Untitled Document
   
You are from : ( )  
     
Untitled Document
Untitled Document
 

International Journal of Information Technology & Computer Science ( IJITCS )

Abstract :

Existing antivirus products (AVs) rely on detecting virus signatures which do not provide a full solution to the problems associated with these viruses. The use of logic formulae to model the behaviour of viruses is one of the most encouraging recent developments in virus research, which provides alternatives to classic virus detection methods. In this paper, an implementation of a behaviour-based virus detection will be provided. This paper explains how the formal language can be used to represent computer viruses by means of their behaviours. It also explains which tools should be used to extract system calls that represent the steps of virus behaviour at both user and kernel levels .

Keywords :

: Computer viruses; virus detection; signature-based; behaviour-based; Interval Temporal Logic

References :

  1. SZOR, P., 2005. The art of computer virus research and defense. Addison-Wesley Professional.
  2. BRITT, W., GOPALASWAMY, S., HAMILTON, J.A., DOZIER, G.V. and CHANG, K.H., 2007. Computer defense using artificial intelligence, Proceedings of the 2007 spring simulation multiconference-Volume 3 2007, Society for Computer Simulation International, pp. 378-386.
  3. HARMER, P.K., WILLIAMS, P.D., GUNSCH, G.H. and LAMONT, G.B., 2002. An artificial immune system architecture for computer security applications. Evolutionary Computation, IEEE Transactions on, 6(3), pp. 252-280.
  4. MORALES, J.A., 2008. A behavior based approach to virus detection, Florida International University.
  5. FILIOL, E., 2005. Computer viruses: from theory to applications. Springer Paris etc.
  6. Cau, A., Moszkowski, B. and Zedan, H. “Interval Temporal Logic,” Software Technology Research Laboratory, De Montfort University, 2007. http://www.cse.dmu.ac.uk/STRL/ITL.
  7. MARHUSIN, M.F., LARKIN, H., LOKAN, C. and CORNFORTH, D., 2008. An evaluation of api calls hooking performance, Computational Intelligence and Security, 2008. CIS'08. International Conference on 2008, IEEE, pp. 315-319.
  8. NEKTRA,   2007-last           update, Deviare             API      Hook    [Homepage        of http://www.nektra.com/products/deviare], [Online] [1/10/2015].
  9. CreateFile function (Windows), 2013-last update. Available: http://msdn.microsoft.com/enus/library/windows/desktop/aa363858(v=vs.85).aspx [6/21/2012]

Untitled Document
     
Untitled Document
   
  Copyright © 2013 IJITCS.  All rights reserved. IISRC® is a registered trademark of IJITCS Properties.