Abstract
Nowadays computer viruses become more and more difficult to be identified. Modern computer viruses use various mutation techniques such as polymorphism and metamorphism to evade detection. Previous researches in mutated computer virus detection have limitations in that: 1) most of them cannot handle advanced mutation techniques; 2) the methods based on source code analysis are less practical. 3) some methods are unable to detect computer viruses immediately. In this paper, we present a new dynamic approach to detect and analyze computer viruses based on Virtual Machine technology. We show that 1) how to generate Purpose Capturing Signatures based on the information of runtime values (execution value sequence, EVS) and control flows (execution control sequence, ECS); 2) how to detect and analyze computer viruses using the purpose-capturing signatures. To our best knowledge, it is the first method to perform computer virus detection and analysis using the EVS and ECS. Our experimental evaluation demonstrates that this approach is able to use one signature to detect all mutations of the corresponding virus efficiently.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
