viruses.- This figure is based on the number
of distinct new viruses that have been received by us during
the last year.
(memory- The Jerusalem
virus increases the size of an executable by 1813 bytes each
time it infects it, eventually causing it to be too large
to be loaded into memory [Highland1990].
(CPU- The Internet worm caused
the loads on some Unix machines to increase by two orders
of magnitude [Eichin1989, Spafford1989].
own.- At the very least, anti-virus software must
handle a majority of viruses well enough to prevent
them from spreading. For the foreseeable future, it will continue
to be important for human virus experts to analyze carefully any viruses
that appear in the wild to corroborate the results of the automated
analysis and to determine any side effects that the virus
may cause in infected systems.
sectors.- Comparison of this classifier's 85% detection rate
on test data
with the 82% rate of the hand-crafted one is more favorable than
the numbers suggest.
The rate for the neural net was measured over an independent test set,
where for the hand-crafted detector there was no training-testing division.
Measured over all examples (and especially if trained over all examples),
the network's detection rate exceeds 90%.
cells,- These proteins inactivate complement, a
class of proteins that
bind to cells, and attract
the attention of other components of the immune system, which kill
the cell [Janeway1993].
pathogens.- This extra sophistication pits the quick
adaptability of the immune system, which occurs
within a single individual over the course of a few days,
against the similarly quick evolutionary adaptability of pathogens
(due to their short life-cycles). Due to their much slower life-cycles,
it is doubtful that vertebrates could hold their own if their
immune systems had to rely on evolution alone.
consequence.- Another important class of false
positives are auto-immune reactions, which are sometimes
induced by biochemical changes that occur at puberty (thus changing
the nature of ``self'').
methods- A novel
method for integrity monitoring that
is based on a close analogy to T cells is described
in [Forrest et al.
1994].
resource.- Neurons are a notable exception, but
they are protected from most infections by the blood-brain
barrier [Seiden1995].
analyzed- Generic disinfection methods can
store a small amount of information about an
uninfected program, and use this information
to help reconstruct it if it subsequently becomes infected.
Back To Index