Increasing chances of survival for malware using theory of natural selection and the selfish gene

Abstract

Zararli yazilim terimi genel olarak bilgisayar virusleri , truva atlari, kurtcuklar ve digerzarar verici program veya kodu belirtmek icin kullanilir. Zararli yazilimi kodlayan kisilerantiviruslerin bulamamasi icin kodlarini gizlemeye calisirlar. Antivirusler sifreleme ve gizlemeyontemlerini bulabilmek icin degisik teknikler kullanmaktadirlar. Zararli yaziliminbaska bilgisayarlara bulasabilmesi, bulastigi makinanin kaynaklarini kullanmasi ve kendikopyasini cikarabilmesi icin hayatta kalmasi saldirganin baslica ilgilendigi konudur.Darwin'in dogal secilim teorisi ve Richard Dawkins'in bencil gen konseptinden yolacikarak zararli yazilimin hayatta kalma sansini arttiracak yeni yontemler anlatilmistir.Bencillik, fedak?ar davranis, taklitcilik, grup secilimi ve benzer davranis modelleri denekzararli yazilimimiza eklenmistir ve onerilen teknikler mevcut c ozumlere karsi test edilmistir.Bu tezde gosterilen ozellikler ile zararli yazilimi gelistirmek icin yardimci bir arac yazilmistir.Onerilen tekniklerin etkisi gosterilmistir ve 300.000 u¨zerinde zararli yazilim orneg?i iledeney gerceklestirilmistir. Grup davranis modelleri tanitilmistir ve botnetleri gelistiripdaha saglam hale getirmek icin yontemler onerilmistir.

Malware, short for malicious software, is used as a general term for computer viruses,Trojan horses, worms, and other harmful software or code. Malware authors try to obfuscatetheir code in order to evade antiviral programs. Different analysis techniques areused by antiviral programs in order to detect different encryption and obfuscation methods.Survivability of malware becomes the main concern for an attacker since the malwareshould usually be able to spread to other computers; use resources of victim?s computer;and create new copies of itself.In this thesis, inspired by Darwin?s theory of natural selection and the selfish gene conceptexplained by Richard Dawkins, we propose novel methods which increase the chanceof survivability for malware. We implement selfishness, altruistic behavior, mimicry,group selection, and similar behavior models into our experimental malware and we alsotest our techniques against existing solutions. We develop tools in order to enhance existingmalware with features presented in this thesis. Effectiveness of proposed techniquesare presented and an experimental test is carried out with a dataset containing more than300.000 malware samples. Group behavior models are also introduced and methods proposedfor enhancing botnets to have better stability (Evolutionarily stable botnet).