A. Volynkin, V. Skormin, D. Summerville, J. Moronski
{"title":"二进制可执行恶意软件自复制运行时检测的评估","authors":"A. Volynkin, V. Skormin, D. Summerville, J. Moronski","doi":"10.1109/IAW.2006.1652094","DOIUrl":null,"url":null,"abstract":"This paper presents an overview and evaluation of a novel approach for proactive protection against both known and previously unknown self-replicating malicious software. Instead of deciphering and screening suspect code for signatures of known viruses the approach monitors the runtime behavior of binary compiled executable code by monitoring its system calls. The detection mechanism, which works from the perspective of the operating system, is based on identifying the unique self-replication behavior of executable malware via its system call sequences. Thus, the proposed approach provides a system that can detect self-replication attempts in malware without relying on the availability of a signature in a virus signature database and despite any level of encryption employed. An implementation of the proposed approach for Microsoft Windows operating system is described along with experimental results and a performance analysis","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Evaluation of Run-Time Detection of Self-Replication in Binary Executable Malware\",\"authors\":\"A. Volynkin, V. Skormin, D. Summerville, J. Moronski\",\"doi\":\"10.1109/IAW.2006.1652094\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper presents an overview and evaluation of a novel approach for proactive protection against both known and previously unknown self-replicating malicious software. Instead of deciphering and screening suspect code for signatures of known viruses the approach monitors the runtime behavior of binary compiled executable code by monitoring its system calls. The detection mechanism, which works from the perspective of the operating system, is based on identifying the unique self-replication behavior of executable malware via its system call sequences. Thus, the proposed approach provides a system that can detect self-replication attempts in malware without relying on the availability of a signature in a virus signature database and despite any level of encryption employed. An implementation of the proposed approach for Microsoft Windows operating system is described along with experimental results and a performance analysis\",\"PeriodicalId\":326306,\"journal\":{\"name\":\"2006 IEEE Information Assurance Workshop\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-06-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 IEEE Information Assurance Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAW.2006.1652094\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 IEEE Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2006.1652094","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Evaluation of Run-Time Detection of Self-Replication in Binary Executable Malware
This paper presents an overview and evaluation of a novel approach for proactive protection against both known and previously unknown self-replicating malicious software. Instead of deciphering and screening suspect code for signatures of known viruses the approach monitors the runtime behavior of binary compiled executable code by monitoring its system calls. The detection mechanism, which works from the perspective of the operating system, is based on identifying the unique self-replication behavior of executable malware via its system call sequences. Thus, the proposed approach provides a system that can detect self-replication attempts in malware without relying on the availability of a signature in a virus signature database and despite any level of encryption employed. An implementation of the proposed approach for Microsoft Windows operating system is described along with experimental results and a performance analysis
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
