A general definition of malware


We propose a general, formal definition of the concept of malware (malicious software) as a single sentence in the language of a certain modal logic. Our definition is general thanks to its abstract formulation, which, being abstract, is independent of—but nonetheless generally applicable to—the manifold concrete manifestations of malware. From our formulation of malware, we derive equally general and formal definitions of benware (benign software), anti-malware (“antibodies” against malware), and medware (medical software or “medicine” for affected software). We provide theoretical tools and practical techniques for the detection, comparison, and classification of malware and its derivatives. Our general defining principle is causation of (in)correctness.


  1. 1

    Filiol, E., Helenius, M., Zanero, S.: Open problems in virology. J. Comput. Virol. 1(3–4) (2006)

  2. 2

    Kramer, S., Bradfield, J.C.: A general definition of malware. presented at the Workshop on the Theory of Computer Viruses (2008)

  3. 3

    Szor P.: The Art and Craft of Computer Virus Research and Defense. Addison-Wesley, Boston (2005)

    Google Scholar 

  4. 4

    Brunnstein, K.: From antivirus to antimalware software and beyond: another approach to the protection of customers from dysfunctional system behaviour. In: Proceedings of the National Information Systems Security Conference (1999)

  5. 5

    Virus Encyclopedia. http://www.viruslist.com/

  6. 6

    European Expert Group for IT-Security. http://www.eicar.org/

  7. 7

    Information Warfare Monitor. http://www.infowar-monitor.net/

  8. 8

    The Information Warfare Site. http://www.iwar.org.uk/

  9. 9

    Clarke E.M. Jr, Grumberg O., Peled D.A.: Model Checking. MIT Press, Cambridge (1999)

    Google Scholar 

  10. 10

    Bergstra J.A., Ponse A., Smolka S.A.: Handbook of Process Algebra. Elsevier, New York (2001)

    Google Scholar 

  11. 11

    Fitting M.: First-Order Logic and Automated Theorem Proving. Springer, New York (1996)

    Google Scholar 

  12. 12

    Harrison J.: Handbook of Practical Logic and Automated Reasoning. Cambridge University Press, Cambridge (2009)

    Google Scholar 

  13. 13

    Necula, G.: Proof-carrying code. In: Proceedings of the ACM Symposium on Principles of Programming Languages (1997)

  14. 14

    Filiol E.: Les virus informatiques: théorie, pratique et applications, 2nd edn. Springer, France (2009)

    Google Scholar 

  15. 15

    Adleman, L.: An abstract theory of computer viruses. In: Proceedings of CRYPTO, vol. 403 of LNCS (1988)

  16. 16

    Cohen, F.: Computer viruses: Theory and experiments. J. Comput. Secur. 6 (1987)

  17. 17

    Dowling, W.F.: There are no safe virus tests. Am. Math. Mon. 96(9) (1989)

  18. 18

    Jacob, G., Debar, H., Filiol, E.: Behavioral detection of malware: from a survey towards an established taxonomy. J. Comput. Virol. 4(3) (2008)

  19. 19

    Bradfield, J., Stirling, C.: Handbook of Modal Logic, chapter Modal Mu-Calculi. (2007)

  20. 20

    Alberucci, L., Salipante, V.: On modal  μ-calculus and non-well-founded set theory. J. Philos. Log. 33(4) (2004)

  21. 21

    Bonfante, G., Kaczmarek, M., Marion, J.-Y.: On abstract computer virology from a recursion theoretic perspective. J. Comput. Virol. 1(3–4) (2006)

  22. 22

    Fisher, J.A., Henzinger, T.A.: Executable cell biology. Nat. Biotechnol. 25 (2007)

  23. 23

    Webster, M., Malcolm, G.: Formal affordance-based models of computer virus reproduction. J. Comput. Virol. 4(4) (2008)

  24. 24

    Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In Proceedings of the ACM workshop on Rapid malcode (2003)

  25. 25

    Goranko, V., Otto, M.: Handbook of Modal Logic, chapter Model Theory of Modal Logic. (2007)

  26. 26

    Dovier, A., Piazza, C., Policriti, A.: An efficient algorithm for computing bisimulation equivalence. Theor. Comput. Sci. 311(1–3) (2004)

  27. 27

    Salomon D.: Foundations of Computer Security. Springer, Berlin (2006)

    Google Scholar 

  28. 28

    Lawson, G.: On the trail of the Conficker worm. Computer (2009)

  29. 29

    Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5) (2003)

  30. 30

    Webster, M., Malcolm, G.: Detection of metamorphic and virtualization-based malware using algebraic specification. J. Comput. Virol. 5(3) (2009)

  31. 31

    Bonfante, G., Kaczmarek, M., Marion, J.-Y.: Architecture of a morphological malware detector. J. Comput. Virol. 5(3) (2009)

  32. 32

    Dalla Preda, M., Christodorescu, M., Jha, S.: A semantics-based approach to malware detection. ACM Transactions on Programming Languages and Systems 30(5) (2008)

  33. 33

    Blackburn, P., van Benthem, J., Wolter, F.: (eds.) Handbook of Modal Logic, Volume 3 of Studies in Logic and Practical Reasoning. Elsevier, Amsterdam (2007)

Download references


The first author thanks Jean-Luc Beuchat, Guillaume Bonfante, Johannes Borgström, Rajeev Goré, George Davida, Olga Grinchtein, Ciro Larrazabal, Mircea Marin, Lawrence S. Moss, Prakash Panangaden, Sylvain Pradalier, Daniel Reynaud-Plantey, Vijay Varadharajan, and Matt Webster for delightful discussions.

Open Access

This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.

Author information



Corresponding author

Correspondence to Simon Kramer.

Additional information

Simon Kramer’s contribution was initiated in the Comète group at Ecole Polytechnique and INRIA (France), and completed under Grant P 08742 from the Japan Society for the Promotion of Science in the Laboratory of Cryptography and Information Security at the University of Tsukuba (Japan). Guillaume Bonfante and Jean-Yves Marion, LORIA, Nancy, France have been invited as guest editors for this paper.

Rights and permissions

Open Access This is an open access article distributed under the terms of the Creative Commons Attribution Noncommercial License (https://creativecommons.org/licenses/by-nc/2.0), which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.

Reprints and Permissions

About this article

Cite this article

Kramer, S., Bradfield, J.C. A general definition of malware. J Comput Virol 6, 105–114 (2010). https://doi.org/10.1007/s11416-009-0137-1

Download citation


  • Modal Logic
  • Atomic Proposition
  • Computer Virus
  • Check Compliance
  • Information Warfare