Title

Dynamic Instruction Sequences Monitor For Virus Detection

Abstract

In this paper, we describe a program monitor which is able to capture runtime instruction sequences of an arbitrary program. To protect user computer from potentially malicious behavior of that program, we provide a protection mechanism. We intercept certain Win32 API and divert it to a safe version of that API. We also provide a plug-in mechanism to build application based on the captured runtime instruction sequences. The first application of the monitor is a virus detection system. The virus detection plug-in utilizes a classification model to make an intelligent guess based on the information extracted from instruction sequences to decide whether the tested program is benign or malicious. Our test result shows that our dynamic instruction monitor can protect user computer from malicious behavior in general case. Copyright © 2008 ACM.

Publication Date

12-1-2008

Publication Title

CSIIRW'08 - 4th Annual Cyber Security and Information Intelligence Research Workshop: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead

Number of Pages

-

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1145/1413140.1413161

Socpus ID

62849089282 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/62849089282

This document is currently not available here.

Share

COinS