The ecology of malware

Jedidiah R. Crandall, Roya Ensafi, Stephanie Forrest, Joshua Ladau, Bilal Shebaro

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

The fight against malicious software (or malware, which includes everything from worms to viruses to botnets) is often viewed as an "arms race." Conventional wisdom is that we must continually "raise the bar" for the malware creators. However, the multitude of malware has itself evolved into a complex environment, and properties not unlike those of ecological systems have begun to emerge. This may include competition between malware, facilitation, parasitism, predation, and density-dependent population regulation. Ecological principles will likely be useful for understanding the effects of these ecological interactions, for example, carrying capacity, species-time and species-area relationships, the unified neutral theory of biodiversity, and the theory of island bio-geography. The emerging malware ecology can be viewed as a critical challenge to all aspects of malware defense, including collection, triage, analysis, intelligence estimates, detection, mitigation, and forensics. It can also be viewed as an opportunity. In this position paper, we argue that taking an ecological approach to malware defense will suggest new defenses. In particular, we can exploit the fact that interactions of malware with its environment, and with other malware, are neither fully predictable nor fully controllable by the malware author - yet the emergent behavior will follow general ecological principles that can be exploited for malware defense.

Original languageEnglish (US)
Title of host publicationProceedings - New Security Paradigms Workshop 2008, NSPW '08
Pages99-106
Number of pages8
DOIs
StatePublished - Dec 1 2009
Externally publishedYes
EventNew Security Paradigms Workshop 2008, NSPW '08 - Lake Tahoe, CA, United States
Duration: Sep 22 2008Sep 25 2008

Other

OtherNew Security Paradigms Workshop 2008, NSPW '08
CountryUnited States
CityLake Tahoe, CA
Period9/22/089/25/08

Fingerprint

Ecology
Malware
Computer worms
Computer viruses
Biodiversity

Keywords

  • Botnets
  • Malware analysis
  • Malware ecology
  • Viruses
  • Worms

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture
  • Software
  • Information Systems

Cite this

Crandall, J. R., Ensafi, R., Forrest, S., Ladau, J., & Shebaro, B. (2009). The ecology of malware. In Proceedings - New Security Paradigms Workshop 2008, NSPW '08 (pp. 99-106) https://doi.org/10.1145/1595676.1595692

The ecology of malware. / Crandall, Jedidiah R.; Ensafi, Roya; Forrest, Stephanie; Ladau, Joshua; Shebaro, Bilal.

Proceedings - New Security Paradigms Workshop 2008, NSPW '08. 2009. p. 99-106.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Crandall, JR, Ensafi, R, Forrest, S, Ladau, J & Shebaro, B 2009, The ecology of malware. in Proceedings - New Security Paradigms Workshop 2008, NSPW '08. pp. 99-106, New Security Paradigms Workshop 2008, NSPW '08, Lake Tahoe, CA, United States, 9/22/08. https://doi.org/10.1145/1595676.1595692
Crandall JR, Ensafi R, Forrest S, Ladau J, Shebaro B. The ecology of malware. In Proceedings - New Security Paradigms Workshop 2008, NSPW '08. 2009. p. 99-106 https://doi.org/10.1145/1595676.1595692
Crandall, Jedidiah R. ; Ensafi, Roya ; Forrest, Stephanie ; Ladau, Joshua ; Shebaro, Bilal. / The ecology of malware. Proceedings - New Security Paradigms Workshop 2008, NSPW '08. 2009. pp. 99-106
@inproceedings{9c2dabc22b884055a5cc86f5b039f0ac,
title = "The ecology of malware",
abstract = "The fight against malicious software (or malware, which includes everything from worms to viruses to botnets) is often viewed as an {"}arms race.{"} Conventional wisdom is that we must continually {"}raise the bar{"} for the malware creators. However, the multitude of malware has itself evolved into a complex environment, and properties not unlike those of ecological systems have begun to emerge. This may include competition between malware, facilitation, parasitism, predation, and density-dependent population regulation. Ecological principles will likely be useful for understanding the effects of these ecological interactions, for example, carrying capacity, species-time and species-area relationships, the unified neutral theory of biodiversity, and the theory of island bio-geography. The emerging malware ecology can be viewed as a critical challenge to all aspects of malware defense, including collection, triage, analysis, intelligence estimates, detection, mitigation, and forensics. It can also be viewed as an opportunity. In this position paper, we argue that taking an ecological approach to malware defense will suggest new defenses. In particular, we can exploit the fact that interactions of malware with its environment, and with other malware, are neither fully predictable nor fully controllable by the malware author - yet the emergent behavior will follow general ecological principles that can be exploited for malware defense.",
keywords = "Botnets, Malware analysis, Malware ecology, Viruses, Worms",
author = "Crandall, {Jedidiah R.} and Roya Ensafi and Stephanie Forrest and Joshua Ladau and Bilal Shebaro",
year = "2009",
month = "12",
day = "1",
doi = "10.1145/1595676.1595692",
language = "English (US)",
isbn = "9781605583419",
pages = "99--106",
booktitle = "Proceedings - New Security Paradigms Workshop 2008, NSPW '08",

