{"title":"MAPMon:一个基于主机的恶意软件检测工具","authors":"Shih-Yao Dai, S. Kuo","doi":"10.1109/PRDC.2007.23","DOIUrl":null,"url":null,"abstract":"In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as malware attacking points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of malware attacking points. This paper describes the design and implementation tradeoff of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.","PeriodicalId":183540,"journal":{"name":"13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)","volume":"29 6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"31","resultStr":"{\"title\":\"MAPMon: A Host-Based Malware Detection Tool\",\"authors\":\"Shih-Yao Dai, S. Kuo\",\"doi\":\"10.1109/PRDC.2007.23\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as malware attacking points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of malware attacking points. This paper describes the design and implementation tradeoff of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.\",\"PeriodicalId\":183540,\"journal\":{\"name\":\"13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)\",\"volume\":\"29 6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-12-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"31\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PRDC.2007.23\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PRDC.2007.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as malware attacking points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of malware attacking points. This paper describes the design and implementation tradeoff of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
