Authors: Sulaiman Al Amro, Ali Alkhalifah

Abstract:

The growing number of computer viruses and the detection of zero day malware have been the concern for security researchers for a large period of time. Existing antivirus products (AVs) rely on detecting virus signatures which do not provide a full solution to the problems associated with these viruses. The use of logic formulae to model the behaviour of viruses is one of the most encouraging recent developments in virus research, which provides alternatives to classic virus detection methods. In this paper, we proposed a comparative study about different virus detection techniques. This paper provides the advantages and drawbacks of different detection techniques. Different techniques will be used in this paper to provide a discussion about what technique is more effective to detect computer viruses.

Keywords: Computer viruses, virus detection, signature-based, behaviour-based, heuristic-based.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1108735

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4542

References:

[1] Szor, P., 2005. The art of computer virus research and defense. Addison- Wesley Professional.
[2] Britt, W., Gopalaswamy, S., Hamilton, J. A., Dozier, G. V. and Chang, K. H., 2007. Computer defense using artificial intelligence, Proceedings of the 2007 spring simulation multiconference-Volume 3 2007, Society for Computer Simulation International, pp. 378-386.
[3] Harmer, P. K., Williams, P. D., Gunsch, G. H. and Lamont, G. B., 2002. An artificial immune system architecture for computer security applications. Evolutionary Computation, IEEE Transactions on, 6(3), pp. 252-280.
[4] Filiol, E., 2005. Computer viruses: from theory to applications. Springer Paris etc.
[5] Davis, M., Bodmer, S. and Lemasters, A., 2010. Hacking Exposed Malware and Rootkits. McGraw-Hill, Inc.
[6] Kaspersky, E., 2006-last update, Problems for AV vendors: Some thoughts (Homepage of Kaspersky Lab, Russia), (Online). Available: http://www.virusbtn.com/virusbulletin/archive/2006/04/vb200604- comment.dkb?mobile_on=yes (01/31, 2014).
[7] Evers, J., January 19, 2006, 2006-last update, Computer crimes cost 67 billion, FBI says (Homepage of Cnet), (Online). Available: http://news.cnet.com/2100-7349_3-6028946.html (01/31, 2014).
[8] Siddiqui, M. A., 2008. Data mining methods for malware detection. ProQuest.
[9] Cohen, F. B. and Cohen, D. F., 1994. A short course on computer viruses. John Wiley & Sons, Inc.
[10] Skoudis, E. and Zeltser, L., 2004. Malware: Fighting malicious code. Prentice Hall PTR.
[11] Cohen, F., 1987. Computer viruses: theory and experiments. Computers & Security, 6(1), pp. 22-35.
[12] Adleman, L., 1990. An abstract theory of computer viruses, Advances in Cryptology—CRYPTO’88 1990, Springer, pp. 354-374.
[13] Morales, J.A., 2008. A behavior based approach to virus detection, Florida International University.
[14] Rabah, K., 2005. Secure implementation of message digest, authentication and digital signature. Information Technology Journal, 4(3), pp. 204-221.
[15] Yoo, I. S. and Ultes-Nitsche, U., 2006. Non-signature based virus detection. Journal in Computer Virology, 2(3), pp. 163-186.
[16] Livingston, B., 23/02/2006, 2006-last update, How Long Must You Wait for an Anti-Virus Fix? - eSecurity Planet. Available: http://www.esecurityplanet.com/views/article.php/3316511/How-Long- Must-You-Wait-for-an-AntiVirus-Fix.htm (2/2/2013).
[17] Christodorescu, M., Jha, S., Maughan, D., Song, D. and Wang, C., 2006. Malware Detection. Springer.
[18] Conry-Murray, A., 2002. Behavior-blocking stops unknown malicious code. Network Magazine.
