Unknown malware detection based on system calls by dynamic interception
Publish Year: 1399
نوع سند: مقاله کنفرانسی
زبان: English
View: 377
This Paper With 10 Page And PDF Format Ready To Download
- Certificate
- من نویسنده این مقاله هستم
استخراج به نرم افزارهای پژوهشی:
شناسه ملی سند علمی:
COMCONF07_247
تاریخ نمایه سازی: 22 مرداد 1399
Abstract:
In order to detect malware, it is necessary to first track the behavior of the program accurately. Software behavior tracking is based on system calls. Therefore, it is necessary to track all system calls made by malware. Basically, software behavior tracking methods are performed in two ways: tracking at the kernel level and tracking at the user level. After extracting the behavioral patterns of the malware, a database containing this information is provided and, depending on how the unknown software works, its destructive or healthy extent is measured.Be. For this purpose, it is necessary to run anonymous software and extract its behavioral pattern. To prevent operating system damage, the software runs on a secure environment such as virtual machines. The results of the simulation show the efficiency of the proposed system.
Keywords:
Authors
Hamid Tanha
Master of Information Technology Engineering
Mahdi Agha Mohammady
Department of Software Engineering,Yadegare Imam Islamic Azad University, Tehran ،Iran
Hossein Navazesh
Master of Software Engineering