Abstract: Nowadays viruses use polymorphic techniques to mutate their code on each replication, thus evading detection by antiviruses. However detection by emulation can defeat simple polymorphism: thus metamorphic techniques are used which thoroughly change the viral code, even after decryption. We briefly detail this evolution of virus protection techniques against detection and then study the METAPHOR virus, today's most advanced metamorphic virus.
Abstract: This study focuses on examining why the range of
experience with respect to HIV infection is so diverse, especially in
regard to the latency period. An agent-based approach in modelling
the infection is used to extract high-level behaviour which cannot be
obtained analytically from the set of interaction rules at the cellular
level. A prototype model encompasses local variation in baseline
properties, contributing to the individual disease experience, and is
included in a network which mimics the chain of lymph nodes. The
model also accounts for stochastic events such as viral mutations.
The size and complexity of the model require major computational
effort and parallelisation methods are used.
Abstract: This paper presents a formalisation of the different existing code mutation techniques (polymorphism and metamorphism) by means of formal grammars. While very few theoretical results are known about the detection complexity of viral mutation techniques, we exhaustively address this critical issue by considering the Chomsky classification of formal grammars. This enables us to determine which family of code mutation techniques are likely to be detected or on the contrary are bound to remain undetected. As an illustration we then present, on a formal basis, a proof-of-concept metamorphic mutation engine denoted PB MOT, whose detection has been proven to be undecidable.