Skip to main content
SpringerLink
Log in

Detecting Unknown Computer Viruses – A New Approach –

  • Conference paper
Software Security - Theories and Systems (ISSS 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3233))

Included in the following conference series:

Abstract

We give an overview of the tools to detect computer viruses without relying on “pattern files” that contain “signatures” of previously captured viruses. The system combines static code analysis with code simulation to identify malicious behaviors commonly found in computer viruses such as mass mailing, file infection, and registry overwrite. These prohibited behaviors are defined separately as security policies at the level of API library function calls in a state-transition like manner. The current tools target at Win32 binary viruses on Intel IA32 architectures and early experiments show that they can detect most email viruses that had spread in the wild in recent years.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ferrie, P., Ször, P.: Zmist Opportunities. Virus Bulletin (2001)

    Google Scholar 

  2. Bochs: The Open Source IA-32 Emulation Project, found at: http://bochs.sourceforge.net/

  3. Richter, J.: Programming Applications for Microsoft Windows. Microsoft Press, Redmond (1999)

    Google Scholar 

  4. Solomon, D.A., Russinovich, M.E.: Inside Microsof Windows 2000, 3rd edn. Microsoft Press, Redmond (2000)

    Google Scholar 

  5. Futatsugi, K., Diaconescu, R.: CafeOBJ Report: The Language, Proof Techniques, and Methodologies for Object-Oriented Algebraic Specification. World Scientific, AMAST Series in Computing, vol. 6 (1998)

    Google Scholar 

  6. A Mail Virus Scanner, available at: http://www.amavis.org/

  7. Shibayama, E., Hagihara, S., Kobayashi, N., Nishizaki, S., Taura, K., Watanabe, T.: AnZenMail: A Secure and Certified E-Mail System. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 201–216. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Christodorescu, M., Jha, S.: Static Analysis of Executables to Detect Malicious Patterns. In: Proc. of the 12th USENIX Security Symposium (Security 2003) (2003)

    Google Scholar 

  9. United States Patent 6,357,008, Dynamic heuristic method for detecting computer viruses using decryption exploration and evaluation phases

    Google Scholar 

  10. United States Patent 5,696,822, Polymorphic virus detection module

    Google Scholar 

  11. Norman SandBox Whitepaper (2003), found at: http://www.norman.com

Download references

Author information

Authors and Affiliations

  1. Japan National Institute of Advanced Industrial Science and Technology,  

    Akira Mori

Authors
  1. Akira Mori
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Japan Advanced Institute of Science and Technology, (JAIST),  

    Kokichi Futatsugi

  2. Faculty of Science and Technology, Tokyo University of Science, Yamazaki 2641, Noda, Chiba, Japan

    Fumio Mizoguchi

  3. Tokyo Institute of Technology,  

    Naoki Yonezaki

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mori, A. (2004). Detecting Unknown Computer Viruses – A New Approach –. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds) Software Security - Theories and Systems. ISSS 2003. Lecture Notes in Computer Science, vol 3233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-37621-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-37621-7_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23635-1

  • Online ISBN: 978-3-540-37621-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation