Journal article
Identification of file infecting viruses through detection of self-reference replication
Journal of computer virology and hacking techniques, v 6(2), pp 161-180
01 May 2010
Abstract
This paper presents an approach to detecting known and unknown file infecting viruses based on their attempt to replicate. The approach does not require any prior knowledge about previously discovered viruses. Detection is accomplished at runtime by monitoring currently executing processes attempting to replicate. Replication is the fundamental characteristic of a virus and is consistently present in all viruses making this approach applicable to viruses belonging to many classes and executing under several conditions. An implementation prototype of our detection approach called SRRAT is created and tested on the Microsoft Windows operating systems focusing on the tracking of user mode Win32 API system calls and Kernel mode system services.
Metrics
Details
- Title
- Identification of file infecting viruses through detection of self-reference replication
- Creators
- Jose Andre Morales - Florida International UniversityPeter J. Clarke - Florida International UniversityYi Deng - Florida International University
- Publication Details
- Journal of computer virology and hacking techniques, v 6(2), pp 161-180
- Publisher
- Springer Nature
- Number of pages
- 20
- Grant note
- 0833093 / Direct For Education and Human Resources; National Science Foundation (NSF); NSF- Directorate for Education & Human Resources (EHR) HRD-0317692 / National Science Foundation; National Science Foundation (NSF)
- Resource Type
- Journal article
- Language
- English
- Academic Unit
- College of Computing and Informatics
- Web of Science ID
- WOS:000215222300006
- Scopus ID
- 2-s2.0-77955085936
- Other Identifier
- 991021868109704721
InCites Highlights
Data related to this publication, from InCites Benchmarking & Analytics tool:
- Web of Science research areas
- Computer Science, Information Systems