Prevention of information attacks by run-time detection of self-replication in computer codes

Authors:
Douglas Summerville;Victor Skormin;Alexander Volynkin;James Moronski
Affiliations:
Binghamton University, Binghamton, NY;Binghamton University, Binghamton, NY;Binghamton University, Binghamton, NY;Binghamton University, Binghamton, NY
Venue:
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Year:
2005

Citing 13
Cited 1

Compilers: principles, techniques, and tools

Compilers: principles, techniques, and tools
Parsing techniques: a practical guide

Parsing techniques: a practical guide
An introduction to signal detection and estimation (2nd ed.)

An introduction to signal detection and estimation (2nd ed.)
Windows NT/2000 Native API Reference

Windows NT/2000 Native API Reference
The Giant Black Book of Computer Viruses

The Giant Black Book of Computer Viruses
BASIS: A Biological Approach to System Information Security

MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
Immunocomputing: Principles and Applications

Immunocomputing: Principles and Applications
Recent worms: a survey and trends

Proceedings of the 2003 ACM workshop on Rapid malcode
A taxonomy of computer worms

Proceedings of the 2003 ACM workshop on Rapid malcode
Access for sale: a new class of worm

Proceedings of the 2003 ACM workshop on Rapid malcode
Worm anatomy and model

Proceedings of the 2003 ACM workshop on Rapid malcode
Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer)

Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer)
Biological approach to system information security (BASIS): a multi-agent approach to information security

CEEMAS'03 Proceedings of the 3rd Central and Eastern European conference on Multi-agent systems

An FSM-Based Approach for Malicious Code Detection Using the Self-Relocation Gene

ICIC '08 Proceedings of the 4th international conference on Intelligent Computing: Advanced Intelligent Computing Theories and Applications - with Aspects of Theoretical and Methodological Issues

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes a novel approach for preventative protection from both known and previously unknown malicious executable codes. It does not rely on screening the code for signatures of known viruses, but instead it detects attempts of the executable code in question to self-replicate during run time. Self-replication is the common feather of most malicious codes, allowing them to maximize their impact. This approach is an extension of the earlier developed method for detecting previously unknown viruses in script based computer codes. The paper presents a software tool implementing this technique for behavior-based run-time detection and suspension of self-replicating functionality in executable codes for Microsoft Windows operating systems.