Abstract
We propose a general, formal definition of the concept of malware (malicious software) as a single sentence in the language of a certain modal logic. Our definition is general thanks to its abstract formulation, which, being abstract, is independent of—but nonetheless generally applicable to—the manifold concrete manifestations of malware. From our formulation of malware, we derive equally general and formal definitions of benware (benign software), anti-malware (“antibodies” against malware), and medware (medical software or “medicine” for affected software). We provide theoretical tools and practical techniques for the detection, comparison, and classification of malware and its derivatives. Our general defining principle is causation of (in)correctness.
Article PDF
Similar content being viewed by others
References
Filiol, E., Helenius, M., Zanero, S.: Open problems in virology. J. Comput. Virol. 1(3–4) (2006)
Kramer, S., Bradfield, J.C.: A general definition of malware. presented at the Workshop on the Theory of Computer Viruses (2008)
Szor P.: The Art and Craft of Computer Virus Research and Defense. Addison-Wesley, Boston (2005)
Brunnstein, K.: From antivirus to antimalware software and beyond: another approach to the protection of customers from dysfunctional system behaviour. In: Proceedings of the National Information Systems Security Conference (1999)
Virus Encyclopedia. http://www.viruslist.com/
European Expert Group for IT-Security. http://www.eicar.org/
Information Warfare Monitor. http://www.infowar-monitor.net/
The Information Warfare Site. http://www.iwar.org.uk/
Clarke E.M. Jr, Grumberg O., Peled D.A.: Model Checking. MIT Press, Cambridge (1999)
Bergstra J.A., Ponse A., Smolka S.A.: Handbook of Process Algebra. Elsevier, New York (2001)
Fitting M.: First-Order Logic and Automated Theorem Proving. Springer, New York (1996)
Harrison J.: Handbook of Practical Logic and Automated Reasoning. Cambridge University Press, Cambridge (2009)
Necula, G.: Proof-carrying code. In: Proceedings of the ACM Symposium on Principles of Programming Languages (1997)
Filiol E.: Les virus informatiques: théorie, pratique et applications, 2nd edn. Springer, France (2009)
Adleman, L.: An abstract theory of computer viruses. In: Proceedings of CRYPTO, vol. 403 of LNCS (1988)
Cohen, F.: Computer viruses: Theory and experiments. J. Comput. Secur. 6 (1987)
Dowling, W.F.: There are no safe virus tests. Am. Math. Mon. 96(9) (1989)
Jacob, G., Debar, H., Filiol, E.: Behavioral detection of malware: from a survey towards an established taxonomy. J. Comput. Virol. 4(3) (2008)
Bradfield, J., Stirling, C.: Handbook of Modal Logic, chapter Modal Mu-Calculi. (2007)
Alberucci, L., Salipante, V.: On modal μ-calculus and non-well-founded set theory. J. Philos. Log. 33(4) (2004)
Bonfante, G., Kaczmarek, M., Marion, J.-Y.: On abstract computer virology from a recursion theoretic perspective. J. Comput. Virol. 1(3–4) (2006)
Fisher, J.A., Henzinger, T.A.: Executable cell biology. Nat. Biotechnol. 25 (2007)
Webster, M., Malcolm, G.: Formal affordance-based models of computer virus reproduction. J. Comput. Virol. 4(4) (2008)
Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In Proceedings of the ACM workshop on Rapid malcode (2003)
Goranko, V., Otto, M.: Handbook of Modal Logic, chapter Model Theory of Modal Logic. (2007)
Dovier, A., Piazza, C., Policriti, A.: An efficient algorithm for computing bisimulation equivalence. Theor. Comput. Sci. 311(1–3) (2004)
Salomon D.: Foundations of Computer Security. Springer, Berlin (2006)
Lawson, G.: On the trail of the Conficker worm. Computer (2009)
Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5) (2003)
Webster, M., Malcolm, G.: Detection of metamorphic and virtualization-based malware using algebraic specification. J. Comput. Virol. 5(3) (2009)
Bonfante, G., Kaczmarek, M., Marion, J.-Y.: Architecture of a morphological malware detector. J. Comput. Virol. 5(3) (2009)
Dalla Preda, M., Christodorescu, M., Jha, S.: A semantics-based approach to malware detection. ACM Transactions on Programming Languages and Systems 30(5) (2008)
Blackburn, P., van Benthem, J., Wolter, F.: (eds.) Handbook of Modal Logic, Volume 3 of Studies in Logic and Practical Reasoning. Elsevier, Amsterdam (2007)
Acknowledgments
The first author thanks Jean-Luc Beuchat, Guillaume Bonfante, Johannes Borgström, Rajeev Goré, George Davida, Olga Grinchtein, Ciro Larrazabal, Mircea Marin, Lawrence S. Moss, Prakash Panangaden, Sylvain Pradalier, Daniel Reynaud-Plantey, Vijay Varadharajan, and Matt Webster for delightful discussions.
Open Access
This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
Author information
Authors and Affiliations
Corresponding author
Additional information
Simon Kramer’s contribution was initiated in the Comète group at Ecole Polytechnique and INRIA (France), and completed under Grant P 08742 from the Japan Society for the Promotion of Science in the Laboratory of Cryptography and Information Security at the University of Tsukuba (Japan). Guillaume Bonfante and Jean-Yves Marion, LORIA, Nancy, France have been invited as guest editors for this paper.
Rights and permissions
Open Access This is an open access article distributed under the terms of the Creative Commons Attribution Noncommercial License (https://creativecommons.org/licenses/by-nc/2.0), which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
About this article
Cite this article
Kramer, S., Bradfield, J.C. A general definition of malware. J Comput Virol 6, 105–114 (2010). https://doi.org/10.1007/s11416-009-0137-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-009-0137-1