Owner based malware discrimination

A piece of malware code can be harmful in one's system but totally harmless in another's. In this paper, we point out that the detection of malicious code or software is actually a matter of discrimination which depends on the owners of the computer systems. We propose an owner based malicious software discrimination model, named as Unlimited Register Machine of Owners (URMO). First, we characterize and analyze the limitations of existing discrimination techniques in theory by using the discrimination model of Unlimited Register Machine (URM) and then move on to construct the URMO discrimination model by giving the two important elements of malicious behavior: an operation and the object of the operation. The relationship between an operation and the object of the operation is fundamental to solving the relativity of the discrimination problem about malice, which is also the advantage of the URMO model. Finally, by applying the model to discriminate real-world malware and comparing it with existing popular antivirus software, we demonstrate the effectiveness and superior performance of the URMO model.