DocumentCode
2234855
Title
Evaluation of Run-Time Detection of Self-Replication in Binary Executable Malware
Author
Volynkin, A. ; Skormin, V.A. ; Summerville, D.H. ; Moronski, J.
fYear
2006
fDate
21-23 June 2006
Firstpage
184
Lastpage
191
Abstract
This paper presents an overview and evaluation of a novel approach for proactive protection against both known and previously unknown self-replicating malicious software. Instead of deciphering and screening suspect code for signatures of known viruses the approach monitors the runtime behavior of binary compiled executable code by monitoring its system calls. The detection mechanism, which works from the perspective of the operating system, is based on identifying the unique self-replication behavior of executable malware via its system call sequences. Thus, the proposed approach provides a system that can detect self-replication attempts in malware without relying on the availability of a signature in a virus signature database and despite any level of encryption employed. An implementation of the proposed approach for Microsoft Windows operating system is described along with experimental results and a performance analysis
Keywords
replicated databases; security of data; Microsoft Windows operating system; binary compiled executable code; binary executable Malware; detection mechanism; proactive protection; self-replicating malicious software; self-replication run-time detection; virus signature database; Computer viruses; Computer worms; Cryptography; Engines; Monitoring; Operating systems; Packaging; Protection; Runtime; Viruses (medical);
fLanguage
English
Publisher
ieee
Conference_Titel
Information Assurance Workshop, 2006 IEEE
Conference_Location
West Point, NY
Print_ISBN
1-4244-0130-5
Type
conf
DOI
10.1109/IAW.2006.1652094
Filename
1652094
Link To Document