Dynamic instruction sequences monitor for virus detection
暂无分享,去创建一个
In this paper, we describe a program monitor which is able to capture runtime instruction sequences of an arbitrary program. To protect user computer from potentially malicious behavior of that program, we provide a protection mechanism. We intercept certain Win32 API and divert it to a safe version of that API. We also provide a plug-in mechanism to build application based on the captured runtime instruction sequences. The first application of the monitor is a virus detection system. The virus detection plug-in utilizes a classification model to make an intelligent guess based on the information extracted from instruction sequences to decide whether the tested program is benign or malicious. Our test result shows that our dynamic instruction monitor can protect user computer from malicious behavior in general case.
[1] Galen C. Hunt,et al. Detours: binary interception of Win32 functions , 1999 .
[2] J. Ross Quinlan,et al. C4.5: Programs for Machine Learning , 1992 .
[3] Jianyong Dai,et al. Efficient Virus Detection Using Dynamic Instruction Sequences , 2009, J. Comput..