Viruses propagate easily with economic consequences that are difficult to estimate. Appropriate means of prevention, detection and protection are needed to preserve integrity and availability of computer systems. Prophylaxis effects first have to be reasearched to provide data for choice of appropriate measures according to the general security policy. Several models for virus propagations borrowed from biology have been developed in the continuous case to indicate that segregation controls imposed by file value increase the population density of virus. This confirm previous experimental results obtained by F. Cohen on personal computers and mainframes. Uniform virus prevention is highly recommended rather than segregation by file value which is basically the principle of most of centralized packages. Also, security measures offered by most of the resource access security systems are not effective for virus infections which can pass high security levels when they are introduced by trusted users. It is suggested to apply a flexible management prevention program adapted to environment, men and virus changes in relation with a normal use of information systems which have to play their economic and strategic roles without losses.Two perspectives are suggested. The first makes reference to the SRI's real-time Inrusion-Detection Expert System ( IDES ) based on statistical tests for abnormality, considering deviations from an expected behavior. It works for individual as well as group users or remote hosts. The second proposes the use of neural networks as another technical solution actually available. It should work for such an anomaly detection based on behavior segregation rather than value.
ACM SIGSAC Review – Association for Computing Machinery
Published: Jun 1, 1991