Detecting method and architecture thereof for malicious codes
作者: Ying-Yuan Huang , Chen-Hwa Song
DOI:
关键词:
摘要: A detecting method and architecture thereof for malicious codes is provided, which applicable to a computer system having at least host. Each host executes process. The implemented with call interposition module an analysis codes. intercepts all calls of process related arguments the calls. analyzes input data pre-determined calls, suspicious Once same behaviors between are found, system-intrusion warning immediately triggered. not required maintain huge signature databases, can detect unknown attack-skills in manner high correct rate low incorrect ruling.
google.co.uk 参考文章(23)
Hans Ellenberger, Method and apparatus for detecting a computer virus on a computer ,(1994)
Joseph W. Wells, Authentication program for a computer operating system ,(1999)
James W. Wise, Alarm system for combined hazard detections ,(1975)
Aaron Schwartzbard, Michael Schatz, Christoph C. Michael, Anup K. Ghosh, Computer intrusion detection system and method based on application monitoring ,(2000)
Jean-Michel Yann Boulay, August T. Petrillo, Morton Gregory Swimmer, Automated sample creation of polymorphic and non-polymorphic marcro viruses ,(1998)
Jaisook Rho, Eve L. Cohen, Richard J. Feiertag, Sebastien T. Rosset, Roshan Thomas, Timothy Redmond, System, method and computer program product for secure communications using a security service provider manager ,(2000)
Binh Dou Vo, Chad E. Verbowski, Roussi A. Roussev, Aaron Roy Johnson, Yi-Min Wang, Douglas Reed Beck, Method and system for detecting infection of an operating system ,(2004)
Hitoshi Ueno, Kenichi Fukuda, Takafumi Chujo, Method and device for generating access-control lists ,(1998)
Kazuhira Tanno, System for performing remote operation between firewall-equipped networks or devices ,(1999)