For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Based on Linux Platform Information Storage and Service Monitoring Network Management System
p.2607
A Network Troubleshooting Method Based on Dempster Rule
p.2611
Safety Monitoring System Research of Network Information
p.2618
Research on Intrusion Detection Technology Based on Ad Hoc Network
p.2622
Windows Malware Detection Method Based on the Path IRP
p.2626
Monitoring Technological Analysis of Communication Network Platform
p.2630
Design and Analysis of Test Model under Heterogeneous and Internet-Ware
p.2635
Model Simulation of the Software Compatibility Testing Based on Android System
p.2640
LanguageTool Based Proofreading of Sensitive Chinese Political Information
p.2644

Windows Malware Detection Method Based on the Path IRP

Article Preview

Abstract:

Because the IRP (I/O Request Packets) sequences of programs are not identical in different environments in the same operating system, which have a certain influence on the detection results. Through a lot of experiments, we found that the IRP request sequences of programs on the same operation path are consistent. Therefore, the new malware detection method based on the path IRP sequences is proposed. Every single IRP request sequence on the same operation path is extracted, Negative Selection Algorithm (NSA) and Positive Selection Algorithm (PSA) are used for detection. Experimental results reveal that our method outperforms the method which based on IRP sequences in detection rate.

You might also be interested in these eBooks
Manufacturing Technology, Electronics, Computer and Information Technology Applications View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 687-691)

Pages:

2626-2629

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.687-691.2626

Citation:

Cite this paper

Online since:

November 2014

Authors:

Fu Yong Zhang*

Keywords:

Artificial Immune Systems, Information Security, Intrusion Detection, IRP, Malware Detection, Network

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] Li Peng, Wang Ruchan, Wu Ning. Research on Unknown Malicious Code Automatic Detection Based on Space Relevance Features. Journal of Computer Research and Development. 2012, 49(5): 949-957. (in Chinese).

Google Scholar

[2] W. Li, S. Stolfo, A. Stavrou, E. Androulaki, A. Keromytis, A study of malcode-bearing documents, Detection of Intrusions and Malware, and Vulnerability Assessment 4579 (2007) 231–250.

DOI: 10.1007/978-3-540-73614-1_14

Google Scholar

[3] Zhang Fu-yong, Qi De-yu, Hu Jing-lin. Embedded Malware Detection Based on C4. 5 Decision Tree. Journal of South China University of Technology (Natural Science Edition). 2011, 39(5): 68-72. (in Chinese).

Google Scholar

[4] M. Christodorescu, S. Jha, S. Seshia, D. Song, R. Bryant, Semantics-aware malware detection, in: IEEE Symposium on Security and Privacy, (2005).

DOI: 10.1109/sp.2005.20

Google Scholar

[5] S. Forrest, S. Hofmeyr, A. Somayaji, T. Longstaff, et al., A sense of self for Unix processes, in: IEEE Symposium on Security and Privacy, (1996).

DOI: 10.1109/secpri.1996.502675

Google Scholar

[6] G. Casas-Garriga, P. Dıaz, J. Balcazar, ISSA: an integrated system for sequence analysis, Technical Report DELIS-TR-0103, Universitat Paderborn, (2005).

Google Scholar

[7] D. Mutz, F. Valeur, C. Kruegel, G. Vigna, Anomalous system call detection, ACM Transactions on Information and System Security 9 (1) (2006) 61–93.

DOI: 10.1145/1127345.1127348

Google Scholar

[8] X. Wang, W. Yu, A. Champion, X. Fu, D. Xuan, Detecting worms via mining dynamic program execution, in: Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks and the Workshops, (2007).

DOI: 10.1109/seccom.2007.4550362

Google Scholar

[9] Y. Wang, D. Beck, B. Vo, R. Roussev, C. Verbowski, A. Johnson, Detecting stealth software with strider ghostbuster, in: Proceedings of the International Conference on Dependable Systems and Networks Table of Contents, (2005).

DOI: 10.1109/dsn.2005.39

Google Scholar

[10] Zhang Fu-yong, Qi De-yu, Hu Jing-lin. Run-Time Malware Detection Based on IRP. Journal of South China University of Technology (Natural Science Edition). 2011, 39(2): 113-117. (in Chinese).

Google Scholar

[11] Zhang Fu-yong, Qi De-yu, Hu Jing-lin. MBMAS: a system for malware behavior monitor and analysis [C]/ Proceedings of International Symposium on Computer Network and Multimedia Technology, Wuhan, 2009: 1-4.

DOI: 10.1109/cnmt.2009.5374613

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.