MAPMon: A Host-Based Malware Detection Tool

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Shih-Yao Dai Articles by Sy-Yen Kuo

13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)

Melbourne, Victoria, Australia

December 17-December 19

ISBN: 0-7695-3054-0

	ASCII Text	x
	Shih-Yao Dai, Sy-Yen Kuo, "MAPMon: A Host-Based Malware Detection Tool," Pacific Rim International Symposium on Dependable Computing, IEEE, pp. 349-356, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), 2007.

	BibTex	x
	@article{ 10.1109/PRDC.2007.23, author = {Shih-Yao Dai and Sy-Yen Kuo}, title = {MAPMon: A Host-Based Malware Detection Tool}, journal ={Pacific Rim International Symposium on Dependable Computing, IEEE}, volume = {0}, year = {2007}, isbn = {0-7695-3054-0}, pages = {349-356}, doi = {http://doi.ieeecomputersociety.org/10.1109/PRDC.2007.23}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Pacific Rim International Symposium on Dependable Computing, IEEE TI - MAPMon: A Host-Based Malware Detection Tool SN - 0-7695-3054-0 SP349 EP356 A1 - Shih-Yao Dai, A1 - Sy-Yen Kuo, PY - 2007 VL - 0 JA - Pacific Rim International Symposium on Dependable Computing, IEEE ER -

Shih-Yao Dai

Sy-Yen Kuo

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/PRDC.2007.23

In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as Malware Attacking Points ( MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of Malware Attacking Points. This paper describes the design and implementation tradeoff of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures. Keywords: Auto-Start Extensibility Point, Malicious Software, Malware Attacking Points, Backdoor, Honeypot.

Citation:

Shih-Yao Dai, Sy-Yen Kuo, "MAPMon: A Host-Based Malware Detection Tool," prdc, pp.349-356, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.