[19] Messmer, E., 01/28/02, 2002-last update, Behavior blocking repels new viruses (Homepage of Network World Fusion), (Online). Available: http://www.networkworld.com/news/2002/0128antivirus.html (02/02/2011).
[20] Morales, J. A., Clarke, P. J. and Deng, Y., 2010. Identification of file infecting viruses through detection of self-reference replication. Journal in computer virology, 6(2), pp. 161-180.
[21] Ellis, D. R., Aiken, J. G., Attwood, K. S. and Tenaglia, S. D., 2004. A behavioral approach to worm detection, Proceedings of the 2004 ACM workshop on Rapid malcode 2004, ACM, pp. 43-53.
[22] S. Al Amro, A. Cau, “Behaviour-based virus detection system using Interval Temporal Logic,” Proceedings of the 6th IEEE International Conference on Risks and Security of Internet and Systems, pp.1-6, Sept. 2011.
[23] Chiang, H. and Tsaur, W., 2010. Mobile Malware Behavioral Analysis and Preventive Strategy Using Ontology, Social Computing (SocialCom), 2010 IEEE Second International Conference on 2010, IEEE, pp. 1080-1085.
[24] Idika, N. and Mathur, A.P., 2007. A survey of malware detection techniques. Purdue University, pp. 48.
[25] Zhang, Q., 2008. Polymorphic and metamorphic malware detection. ProQuest..
[26] Skormin, V.A., 2010. Server Level Analysis of Network Operation Utilizing System Call Data. Binghamton Univ New York Dept of Electrical and Computer Engineering. Blade API Monitor. http://www.bladeapimonitor.com/, 2011.
[27] BOS, H., 2013-last update, D16 (D4. 2) Analysis Report of Behavioral Features (Homepage of Wombat), (Online). Available: http://www.wombat-project.eu/WP4/FP7-ICT-216026- Wombat_WP4_D16_V01_Analysis-Report-of-Behavioral-features.pdf (12/20/2012).
[28] Moskovitch, R., elovici, Y. and Rokach, L., 2008. Detection of unknown computer worms based on behavioral classification of the host. Computational Statistics & Data Analysis, 52(9), pp. 4544-4566.
[29] Altaher, A., Ramadass, S. and Ali, A., 2011. Computer virus detection using features ranking and machine learning. Australian Journal of Basic and Applied Sciences, 5(9), pp. 1482-1486.
[30] Alazab, M., Venkataraman, S. and Watters, P., 2010. Towards Understanding Malware Behaviour by the Extraction of API Calls, Second Cybercrime and Trustworthy Computing Workshop 2010, pp. 52-59.
[31] Skormin, V., Volynkin, A., Summerville, D. and Moronski, J., 2007. Prevention of information attacks by run-time detection of selfreplication in computer codes. Journal of Computer Security, 15(2), pp. 273-302.
[32] Veeramani, R. and Rai, N., 2012. Windows API based Malware Detection and Framework Analysis. International Journal of Scientific & Engineering Research (IJSER), 3(3).
[33] Ravi, C. and Manoharan, R., 2012. Malware Detection using Windows API Sequence and Machine Learning. International Journal of Computer Applications, 43(17), pp. 12-16.
[34] Seifert, C., Steenson, R., Welch, I., Komisarczuk, P. and Endicott- Popovsky, B., 2007. Capture–A behavioral analysis tool for applications and documents. Digital investigation, 4, pp. 23-30.
[35] Russinovich, M., 2011-last update, Inside the Native API (Homepage of Sysinternals), (Online). Available: http://www.sysinternals.com/Information/NativeApi.html (1/22/2014).
[36] Rescue, D., 2006. IDA Pro Disassembler. 2006-10-20. http://www.datarescue.com/idabase.
[37] Zwanger, V. and Freiling, F.C., 2013. Kernel mode API spectroscopy for incident response and digital forensics, Proceedings of the 2nd ACM SIGPLAN Program, Protection and Reverse Engineering Workshop 2013, ACM, pp. 3.
[38] Bayer, U., Moser, A., Kruegel, C. and Kirda, E., 2006. Dynamic analysis of malicious code. Journal in Computer Virology, 2(1), pp. 67-77.
[39] Jacob, G., Debar, H. and Filiol, E., 2008. Behavioral detection of malware: from a survey towards an established taxonomy. Journal in Computer Virology, 4(3), pp. 251-266.