Prevention of information attacks by run-time detection of self-replication in computer codes

J. Comput. Secur. Pub Date : 2007-04-01 DOI:10.3233/JCS-2007-15203
V. Skormin, A. Volynkin, D. Summerville, J. Moronski
{"title":"Prevention of information attacks by run-time detection of self-replication in computer codes","authors":"V. Skormin, A. Volynkin, D. Summerville, J. Moronski","doi":"10.3233/JCS-2007-15203","DOIUrl":null,"url":null,"abstract":"This paper describes a novel approach for preventative protection from both known and previously unknown malicious software. It does not rely on screening the code for signatures of known viruses, but instead it detects attempts by the executable code in question to self-replicate during run time. Self-replication is the common feature of most malicious codes, allowing them to maximize their impact. This approach is an extension of the earlier developed method for detecting previously unknown viruses in script based computer codes. The paper presents a software tool implementing this technique for behavior-based run-time detection and suspension of self-replicating functionality in executable codes for Microsoft Windows operating systems.","PeriodicalId":142580,"journal":{"name":"J. Comput. Secur.","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"J. Comput. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3233/JCS-2007-15203","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 24

Abstract

This paper describes a novel approach for preventative protection from both known and previously unknown malicious software. It does not rely on screening the code for signatures of known viruses, but instead it detects attempts by the executable code in question to self-replicate during run time. Self-replication is the common feature of most malicious codes, allowing them to maximize their impact. This approach is an extension of the earlier developed method for detecting previously unknown viruses in script based computer codes. The paper presents a software tool implementing this technique for behavior-based run-time detection and suspension of self-replicating functionality in executable codes for Microsoft Windows operating systems.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
通过运行时检测计算机代码的自我复制来防止信息攻击
本文描述了一种针对已知和未知恶意软件的预防性保护的新方法。它不依赖于筛选代码以查找已知病毒的签名,而是检测所讨论的可执行代码在运行时进行自我复制的尝试。自我复制是大多数恶意代码的共同特征,使它们能够最大限度地发挥其影响。这种方法是早期开发的方法的扩展,用于检测基于脚本的计算机代码中以前未知的病毒。本文提出了一个软件工具来实现这种技术,用于基于行为的运行时检测和暂停微软Windows操作系统可执行代码中的自复制功能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
J. Comput. Secur.
J. Comput. Secur.
自引率
0.00%
发文量
0
期刊最新文献
Data privacy in the Internet of Things based on anonymization: A review A mutation-based approach for the formal and automated analysis of security ceremonies StegEdge: Privacy protection of unknown sensitive attributes in edge intelligence via deception IsaNet: A framework for verifying secure data plane protocols A review on cloud security issues and solutions
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1