detection of these virus sequences is close to
the problems of cryptology, which offers a number of successful techniques. The
problem has a straightforward analogy, the detection of antigens by the immune sys-
tem, and this detection mechanism could be modeled and adopted.
2
Types of Information Attacks
Information attacks often come in the form of malicious codes such as Trojan horses,
worms, and viruses. These attacks violate the host and lead to compromised integrity,
confidentiality, availability of information, and, potentially, administrative control.
The main stages of such an attack include implantation of a malicious program into
the remote system, execution of the program, and information exchange between the
malicious program and outside servers, which results in the spread of the attack, thus
infecting and controlling the attacked host and potentially, the entire network. The
particular sequence of such stages depends on the type of the attack.
There are two classifications of such an attack. The first is the implantation of a
malicious executable file (program) into remote computer systems. These attacks
include implantation and consequent execution of a malicious program in the target
system. In addition to rendering the attacked computer useless, malicious programs
have a built-in self-replication function that results in the potential dissemination of
the program over the entire community of users and the entire network. Such a mali-
cious program could be activated from a remote terminal or by the initiation of le-
gitimate software that is installed on the target computer.
The second is the implantation of a malicious script or program text into remote
computer systems. This type of attack has only one feature that makes it different
from the above: it requires that some auxiliary software, such as a script interpreter or
a translator for a particular programming language (ex: java, VB Script), be installed
on the target computer.
Analysis of attacks using malicious codes indicates that the attack objectives can-
not be fully achieved without dissemination of the malicious code over the entire
community of users, hosts, and potentially the entire network. The attackers skillfully
utilize the target computer, before rendering it useless, to expand the attack to include
as many computers as possible.
The process of self-replication is common to all viruses. The specific implementa-
tion mechanisms vary from virus to virus, but the fundamental process is the same. A
virus must make a copy of itself, which it uses to infect other files or systems. The
copy may be an exact replica of the original or it may be slightly modified in an at-
Search WWH ::




Custom Search