Summary
Regarding the current situation that the recognition rate of malware is decreasing, the article points out that the reason for this dilemma is that more and more targeting malware have emerged, which share little or no common feature with traditional malware. The premise of malware recognition judging whether a software is malicious or benign is actually a decision problem. We propose that malware discrimination should resort to the corresponding task or purpose. We first present a formal definition of a task and then provide further classifications of malicious tasks. Based on the decidable theory, we prove that task performed by any software is recursive and determinable. By establishing a mapping from software to task, we prove that software is many‐to‐one reducible to corresponding tasks. Thus, we demonstrate that software, including malware, is also recursive and can be determined by the corresponding tasks. Finally, we present the discrimination process of our method. Nine real malwares are presented, which were firstly discriminated by our method but at that time could not be identified by Kaspersky, McAfee, Symantec Norton, or Kingsoft Antivirus.