In Fred Cohen's paper "Computer Viruses - Theory and Experiments", he proves that for the general case, classifying malware is an undecidable problem. I was wondering whether there might be a similarly well-known proof that an undetectable malware can or cannot be written.
Asked
Active
Viewed 55 times
1 Answers
2
For every malware, there exists some detector that will detect it. (For instance, given a specific malware $M$, consider the detector that just checks whether its input is $M$ or not, and if it is, outputs "malicious".)
Conversely, Cohen's result shows that for every detector that classifies all benign samples correctly, there exists some malware that it won't detect.
So, there is an unavoidable arms race, if you want to try to detect malware statically.
D.W.
- 159,275
- 20
- 227
- 470
-
You wrote "if you want to try to detect malware statically" and I noticed that Cohen wrote something along those lines too. Does that mean that a general malware detector that uses dynamic detection has not been ruled out? – kansas_bulldog382 Nov 30 '19 at 20:03
-
@kansas_bulldog382, yes, that is what I mean. (At least, not by this result.) – D.W. Nov 30 '19 at 21:36