Behavioral Malware Detection Expert System – Tarantula
作者: Sandeep Romana , Swapnil Phadnis , Himanshu Pareek , P. R. L. Eswari
DOI: 10.1007/978-3-642-22540-6_7
关键词: Expert system 、 Suspicious behaviour 、 Engineering 、 Overhead (computing) 、 False positive paradox 、 Malware 、 Computer security 、 Layer (object-oriented design) 、 Task (computing) 、 Microsoft Windows
摘要: The number of new malware samples and their complexity is increasing rapidly because which protecting the system with signature based detection has become increasingly challenging task. In this work we present a novel behaviour-based expert named tarantula makes use suspicious behaviour rules to detect malicious activity on system. our research, observed that targets critical resources such as files registry operating in order execute; shield itself propagate other hosts. We identified Microsoft Windows evolved at granular level. These behavioural are enforced using monitoring enforcement layer. Through extensive experimentation testing, conclude tool high rate very less overhead false positives. implementation details prototype (Tarantula) developed for XP Vista systems also provided.
springer.com
sci-hub.se 参考文章(9)
Rajeev Nagar, Windows NT file system internals ,(1997)
Aditya P. Mathur, Nwokedi Idika, A Survey of Malware Detection Techniques ,(2007)
Ed Skoudis, Lenny Zeltser, Malware: Fighting Malicious Code ,(2003)
Jerry Honeycutt, Microsoft Windows XP Registry Guide ,(2002)
Christian Seifert, Ramon Steenson, Ian Welch, Peter Komisarczuk, Barbara Endicott-Popovsky, Capture - A behavioral analysis tool for applications and documents digital forensic research workshop. ,vol. 4, pp. 23- 30 ,(2007) , 10.1016/J.DIIN.2007.06.003
Engin Kirda, Davide Balzarotti, Ulrich Bayer, Imam Habibi, Christopher Kruegel, A view on current malware behaviors usenix conference on large scale exploits and emergent threats. pp. 8- 8 ,(2009)
Yongtao Hu, Liang Chen, Ming Xu, Ning Zheng, Yanhua Guo, Unknown Malicious Executables Detection Based on Run-Time Behavior fuzzy systems and knowledge discovery. ,vol. 4, pp. 391- 395 ,(2008) , 10.1109/FSKD.2008.185
Chiu-Wen Chen, Kuo-Feng Ssu, Hewijin Christine Jiau, MAPMon: A Host-Based Malware Detection Tool pacific rim international symposium on dependable computing. pp. 349- 356 ,(2007) , 10.1109/PRDC.2007.47
Shih-Yao Dai, Sy-Yen Kuo, MAPMon: A Host-Based Malware Detection Tool 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007). ,(2007) , 10.1109/PRDC.2007.23