Detecting Unknown Computer Viruses - A New Approach
暂无分享,去创建一个
We give an overview of the tools to detect computer viruses without relying on “pattern files” that contain “signatures” of previously captured viruses. The system combines static code analysis with code simulation to identify malicious behaviors commonly found in computer viruses such as mass mailing, file infection, and registry overwrite. These prohibited behaviors are defined separately as security policies at the level of API library function calls in a state-transition like manner. The current tools target at Win32 binary viruses on Intel IA32 architectures and early experiments show that they can detect most email viruses that had spread in the wild in recent years.
[1] Jeffrey Richter. Programming applications for Microsoft Windows , 1999 .
[2] Razvan Diaconescu,et al. Cafeobj Report - The Language, Proof Techniques, and Methodologies for Object-Oriented Algebraic Specification , 1998, AMAST Series in Computing.
[3] Shigeki Hagihara,et al. AnZenMail: A Secure and Certified E-mail System , 2002, ISSS.
[4] Somesh Jha,et al. Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.