On the implications of computer viruses and methods of defense
Computers and Security
Models of practical defenses against computer viruses
Computers and Security
Communications of the ACM
Windows NT/2000 Native API Reference
Windows NT/2000 Native API Reference
The Giant Black Book of Computer Viruses
The Giant Black Book of Computer Viruses
Considering Both Intra-Pattern and Inter-Pattern Anomalies for Intrusion Detection
ICDM '02 Proceedings of the 2002 IEEE International Conference on Data Mining
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer)
A study in using neural networks for anomaly and misuse detection
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Intrusion detection using sequences of system calls
Journal of Computer Security
| Hi-index | 0.00 |
This paper describes a novel approach for preventative protection from both known and previously unknown malicious software. It does not rely on screening the code for signatures of known viruses, but instead it detects attempts by the executable code in question to self-replicate during run time. Self-replication is the common feature of most malicious codes, allowing them to maximize their impact. This approach is an extension of the earlier developed method for detecting previously unknown viruses in script based computer codes. The paper presents a software tool implementing this technique for behavior-based run-time detection and suspension of self-replicating functionality in executable codes for Microsoft Windows operating systems.