Thumbnail
Access Restriction
Subscribed

Author Fukushima, Y. ♦ Sakai, A. ♦ Hori, Y. ♦ Sakurai, K.
Source IEEE Xplore Digital Library
Content type Text
Publisher Institute of Electrical and Electronics Engineers, Inc. (IEEE)
File Format PDF
Copyright Year ©2010
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Subject Keyword Computer viruses ♦ Prototypes ♦ Intrusion detection ♦ Software ♦ Malware ♦ Registers ♦ Proposals ♦ Trojan horses ♦ Grippers
Abstract The number of malware is increasing rapidly and a lot of malware use stealth techniques such as encryption to evade pattern matching detection by anti-virus software. To resolve the problem, behavior based detection method which focuses on malicious behaviors of malware have been researched. Although they can detect unknown and encrypted malware, they suffer a serious problem of false positives against benign programs. For example, creating files and executing them are common behaviors performed by malware, however, they are also likely performed by benign programs thus it causes false positives. In this paper, we propose a malware detection method based on evaluation of suspicious process behaviors on Windows OS. To avoid false positives, our proposal focuses on not only malware specific behaviors but also normal behavior that malware would usually not do. Moreover, we implement a prototype of our proposal to effectively analyze behaviors of programs. Our evaluation experiments using our malware and benign program datasets show that our malware detection rate is about 60% and it does not cause any false positives. Furthermore, we compare our proposal with completely behavior-based anti-virus software. Our results show that our proposal puts few burdens on users and reduces false positives.
Description Author affiliation: Graduate School of Information Science and Electrical Engineering, Kyushu University, 744 Motoka, Nishi-ku, Fukuoka 819-0395, Japan (Fukushima, Y.; Sakai, A.; Hori, Y.; Sakurai, K.)
ISBN 9781424489169
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research ♦ Reading
Education Level UG and PG
Learning Resource Type Article
Publisher Date 2010-10-05
Publisher Place Japan
Rights Holder Institute of Electrical and Electronics Engineers, Inc. (IEEE)
e-ISBN 9781424489152
Size (in Bytes) 1.12 MB
Page Count 6
Starting Page 79
Ending Page 84


Source: IEEE Xplore Digital Library