April 13, 2008 to April 18, 2008
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICONS.2008.37
Newly released computer viruses are spreading faster than ever before and current signature based detection do not protect against these unknown viruses.??This paper presents a characterization of virus replication. Two detection models are developed, one using operation sequence matching and the other using frequency measures. The research shows virus replication can be characterized and used to detect known and unknown viruses with minimal false negatives. In our testing using operation sequence matching, over 250 viruses were detected with 43 subsequences. Detection of 130 viruses, 45% of all tested viruses, occured with the replication sequence of just one virus. Our testing using frequency measures detected all test viruses with no false negatives.
virus detection, behavior based self reference, replication security
Jose Andre Morales, Peter J. Clarke, Yi Deng, "Characterizing and Detecting Virus Replication", ICONS, 2008, 2008 3rd International Conference on Systems (ICONS '08), 2008 3rd International Conference on Systems (ICONS '08) 2008, pp. 214-219, doi:10.1109/ICONS.2008.37