TY - GEN
T1 - The ecology of malware
AU - Crandall, Jedidiah R.
AU - Ensafi, Roya
AU - Forrest, Stephanie
AU - Ladau, Joshua
AU - Shebaro, Bilal
PY - 2009
Y1 - 2009
N2 - The fight against malicious software (or malware, which includes everything from worms to viruses to botnets) is often viewed as an "arms race." Conventional wisdom is that we must continually "raise the bar" for the malware creators. However, the multitude of malware has itself evolved into a complex environment, and properties not unlike those of ecological systems have begun to emerge. This may include competition between malware, facilitation, parasitism, predation, and density-dependent population regulation. Ecological principles will likely be useful for understanding the effects of these ecological interactions, for example, carrying capacity, species-time and species-area relationships, the unified neutral theory of biodiversity, and the theory of island bio-geography. The emerging malware ecology can be viewed as a critical challenge to all aspects of malware defense, including collection, triage, analysis, intelligence estimates, detection, mitigation, and forensics. It can also be viewed as an opportunity. In this position paper, we argue that taking an ecological approach to malware defense will suggest new defenses. In particular, we can exploit the fact that interactions of malware with its environment, and with other malware, are neither fully predictable nor fully controllable by the malware author - yet the emergent behavior will follow general ecological principles that can be exploited for malware defense.
AB - The fight against malicious software (or malware, which includes everything from worms to viruses to botnets) is often viewed as an "arms race." Conventional wisdom is that we must continually "raise the bar" for the malware creators. However, the multitude of malware has itself evolved into a complex environment, and properties not unlike those of ecological systems have begun to emerge. This may include competition between malware, facilitation, parasitism, predation, and density-dependent population regulation. Ecological principles will likely be useful for understanding the effects of these ecological interactions, for example, carrying capacity, species-time and species-area relationships, the unified neutral theory of biodiversity, and the theory of island bio-geography. The emerging malware ecology can be viewed as a critical challenge to all aspects of malware defense, including collection, triage, analysis, intelligence estimates, detection, mitigation, and forensics. It can also be viewed as an opportunity. In this position paper, we argue that taking an ecological approach to malware defense will suggest new defenses. In particular, we can exploit the fact that interactions of malware with its environment, and with other malware, are neither fully predictable nor fully controllable by the malware author - yet the emergent behavior will follow general ecological principles that can be exploited for malware defense.
KW - Botnets
KW - Malware analysis
KW - Malware ecology
KW - Viruses
KW - Worms
UR - http://www.scopus.com/inward/record.url?scp=77950564204&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77950564204&partnerID=8YFLogxK
U2 - 10.1145/1595676.1595692
DO - 10.1145/1595676.1595692
M3 - Conference contribution
AN - SCOPUS:77950564204
SN - 9781605583419
T3 - Proceedings New Security Paradigms Workshop
SP - 99
EP - 106
BT - Proceedings - New Security Paradigms Workshop 2008, NSPW '08
T2 - New Security Paradigms Workshop 2008, NSPW '08
Y2 - 22 September 2008 through 25 September 2008
ER -