Information Technology Reference
In-Depth Information
Conclusion
In order to counterattack the many assaults against the world's complex network of
computers, more proactive and non-reactionary schemes for protection need to be
developed. There are very few security applications that can detect an attack from a
previously unknown assailant. This approach offers the ability to detect the “gene of
self-replication” of any given piece of code.
The reason for choosing the mechanism of self-replication as the detection criteria
is that most non-malicious code has no reason to propagate itself and malicious codes
must. Even as virus writers mutate existing code or create new complex code, the
need to spread from host to host remains. Determining the genotype of self-replication
is no simple process as the applications must be either decoded or watched until de-
tection. Furthermore, no method of detection is perfect. While this is an attempt to
find all methods of self-replication, there may be new techniques in virus writing that
will thwart this effort.
References
1. Skormin, V.: A Biological Approach to System Information Security (BASIS). A New
Paradigm in Autonomic Information Assurance. CONTRACT #30602-01-0509. Report to
the AFRL at Rome NY. Binghamton NY (2002)
2. Leitold, F.: Mathematical Model of Computer Viruses. EICAR 2000 Best Paper Proceed-
ings. (2000) 194-217
3. Skormin, V., Summerville, D., Moronski, J., and Sidoran, J.: Application of Genetic Opti-
mization and Statistical Analysis for Detecting Attacks on a Computer Network. Proceed-
ings of the Real-time Intrusion Detection NATO Symposium, May 27-29, Lisbon, Portugal
(2002)
4. Tarakanov, A. O., Skormin, V. A., Sokolova, S. P.: Immunocomputing. Principles and Ap-
plications, Springer, New York, NY (2003)
5. Michael Drosnin: The Bible Code. Simon & Schuster, New York, NY (1997)
