Unknown malware detection based on system calls by dynamic interception

In order to detect malware, it is necessary to first track the behavior of the program accurately. Software behavior tracking is based on system calls. Therefore, it is necessary to track all system calls made by malware. Basically, software behavior tracking methods are performed in two ways: tracking at the kernel level and tracking at the user level. After extracting the behavioral patterns of the malware, a database containing this information is provided and, depending on how the unknown software works, its destructive or healthy extent is measured.Be. For this purpose, it is necessary to run anonymous software and extract its behavioral pattern. To prevent operating system damage, the software runs on a secure environment such as virtual machines. The results of the simulation show the efficiency of the proposed system.