International Journal of Information Technology & Computer Science ( IJITCS )
Existing antivirus products (AVs) rely on detecting virus signatures which do not provide a full solution to the problems associated with these viruses. The use of logic formulae to model the behaviour of viruses is one of the most encouraging recent developments in virus research, which provides alternatives to classic virus detection methods. In this paper, an implementation of a behaviour-based virus detection will be provided. This paper explains how the formal language can be used to represent computer viruses by means of their behaviours. It also explains which tools should be used to extract system calls that represent the steps of virus behaviour at both user and kernel levels .
: Computer viruses; virus detection; signature-based; behaviour-based; Interval Temporal Logic
- SZOR, P., 2005. The art of computer virus research and defense. Addison-Wesley Professional.
- BRITT, W., GOPALASWAMY, S., HAMILTON, J.A., DOZIER, G.V. and CHANG, K.H., 2007. Computer defense using artificial intelligence, Proceedings of the 2007 spring simulation multiconference-Volume 3 2007, Society for Computer Simulation International, pp. 378-386.
- HARMER, P.K., WILLIAMS, P.D., GUNSCH, G.H. and LAMONT, G.B., 2002. An artificial immune system architecture for computer security applications. Evolutionary Computation, IEEE Transactions on, 6(3), pp. 252-280.
- MORALES, J.A., 2008. A behavior based approach to virus detection, Florida International University.
- FILIOL, E., 2005. Computer viruses: from theory to applications. Springer Paris etc.
- Cau, A., Moszkowski, B. and Zedan, H. “Interval Temporal Logic,” Software Technology Research Laboratory, De Montfort University, 2007. http://www.cse.dmu.ac.uk/STRL/ITL.
- MARHUSIN, M.F., LARKIN, H., LOKAN, C. and CORNFORTH, D., 2008. An evaluation of api calls hooking performance, Computational Intelligence and Security, 2008. CIS'08. International Conference on 2008, IEEE, pp. 315-319.
- NEKTRA, 2007-last update, Deviare API Hook [Homepage of http://www.nektra.com/products/deviare], [Online] [1/10/2015].
- CreateFile function (Windows), 2013-last update. Available: http://msdn.microsoft.com/enus/library/windows/desktop/aa363858(v=vs.85).aspx [6/21/2012]