The number of new malware samples and their complexity is increasing rapidly because of which protecting the system with signature based detection has become increasingly challenging task. In this work we present a novel behaviour-based malware detection expert system named tarantula which makes use of suspicious behaviour rules to detect malicious activity on the system. In our research, we observed that malware targets critical system resources such as system files and registry of operating system in order to execute; shield itself and propagate to other hosts. We identified the critical system resources such as system files and registry in Microsoft Windows and evolved suspicious behaviour rules at a granular level. These behavioural rules are enforced using monitoring and enforcement layer. Through extensive experimentation and testing, we conclude that tool has high detection rate and very less overhead and false positives. The implementation details of prototype (Tarantula) developed for Microsoft Windows XP and Vista operating systems are also provided.
Weitere Kapitel dieses Buchs durch Wischen aufrufen
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
- Behavioral Malware Detection Expert System – Tarantula
P. R. L. Eswari
- Springer Berlin Heidelberg
Neuer Inhalt/© ITandMEDIA