A behavior based approach to virus detection
作者: Jose Andre Morales
关键词: False positives and false negatives 、 Replication (computing) 、 Replicate 、 Virus detection 、 Artificial intelligence 、 A priori and a posteriori 、 Machine learning 、 Microsoft Windows 、 Kernel (image processing) 、 Computer science
摘要: Fast spreading unknown viruses have caused major damage on computer systems upon their initial release. Current detection methods lacked capabilities to detect quickly enough avoid mass and damage. This dissertation has presented a behavior based approach detecting known attempt replicate. Replication is the qualifying fundamental characteristic of virus consistently present in all making this applicable belonging many classes executing under several conditions. A form replication called self-reference replication, (SR-replication), been formalized as one main type which specifically replicates by modifying or creating other files system include itself. was used attempting referencing themselves necessary step successfully replicate files. The does not require priori knowledge about viruses. Detection accomplished at runtime monitoring currently processes Two implementation prototypes SRRAT were created tested Microsoft Windows operating focusing tracking user mode Win32 API calls Kernel services. research results showed SR-replication capable distinguishing between file infecting benign with little no false positives negatives.
sci-hub.st 参考文章(36)
Éric Filiol, Computer Viruses: from Theory to Applications Springer. ,(2005)
Greg Hoglund, Jamie Butler, Rootkits: Subverting the Windows Kernel ,(2005)
Leonard M. Adleman, An Abstract Theory of Computer Viruses international cryptology conference. pp. 354- 374 ,(1988) , 10.1007/0-387-34799-2_28
V Skormin, Alexander Volynkin, D Summerville, James Moronski, None, Prevention of information attacks by run-time detection of self-replication in computer codes Journal of Computer Security. ,vol. 15, pp. 273- 302 ,(2007) , 10.3233/JCS-2007-15203
Frederick Cohen, Frederick B. Cohen, A short course on computer viruses ,(1994)
Arthur Walter Burks, Essays on cellular automata ,(1970)
Fred Cohen, Computer viruses Computers & Security. ,vol. 6, pp. 22- 35 ,(1987) , 10.1016/0167-4048(87)90122-2
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
J. Bergeron, M. Debbabi, M.M. Erhioui, B. Ktari, Static analysis of binary code to isolate malicious behaviors workshops on enabling technologies infrastracture for collaborative enterprises. pp. 184- 189 ,(1999) , 10.1109/ENABL.1999.805197
Mihai Christodorescu, Somesh Jha, Testing malware detectors international symposium on software testing and analysis. ,vol. 29, pp. 34- 44 ,(2004) , 10.1145/1007512.1007518