|
* Enable human users to understand, appropriately trust, and effectively manage the emerging generation of artificially intelligent partners.<ref>{{cite web|title=Explainable Artificial Intelligence (XAI)|url=https://www.darpa.mil/program/explainable-artificial-intelligence|website=DARPA|publisher=DARPA|accessdate=17 July 2017}}</ref>
Fileless malware is sometimes considered synonymous with ''in-memory'' malware as both perform their core functionalities without writing data to disk during the lifetime of their operation. This has led some commentators to claim that this variant strain is nothing new and simply a “redefinition of the well-known term, memory resident virus”,<ref>{{cite web|title=Advanced volatile threat: New name for old malware technique?|url=http://www.csoonline.com/article/2132995/malware-cybercrime/advanced-volatile-threat--new-name-for-old-malware-technique-.html|website=CSO|publisher=CSO|accessdate=20 February 2017}}</ref> whose pedigree can be traced back to the 1980’s with the birth of the [[Timeline of computer viruses and worms|Lehigh Virus]] that was developed by the terms founder [[Fred Cohen]] and became influential with his paper on the topic.<ref>{{cite web|title=Computer Viruses - Theory and Experiments|url=http://web.eecs.umich.edu/~aprakash/eecs588/handouts/cohen-viruses.html|website=University of Michigan|accessdate=20 February 2017}}</ref>
Since DARPA's introduction of it's program in 2016 a number of initiatives are purportedly beginning to address the issue of algorithmic accountability and provide transparency conerning how technolgies within this ___domain function.
* 25.04.2017: Nvidia publishes it's paper on: "Explaining How a Deep Neural Network Trained with End-to-End Learning Steers a Car" <ref>{{cite web|title=Explaining How a Deep Neural Network Trained with End-to-End Learning Steers a Car|url=https://arxiv.org/pdf/1704.07911.pdf|website=Arxiv|publisher=Arxiv|accessdate=17 July 2017}}</ref>
This synonymy is however incorrect. Although the aforementioned behavioral execution environment is the same, in both cases i.e. both malware variants are executed in system memory, the crucial differentiation is the method of inception and prolongation. Most malware’s infection vector involves some writing to the hard disk,<ref>{{cite journal|last1=Sharma|first1=S|title=Terminate and Stay Resident Viruses|journal=International Journal of Research in Information Technology|date=2013|volume= 1|issue=11|pages=201–210|url=https://708e8bd3-a-bb6ad6f3-s-sites.googlegroups.com/a/ijrit.com/papers/home/V1I1128.pdf?attachauth=ANoY7crKroKmPhihj-0sa91h8An6QPC5Ju91yjHF9wQ9LWacnf5NnhhBA5vuAXpYCyJTekOO-EQXnjBw2BrQCehnMxYKPy92KXncLGcdNPtR5Lvu-S7UMyjtginkCI_qHEq4I1dYSIlpqW2ywa6Ls0MH6MC6TZ3OpNAoIkZT7a5mw4iviPDM5i3DIcPIAm9Egw0Q3qhJQAE4RbAakA5FekpmrezEk43nPQ%3D%3D&attredirects=0}}</ref> in order for it to be executed, whose origin could take the form of an infected file attachment, external media device e.g. USB, peripheral, mobile phone etc., browser drive-by, [[Side-channel attack|side-channel]] etc.
Each of the aforementioned methods has to have contact with the host system’s hard drive, in some form or another, meaning that even when employing the stealthiest anti-forensic methods, some form of the infected residue will be left on the host media.
Fileless malware on the other hand, from the point of inception until process termination (usually by way of a system reboot), aims never to have its contents written to disk. Its purpose is to reside in volatile system areas such as the [[Windows Registry|system registry]], [[In-memory processing|in-memory processes]] and [[List of Microsoft Windows components#Services|service areas]].<ref>{{cite web|title=A Disembodied Threat|url=https://business.kaspersky.com/bodiless-threat/6128/|website=Kaspersky Lab Business|publisher=Kaspersky Lab|accessdate=20 February 2017}}</ref>
Fileless malware is an evolutionary strain of malicious software that has taken on a steady model of self-improvement/enhancement with a drive towards clearly defined focused attack scenarios, whose roots can be traced back to the [[Terminate and stay resident program|Terminate Stay Resident]]/Memory resident viral programs,<ref>{{cite web|title=The Art of Computer Virus Research and Defense: Memory-Resident Viruses|url=http://computervirus.uw.hu/ch05lev1sec2.html|accessdate=20 February 2017}}</ref> how, once they were launched, would reside in memory awaiting a system interrupt before gaining access to their control flow; examples of which were seen in viruses such as [http://virus.wikia.com/wiki/Frodo Frodo], [[Dark Avenger|The Dark Avenger]], [https://www.fireeye.com/blog/threat-research/2013/02/the-number-of-the-beast.html Number of the Beast].
| 