Abstract
We give an overview of the tools to detect computer viruses without relying on “pattern files” that contain “signatures” of previously captured viruses. The system combines static code analysis with code simulation to identify malicious behaviors commonly found in computer viruses such as mass mailing, file infection, and registry overwrite. These prohibited behaviors are defined separately as security policies at the level of API library function calls in a state-transition like manner. The current tools target at Win32 binary viruses on Intel IA32 architectures and early experiments show that they can detect most email viruses that had spread in the wild in recent years.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ferrie, P., Ször, P.: Zmist Opportunities. Virus Bulletin (2001)
Bochs: The Open Source IA-32 Emulation Project, found at: http://bochs.sourceforge.net/
Richter, J.: Programming Applications for Microsoft Windows. Microsoft Press, Redmond (1999)
Solomon, D.A., Russinovich, M.E.: Inside Microsof Windows 2000, 3rd edn. Microsoft Press, Redmond (2000)
Futatsugi, K., Diaconescu, R.: CafeOBJ Report: The Language, Proof Techniques, and Methodologies for Object-Oriented Algebraic Specification. World Scientific, AMAST Series in Computing, vol. 6 (1998)
A Mail Virus Scanner, available at: http://www.amavis.org/
Shibayama, E., Hagihara, S., Kobayashi, N., Nishizaki, S., Taura, K., Watanabe, T.: AnZenMail: A Secure and Certified E-Mail System. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 201–216. Springer, Heidelberg (2003)
Christodorescu, M., Jha, S.: Static Analysis of Executables to Detect Malicious Patterns. In: Proc. of the 12th USENIX Security Symposium (Security 2003) (2003)
United States Patent 6,357,008, Dynamic heuristic method for detecting computer viruses using decryption exploration and evaluation phases
United States Patent 5,696,822, Polymorphic virus detection module
Norman SandBox Whitepaper (2003), found at: http://www.norman.com
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mori, A. (2004). Detecting Unknown Computer Viruses – A New Approach –. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds) Software Security - Theories and Systems. ISSS 2003. Lecture Notes in Computer Science, vol 3233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-37621-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-37621-7_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23635-1
Online ISBN: 978-3-540-37621-7
eBook Packages: Springer Book Archive