PrEP: A Framework for Malware & Cyber Weapons

The Journal of Information Warfare, Vol.13, No.1, February 2014

20 Pages Posted: 26 Oct 2013 Last revised: 5 Apr 2015

See all articles by Trey Herr

Trey Herr

Hoover Institution at Stanford University

Date Written: December 20, 2013


The contemporary debate over cyber security rests on a set of linguistic artifacts that date from the Cold War. Attempting to glean a starting point for debate over use of terms like “cyber attack” or “cyber war” is difficult, largely because there is little agreement on what constitutes a weapon in cyberspace, be it “weaponized code” or black hats with root access. For information security professionals, this has led to a proliferation of different taxonomies tied to proprietary anti-virus systems. To social science researchers and the policy community, the result has been unclear definitions and vague terminology, which hinder academic progress and the development of effective policy. This paper proposes a new framework to classify malware and cyber weapons based on the different pieces of malicious code that constitute them, then evaluates competing definitions of cyber weapons, and concludes with implications for this approach. As developed in this paper, Cyber Weapons are any combination of three software components: a Propagation Method, one or several Exploits, and a Payload designed to create destructive physical or logical effects. Defining malware requires a difficult balance between technical specificity and conceptual breadth. The PrEP framework attempts to combine these, while building out a set of concepts useful to both research and policy communities.

Keywords: Cyber weapon, intrusion, cyberdefense, exploit, payload, malware

Suggested Citation

Herr, Trey, PrEP: A Framework for Malware & Cyber Weapons (December 20, 2013). The Journal of Information Warfare, Vol.13, No.1, February 2014, Available at SSRN: or

Trey Herr (Contact Author)

Hoover Institution at Stanford University ( email )

Stanford, CA 94305-6010
United States

HOME PAGE: http://

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics