Abstract
This paper describes a novel approach for preventative protection from both known and previously unknown malicious executable codes. It does not rely on screening the code for signatures of known viruses, but instead it detects attempts of the executable code in question to self-replicate during run time. Self-replication is the common feather of most malicious codes, allowing them to maximize their impact. This approach is an extension of the earlier developed method for detecting previously unknown viruses in script based computer codes. The paper presents a software tool implementing this technique for behavior-based run-time detection and suspension of self-replicating functionality in executable codes for Microsoft Windows operating systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Skormin, V., et al.: BASIS: A Biological Approach to System Information Security. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 127–142. Springer, Heidelberg (2001)
Tarakanov, A., Skormin, V., Sokolova, S.: Immunocomputing. Theory and Applications, p. 210. Springer, NY (2003)
Skormin, V., Summerville, D., Moronski, J.: Detecting Malicious Codes by the presence of their Gene of Self-Replication. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 195–205. Springer, Heidelberg (2003)
Fu, K.S.: Syntactic Methods in Pattern Recognition. Academic Press Inc., NY (1974)
Symantec Security Response, http://securityresponse.symantec.com/avcenter/venc/data/w32.chiton.gen.html
Ludwig, M.A.: The Giant Black Book of Computer Viruses, 2nd edn. American Eagle Publications (1998)
Russinovich, M.E., Solomon, D.A.: Microsoft Windows Internals. 4th edn., Microsoft Windows Server 2003, Windows XP, and Windows 2000. Microsoft Press (2005)
Nebbett, G.: Windows NT/2000 Native API Reference. Macmillan Technical Publishing, IN (2000)
Poor, H.V.: An Introduction to Signal Detection and Estimation, 2nd edn. Springer, Heidelberg (1994)
Skormin, V., Summerville, D., Moronski, J., McGee, D.: Biological Approach to System Information Security (BASIS): A Multi-Agent Approach to Information Security. In: Mařík, V., Müller, J.P., Pěchouček, M. (eds.) CEEMAS 2003. LNCS, vol. 2691. Springer, Heidelberg (2003)
Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A Taxonomy of Computer Worms. In: Proc. ACM CCS Workshop on Rapid Malcode (October 2003)
Kienzle, D., Elder, M.: Recent Worms: A Survey and Trends. In: Proc. ACM Workshop on Rapid Malcode (October 2003)
Aho, A.V., Sethi, R., Ullman, J.D.: Compilers: Principles, Techniques, and Tools. Addison-Wesley, Reading (1986)
Grune, D., Jacobs, J.H.: Parsing Techniques: A Practical Guide. Ellis Horwood (1990)
Whalley, I., Arnold, B., Chess, D., Morar, J., Segal, A., Swimmer, M.: An Environment for Controlled Worm Replication and Analysis. IBM TJ Watson Research Center (September 2000)
Weaver, N., Paxton, V.: A worst case worm. In: 3rd Annual Workshop on Economics and Information Security (WEIS 2004), University of Minnesota, Digital Technology Center, May 13–14 (2004)
Schechter, S.E., Smith, M.D.: Access for Sale: A New Class of Worm. In: The ACM CCS Workshop on Rapid Malcode (WORM 2003), Washington, DC (October 2003)
Ellis, D.: Worm anatomy and model. In: Proc. ACM CCS Workshop on Rapid Malcode (October 2003)
Arnold, W., Tesauro, G.: Automatically Generated Win32 Heuristic Virus Detection. In: Virus Bulletin Conference (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Summerville, D., Skormin, V., Volynkin, A., Moronski, J. (2005). Prevention of Information Attacks by Run-Time Detection of Self-replication in Computer Codes. In: Gorodetsky, V., Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2005. Lecture Notes in Computer Science, vol 3685. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560326_5
Download citation
DOI: https://doi.org/10.1007/11560326_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29113-8
Online ISBN: 978-3-540-31998-6
eBook Packages: Computer ScienceComputer Science (R0)