If we pretend we're not discussing how to create a virus using genetic algorithms...
First off, let's define our new population as the Cartesian product of two sets, x and y, where x,y are both half of a member of the previous population.
So for population member 2: "ABCDEF", x2 = "ABC" and y2 = "DEF". Set x is the set of elements x
i which are first halves of the previous population strings, and set y is the set of elements y
j which are the second halves of the previous population strings.
Set z, the new population, is the Cartesian product of x*y = {(x1, y1), (x1, y2), ... , (x2, y1), (x2, y2), ... , (x
i, y
j)}.
Oh how I am wishing for a LaTeX BBCode right now.
---
Regarding the time frame, I suppose the limiting factor is the time taken by the big security companies to develop a fix for the virus or work out how to identify it. If we take that out of the equation for now, I'd say a good time frame would be ~ a week. Let's suppose that a secure user has a number of different virus- and malware scanners, some of which run in the background all the time, and some of which are scheduled to run at least once during a week. If we have 1,000 of these users, then we can safely assume that, despite overlaps, our malicious little creation will be in the radar of a whole variety of scanners. Some will be pick up the virus, and others won't. At the end of the week, we hopefully have a number left, which we then have contact the mothership (to avoid detection by the firewall, we'd need to piggy back on some already allowed process). The mothership evolves the population, updates all the viruses out there and sends out more to the uninfected machines.
So, with the worst case scenario of a well-protected user, we're laughing. But what about an unprotected user? Seeing as the virus will avoid detection completely, and have an enjoyable week hanging around with it's new group of undetected buddies on the same machine, we could end up diluting the population with genes that haven't been tested.
We could send out multiple copies of each population element, and evolve only the members of the population that return more than 95% of their messages. But even then, we may have the bad luck that all of one population element infect unprotected machines.
Alternatively, the message to the mothership could also contain a list of anti-virus and anti-malware programs installed on the machine, and only those that survived a certain number of scans gets evolved.
We could even put the two together - the mothership evolves the population members with the highest percentage of copies that survived more than
n scanners.
---
If two entities meet and create a new population between them and upload to the mothership, how would you determine the fitness of the parents, and subsequently the child?
So, say the mothership looks at the this new child and evaluates the parents. If the same parameters as above were used (both parents must have survived to create a child) then we'd get the same results by a different method.
If the parameters are relaxed, and a child is fit if at least one parent is fit, we may dilute the population.
---
As with all heuristic algorithms, so much depends on the fitness function - a bad fitness function could leave you with a less than optimal population even after a million iterations, but a very strict fitness function might leave you with nothing after only a few hundred iterations.
---
When we're doing genetic algorithms for something like TSP, there's no such time frame, obviously. As soon as a new population is formed, it's put through the fitness function and the most fit are saved for mutation.
