Friday, September 08, 2006

Benchmarking and Optimising Malware

With the growth and diversity of today's malware, performance criteria for a malicious code is reasonably neglected as a topic of interest, but that shouldn't be the case, as "the enemy you know is better than the enemy you don't know". As information warfare and malware often intersect for the purpose of balancing asymmetric forces, or conducting espionage, there're already research initiatives for multi-platform, multi-communication-environment code.
José M. Fernandez and Pierre-Marc Bureau constructively build awareness on how "the best is yet to come" in their research on Optimising Malware :

"In this paper, we address and defend the commonly shared point of view that the worst is very much yet to come. We introduce an aim-oriented performance theory for malware and malware attacks, within which we identify some of the performance criteria for measuring their “goodness” with respect to some of the typical objectives for which they are currently used. We also use the OODA-loop model, a well known paradigm of command and control borrowed from military doctrine, as a tool for organising (and reasoning about) the behavioural characteristics of malware and orchestrated attacks using it. We then identify and discuss particular areas of malware design and deployment strategy in which very little development has been seen in the past, and that are likely sources of increased future malware threats. Finally, we discuss how standard optimisation techniques could be applied to malware design, in order to allow even moderately equipped malicious actors to quickly converge towards optimal malware attack strategies and tools fine-tuned for the current Internet."

They've successfully distinguished the following generic and specific aim-oriented performance criteria :

Generic
- Number of hosts
- Persistence
- Anonymity

Fraud
- Money
- Credibility

Information theft
- Penetration
- Stealth
- Amount of information
- Host location

Access sale
- Upstream bandwidth
- Security

Destruction
- Propagation
- Upstream bandwidth
- Host location
- Damage

Information Warfare
- Speed
- Host Location
- Damage
- Exposure

Taking into consideration the OODA loop concept -- Observation, Orientation, Decision, Action -- the characteristics would get definitely improved with the time.

Related resources and recent posts:
Malware
Virus Outbreak Response Time
Malware Bot Families - Technology and Trends
Malware Statistics on Social Networking Sites

No comments:

Post a Comment