Title :
Detection of Unknown Malicious Codes Based on Group File Characteristics
Author :
Seo, InSeog ; Kim, InJung ; Yoon, JangHong ; Ryou, Jaecheol
Author_Institution :
Manage. Plannning Div., Nat. Security Res. Inst., Daejeon, South Korea
Abstract :
Malicious codes cause system failures by altering system files on computers or secretly placing Trojan horses within a system, which after a certain period of time steal/destroy key information on a computer or create mass packets. Such malicious codes approach computers by avoiding information protection systems (intrusion blocking/detection systems) that execute defences based on known information. Even if a vaccine program is in operation, the detection and elimination of malicious codes disguised as a patch (update file) and those not recognized by the vaccine program are impossible. Based on the fact that security programs, such as security patches, are applied to a network consisting of multiple computers and those computers on such a network have almost identical file characteristics and structures, this research presents ways to detect and prevent network data theft, computer damage and other network vulnerabilities in advance by isolating executable files infected by malicious codes based on identified group file characteristics.
Keywords :
computer network security; file organisation; invasive software; Trojan horses; group file characteristic; information protection system; intrusion blocking system; intrusion detection system; malicious code detection; network vulnerabilities; security patches; vaccine program; Computer crime; Computers; Intrusion detection; Servers; Software; Vaccines;
Conference_Titel :
Ubiquitous Information Technologies and Applications (CUTE), 2010 Proceedings of the 5th International Conference on
Conference_Location :
Sanya
Print_ISBN :
978-1-4244-8813-1
DOI :
10.1109/ICUT.2010.5677901
