Title :
Behavior-Based Proactive Detection of Unknown Malicious Codes
Author :
Ding, Jianguo ; Jin, Jian ; Bouvry, Pascal ; Hu, Yongtao ; Guan, Haibing
Abstract :
With the rising popularity of the Internet, the resulting increase in the number of available vulnerable machines, and the elevated sophistication of the malicious code itself, the detection and prevention of unknown malicious codes meet great challenges. Traditional anti-virus scanner employs static features to detect malicious executable codes and is hard to detect the unknown malicious codes effectively. We propose behavior-based dynamic heuristic analysis approach for proactive detection of unknown malicious codes. The behavior of malicious codes is identified by system calling through virtual emulation and the changes in system resources. A statistical detection model and mixture of expert (MoE) model are designed to analyze the behavior of malicious codes. The experiment results demonstrate the behavior-based proactive detection is efficient in detecting unknown malicious executable codes.
Keywords :
invasive software; statistical analysis; Internet; antivirus scanner; behavior-based dynamic heuristic analysis; behavior-based proactive detection; mixture-of-expert model; statistical detection model; unknown malicious executable codes; virtual emulation; Communications technology; Computer vision; Data security; Databases; Information science; Information security; Internet; Monitoring; Protection; Software engineering;
Conference_Titel :
Internet Monitoring and Protection, 2009. ICIMP '09. Fourth International Conference on
Conference_Location :
Venice/Mestre
Print_ISBN :
978-1-4244-3839-6
Electronic_ISBN :
978-0-7695-3612-5
DOI :
10.1109/ICIMP.2009.20
