Journal in Computer Virology

, Volume 6, Issue 2, pp 105–114 | Cite as

A general definition of malware

  • Simon Kramer
  • Julian C. Bradfield
Open Access
Original Paper


We propose a general, formal definition of the concept of malware (malicious software) as a single sentence in the language of a certain modal logic. Our definition is general thanks to its abstract formulation, which, being abstract, is independent of—but nonetheless generally applicable to—the manifold concrete manifestations of malware. From our formulation of malware, we derive equally general and formal definitions of benware (benign software), anti-malware (“antibodies” against malware), and medware (medical software or “medicine” for affected software). We provide theoretical tools and practical techniques for the detection, comparison, and classification of malware and its derivatives. Our general defining principle is causation of (in)correctness.


Modal Logic Atomic Proposition Computer Virus Check Compliance Information Warfare 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The first author thanks Jean-Luc Beuchat, Guillaume Bonfante, Johannes Borgström, Rajeev Goré, George Davida, Olga Grinchtein, Ciro Larrazabal, Mircea Marin, Lawrence S. Moss, Prakash Panangaden, Sylvain Pradalier, Daniel Reynaud-Plantey, Vijay Varadharajan, and Matt Webster for delightful discussions.

Open Access

This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.


  1. 1.
    Filiol, E., Helenius, M., Zanero, S.: Open problems in virology. J. Comput. Virol. 1(3–4) (2006)Google Scholar
  2. 2.
    Kramer, S., Bradfield, J.C.: A general definition of malware. presented at the Workshop on the Theory of Computer Viruses (2008)Google Scholar
  3. 3.
    Szor P.: The Art and Craft of Computer Virus Research and Defense. Addison-Wesley, Boston (2005)Google Scholar
  4. 4.
    Brunnstein, K.: From antivirus to antimalware software and beyond: another approach to the protection of customers from dysfunctional system behaviour. In: Proceedings of the National Information Systems Security Conference (1999)Google Scholar
  5. 5.
    Virus Encyclopedia.
  6. 6.
    European Expert Group for IT-Security.
  7. 7.
    Information Warfare Monitor.
  8. 8.
    The Information Warfare Site.
  9. 9.
    Clarke E.M. Jr, Grumberg O., Peled D.A.: Model Checking. MIT Press, Cambridge (1999)Google Scholar
  10. 10.
    Bergstra J.A., Ponse A., Smolka S.A.: Handbook of Process Algebra. Elsevier, New York (2001)zbMATHGoogle Scholar
  11. 11.
    Fitting M.: First-Order Logic and Automated Theorem Proving. Springer, New York (1996)zbMATHGoogle Scholar
  12. 12.
    Harrison J.: Handbook of Practical Logic and Automated Reasoning. Cambridge University Press, Cambridge (2009)zbMATHCrossRefGoogle Scholar
  13. 13.
    Necula, G.: Proof-carrying code. In: Proceedings of the ACM Symposium on Principles of Programming Languages (1997)Google Scholar
  14. 14.
    Filiol E.: Les virus informatiques: théorie, pratique et applications, 2nd edn. Springer, France (2009)zbMATHGoogle Scholar
  15. 15.
    Adleman, L.: An abstract theory of computer viruses. In: Proceedings of CRYPTO, vol. 403 of LNCS (1988)Google Scholar
  16. 16.
    Cohen, F.: Computer viruses: Theory and experiments. J. Comput. Secur. 6 (1987)Google Scholar
  17. 17.
    Dowling, W.F.: There are no safe virus tests. Am. Math. Mon. 96(9) (1989)Google Scholar
  18. 18.
    Jacob, G., Debar, H., Filiol, E.: Behavioral detection of malware: from a survey towards an established taxonomy. J. Comput. Virol. 4(3) (2008)Google Scholar
  19. 19.
    Bradfield, J., Stirling, C.: Handbook of Modal Logic, chapter Modal Mu-Calculi. (2007)Google Scholar
  20. 20.
    Alberucci, L., Salipante, V.: On modal  μ-calculus and non-well-founded set theory. J. Philos. Log. 33(4) (2004)Google Scholar
  21. 21.
    Bonfante, G., Kaczmarek, M., Marion, J.-Y.: On abstract computer virology from a recursion theoretic perspective. J. Comput. Virol. 1(3–4) (2006)Google Scholar
  22. 22.
    Fisher, J.A., Henzinger, T.A.: Executable cell biology. Nat. Biotechnol. 25 (2007)Google Scholar
  23. 23.
    Webster, M., Malcolm, G.: Formal affordance-based models of computer virus reproduction. J. Comput. Virol. 4(4) (2008)Google Scholar
  24. 24.
    Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In Proceedings of the ACM workshop on Rapid malcode (2003)Google Scholar
  25. 25.
    Goranko, V., Otto, M.: Handbook of Modal Logic, chapter Model Theory of Modal Logic. (2007)Google Scholar
  26. 26.
    Dovier, A., Piazza, C., Policriti, A.: An efficient algorithm for computing bisimulation equivalence. Theor. Comput. Sci. 311(1–3) (2004)Google Scholar
  27. 27.
    Salomon D.: Foundations of Computer Security. Springer, Berlin (2006)Google Scholar
  28. 28.
    Lawson, G.: On the trail of the Conficker worm. Computer (2009)Google Scholar
  29. 29.
    Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5) (2003)Google Scholar
  30. 30.
    Webster, M., Malcolm, G.: Detection of metamorphic and virtualization-based malware using algebraic specification. J. Comput. Virol. 5(3) (2009)Google Scholar
  31. 31.
    Bonfante, G., Kaczmarek, M., Marion, J.-Y.: Architecture of a morphological malware detector. J. Comput. Virol. 5(3) (2009)Google Scholar
  32. 32.
    Dalla Preda, M., Christodorescu, M., Jha, S.: A semantics-based approach to malware detection. ACM Transactions on Programming Languages and Systems 30(5) (2008)Google Scholar
  33. 33.
    Blackburn, P., van Benthem, J., Wolter, F.: (eds.) Handbook of Modal Logic, Volume 3 of Studies in Logic and Practical Reasoning. Elsevier, Amsterdam (2007)Google Scholar

Copyright information

© The Author(s) 2009

Authors and Affiliations

  1. 1.Ecole Polytechnique and INRIAPalaiseauFrance
  2. 2.University of EdinburghEdinburghUK

Personalised recommendations