}

TY - GEN

T1 - The ecology of malware

AU - Crandall, Jedidiah R.

AU - Ensafi, Roya

AU - Forrest, Stephanie

AU - Ladau, Joshua

AU - Shebaro, Bilal

PY - 2009/12/1

Y1 - 2009/12/1

N2 - The fight against malicious software (or malware, which includes everything from worms to viruses to botnets) is often viewed as an "arms race." Conventional wisdom is that we must continually "raise the bar" for the malware creators. However, the multitude of malware has itself evolved into a complex environment, and properties not unlike those of ecological systems have begun to emerge. This may include competition between malware, facilitation, parasitism, predation, and density-dependent population regulation. Ecological principles will likely be useful for understanding the effects of these ecological interactions, for example, carrying capacity, species-time and species-area relationships, the unified neutral theory of biodiversity, and the theory of island bio-geography. The emerging malware ecology can be viewed as a critical challenge to all aspects of malware defense, including collection, triage, analysis, intelligence estimates, detection, mitigation, and forensics. It can also be viewed as an opportunity. In this position paper, we argue that taking an ecological approach to malware defense will suggest new defenses. In particular, we can exploit the fact that interactions of malware with its environment, and with other malware, are neither fully predictable nor fully controllable by the malware author - yet the emergent behavior will follow general ecological principles that can be exploited for malware defense.

AB - The fight against malicious software (or malware, which includes everything from worms to viruses to botnets) is often viewed as an "arms race." Conventional wisdom is that we must continually "raise the bar" for the malware creators. However, the multitude of malware has itself evolved into a complex environment, and properties not unlike those of ecological systems have begun to emerge. This may include competition between malware, facilitation, parasitism, predation, and density-dependent population regulation. Ecological principles will likely be useful for understanding the effects of these ecological interactions, for example, carrying capacity, species-time and species-area relationships, the unified neutral theory of biodiversity, and the theory of island bio-geography. The emerging malware ecology can be viewed as a critical challenge to all aspects of malware defense, including collection, triage, analysis, intelligence estimates, detection, mitigation, and forensics. It can also be viewed as an opportunity. In this position paper, we argue that taking an ecological approach to malware defense will suggest new defenses. In particular, we can exploit the fact that interactions of malware with its environment, and with other malware, are neither fully predictable nor fully controllable by the malware author - yet the emergent behavior will follow general ecological principles that can be exploited for malware defense.

KW - Botnets

KW - Malware analysis

KW - Malware ecology

KW - Viruses

KW - Worms

UR - http://www.scopus.com/inward/record.url?scp=77950564204&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77950564204&partnerID=8YFLogxK

U2 - 10.1145/1595676.1595692

DO - 10.1145/1595676.1595692

M3 - Conference contribution

AN - SCOPUS:77950564204

SN - 9781605583419

SP - 99

EP - 106

BT - Proceedings - New Security Paradigms Workshop 2008, NSPW '08

ER -