• DocumentCode
    2234855
  • Title

    Evaluation of Run-Time Detection of Self-Replication in Binary Executable Malware

  • Author

    Volynkin, A. ; Skormin, V.A. ; Summerville, D.H. ; Moronski, J.

  • fYear
    2006
  • fDate
    21-23 June 2006
  • Firstpage
    184
  • Lastpage
    191
  • Abstract
    This paper presents an overview and evaluation of a novel approach for proactive protection against both known and previously unknown self-replicating malicious software. Instead of deciphering and screening suspect code for signatures of known viruses the approach monitors the runtime behavior of binary compiled executable code by monitoring its system calls. The detection mechanism, which works from the perspective of the operating system, is based on identifying the unique self-replication behavior of executable malware via its system call sequences. Thus, the proposed approach provides a system that can detect self-replication attempts in malware without relying on the availability of a signature in a virus signature database and despite any level of encryption employed. An implementation of the proposed approach for Microsoft Windows operating system is described along with experimental results and a performance analysis
  • Keywords
    replicated databases; security of data; Microsoft Windows operating system; binary compiled executable code; binary executable Malware; detection mechanism; proactive protection; self-replicating malicious software; self-replication run-time detection; virus signature database; Computer viruses; Computer worms; Cryptography; Engines; Monitoring; Operating systems; Packaging; Protection; Runtime; Viruses (medical);
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance Workshop, 2006 IEEE
  • Conference_Location
    West Point, NY
  • Print_ISBN
    1-4244-0130-5
  • Type

    conf

  • DOI
    10.1109/IAW.2006.1652094
  • Filename
    1652094