MAPMon:一个基于主机的恶意软件检测工具

13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007) Pub Date : 2007-12-17 DOI:10.1109/PRDC.2007.23

Shih-Yao Dai, S. Kuo

{"title":"MAPMon:一个基于主机的恶意软件检测工具","authors":"Shih-Yao Dai, S. Kuo","doi":"10.1109/PRDC.2007.23","DOIUrl":null,"url":null,"abstract":"In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as malware attacking points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of malware attacking points. This paper describes the design and implementation tradeoff of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.","PeriodicalId":183540,"journal":{"name":"13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)","volume":"29 6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"31","resultStr":"{\"title\":\"MAPMon: A Host-Based Malware Detection Tool\",\"authors\":\"Shih-Yao Dai, S. Kuo\",\"doi\":\"10.1109/PRDC.2007.23\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as malware attacking points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of malware attacking points. This paper describes the design and implementation tradeoff of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.\",\"PeriodicalId\":183540,\"journal\":{\"name\":\"13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)\",\"volume\":\"29 6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-12-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"31\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PRDC.2007.23\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PRDC.2007.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 31

摘要

为了让诸如间谍软件、病毒和蠕虫之类的恶意软件程序在系统重新启动后存活，它们必须修改自动启动扩展点(asep)、系统调用或系统文件中的条目。我们把这些恶意程序入侵主机后可能攻击的系统资源称为恶意软件攻击点(map)。在此基础上，设计并实现了一种监测机制MAPMon，用于检测恶意软件攻击点的任何可疑变化。本文描述了MAPMon工具的设计和实现折衷。MAPMon工具用于恶意软件检测的有效性是通过使用真实的恶意软件程序来评估的，包括那些没有签名的恶意软件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

MAPMon: A Host-Based Malware Detection Tool

In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as malware attacking points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of malware attacking points. This paper describes the design and implementation tradeoff of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)

自引率

0.00%

发文量

期刊最新文献

Assessment of Message Missing Failures in FlexRay-Based Networks Implementation of Highly Available OSPF Router on ATCA Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks A Measurement Tool of End-User Computing Capability in Competency Perspective Regression Testing Based on UML Design Models