Dynamic instruction sequences monitor for virus detection

Authors:
Jianyong Dai;Ratan Guha;Joohan Lee
Affiliations:
University of Central Florida, Orlando, Florida;University of Central Florida, Orlando, Florida;University of Central Florida, Orlando, Florida
Venue:
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Year:
2008

Citing 2
Cited 0

C4.5: programs for machine learning

C4.5: programs for machine learning
Detours: binary interception of Win32 functions

WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we describe a program monitor which is able to capture runtime instruction sequences of an arbitrary program. To protect user computer from potentially malicious behavior of that program, we provide a protection mechanism. We intercept certain Win32 API and divert it to a safe version of that API. We also provide a plug-in mechanism to build application based on the captured runtime instruction sequences. The first application of the monitor is a virus detection system. The virus detection plug-in utilizes a classification model to make an intelligent guess based on the information extracted from instruction sequences to decide whether the tested program is benign or malicious. Our test result shows that our dynamic instruction monitor can protect user computer from malicious behavior in general case.