Computer viruses: theory and experiments
Computers and Security
On the implications of computer viruses and methods of defense
Computers and Security
The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Applied Cryptography: Protocols, Algorithms, and Source Code in C
Applied Cryptography: Protocols, Algorithms, and Source Code in C
Venti: A New Approach to Archival Storage
FAST '02 Proceedings of the Conference on File and Storage Technologies
Malware: Fighting Malicious Code
Malware: Fighting Malicious Code
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Combinatorial group testing for corruption localizing hashing
COCOON'11 Proceedings of the 17th annual international conference on Computing and combinatorics
Data forensics constructions from cryptographic hashing and coding
IWDW'11 Proceedings of the 10th international conference on Digital-Forensics and Watermarking
Hi-index | 0.00 |
Virus detection is an important problem in the area of computer security. Modern techniques attempting to solve this problem fall into the general paradigms of signature detection and integrity checking. In this paper we focus on the latter principle, which proposes to label an executable or source file with a tag computed using a cryptographic hash function, which later allows to detect if any changes have been performed to the file. We suggest to extend this principle so that not only changes to the file are detected, but also these changes are localized within the file; this is especially useful in the virus diagnostics which can then focus on the localized area in the file rather than the entire file. This implicitly defines an apparently new problem, which we call ``virus localization''. We design techniques to solve the virus localization problem based on repeated efficient applications of cryptographic hashing to carefully chosen subsets of the set of file blocks, for each of the most important and known virus infection techniques, such as rewriting techniques, appending and prepending techniques, and insertion techniques.