A preliminary investigation into automatically evolving computer viruses using evolutionary algorithms

Abstract

This paper attempts to employ Evolutionary Algorithm(EA) techniques to evolve variants of a computer virus(Timid) that successfully evades popular antivirus scanners. Generating authentic variants of a specific malware results in a valid database of malware variants, which is sought by anti-malwar e scanners, so as to identify the variants before they are released by malware developers. This preliminary investigation applies EAs to mutate the Timid virus with a simple code evasion strategy, i.e., insertion and deletion(if available) of a specific assembly code instruction directly into the virus source code. Starting with a database of over 60 popular antivirus scanners, this EA based approach for malware variant generation successfully evolves Timid variants that evade more than 97% of the antivirus scanners. The results from these preliminary investigations demonstrate the potential for EA based malware generation and also opens up avenues for further analysis.