tags:

views:

57

answers:

2
+1  Q: 

Virus Signatures and Genetic Algorithms

I would like to know how one achieves the following signature. I have read online that (al least in the past) researchers will take the "suspected" file the binary code, convert it to assembly, examine it, pick sections of code that appear to be unusual, and identifying the corresponding bytes in the machine code.

But then how is the bellow virus string signature achieved?

MIRC.Julie=6463632073656e6420246e69636b20433a5c57696e646f77735c4a756c696531362c4a50472e636f6d0a0d6e31333d207d0a0d6e31343d200a0d6e31353d206374637020313a70696e673a2f6463632073656e6420246e69636b20433a5c57696e646f77735c4a756c696531362c4a50

Also, (although this might sound completely crazy) that string above must mean something, i can only guess a sequence of actions, actual code, etc. So if it was once "translated" in this form (virus signature) from assembly, is it possible to convert it back?

Just in case you might wonder why am asking what even I think is a weird question. This is why... I am preparing my BSc final year computer science project, and at this point I am wondering whether it would be possible to maybe generate/estimate/evaluate/predict virus signatures by using GA's (Genetic Algorithms). Maybe that will help make my question a bit easier to understand, I hope.

Thanks!

+1  A: 

The virus signature shown is probably dependent on the scanner that generated it. I find it extremely easy to believe that all virus scanners create their signatures in different ways. Without a source, there's no way to explain how it was developed, and even with a source I doubt this is something that AV companies will reveal, since it allows virus developers the opportunity to avoid detection.

"Generate/estimate/evaluate/predict" are four different problems and not all of them are best done with a GA. You need to select your problem before selecting an algorithm.

Zooba  2010-10-10 22:32:51
Thanks buddy. About "Generate/estimate/evaluate/predict" is just I havent decided which thats why I putted a forward slashes, meaning "or", but still fair comment.
Carlucho  2010-10-10 22:36:43
I point it out because people pushing their algorithms often claim that they are suitable for any problem (or a broad range of problem), which may be true, but for best performance you really do need to select (and tune) the algorithm based on your specific problem.
Zooba  2010-10-10 22:44:00

related questions

How should I Test a Genetic Algorithm
"Undefined symbols" linker error with simple template class
Using Traveling Salesman Solver to Decide Hamiltonian Path
Sparse parameter selection using Genetic Algorithm
Neural Net Optimize w/ Genetic Algorithm
Novel fitness measure for evolutionary image matching simulation
method for specialized pathfinding?
MVC for desktop app with no data layer.
Coefficient of inbreeding / wrights algorithm / genetics
Genetic algorithms in C#?
How to represent a path for a genetic algorithm?
Roulette-wheel selection in Genetic algorithm. Population needs to be sorted first?
How many units should there be in each generation of a genetic algorithm?
Intelligent code-completion? Is there AI to write code by learning?
What's the "Hello World!" of genetic algorithms good for?
What Genetic Algorithm/Programming library do you use?
Genetic algorithm resource
cool project to use a genetic algorithm for?
Traveling Salesman - Nearest Neighbor vs Genetic DEATHMATCH
Have you ever used a genetic algorithm in real-world applications?
Roulette wheel selection algorithm
Looking for evolutionary music example code
Roulette Selection in Genetic Algorithms
Evolutionary Algorithms: Optimal Repopulation Breakdowns
Genetic Programming in C#