Unknown malware detection based on system calls by dynamic interception

سال انتشار: 1399
نوع سند: مقاله کنفرانسی
زبان: انگلیسی
مشاهده: 486

فایل این مقاله در 10 صفحه با فرمت PDF قابل دریافت می باشد

استخراج به نرم افزارهای پژوهشی:

لینک ثابت به این مقاله:

شناسه ملی سند علمی:

COMCONF07_247

تاریخ نمایه سازی: 22 مرداد 1399

چکیده مقاله:

In order to detect malware, it is necessary to first track the behavior of the program accurately. Software behavior tracking is based on system calls. Therefore, it is necessary to track all system calls made by malware. Basically, software behavior tracking methods are performed in two ways: tracking at the kernel level and tracking at the user level. After extracting the behavioral patterns of the malware, a database containing this information is provided and, depending on how the unknown software works, its destructive or healthy extent is measured.Be. For this purpose, it is necessary to run anonymous software and extract its behavioral pattern. To prevent operating system damage, the software runs on a secure environment such as virtual machines. The results of the simulation show the efficiency of the proposed system.

نویسندگان

Hamid Tanha

Master of Information Technology Engineering

Mahdi Agha Mohammady

Department of Software Engineering,Yadegare Imam Islamic Azad University, Tehran ،Iran

Hossein Navazesh

Master of Software Engineering