Document Type
Dissertation
Major/Program
Computer Science
First Advisor's Name
Dr. Yi Deng
First Advisor's Committee Title
Committee Chair
Second Advisor's Name
Dr. Peter J. Clarke
Second Advisor's Committee Title
Committee Co-Chair
Third Advisor's Name
Dr. G.M. Golam Kibria
Third Advisor's Committee Title
Committee Member
Fourth Advisor's Name
Dr. Geoffrey Smith
Fourth Advisor's Committee Title
Committee Member
Fifth Advisor's Name
Dr. Xudong He
Fifth Advisor's Committee Title
Committee Member
Keywords
computer virus behavior based self reference repli
Date of Defense
3-24-2008
Abstract
Fast spreading unknown viruses have caused major damage on computer systems upon their initial release. Current detection methods have lacked capabilities to detect unknown virus quickly enough to avoid mass spreading and damage. This dissertation has presented a behavior based approach to detecting known and unknown viruses based on their attempt to replicate. Replication is the qualifying fundamental characteristic of a virus and is consistently present in all viruses making this approach applicable to viruses belonging to many classes and executing under several conditions. A form of replication called self-reference replication, (SR-replication), has been formalized as one main type of replication which specifically replicates by modifying or creating other files on a system to include the virus itself. This replication type was used to detect viruses attempting replication by referencing themselves which is a necessary step to successfully replicate files. The approach does not require a priori knowledge about known viruses. Detection was accomplished at runtime by monitoring currently executing processes attempting to replicate. Two implementation prototypes of the detection approach called SRRAT were created and tested on the Microsoft Windows operating systems focusing on the tracking of user mode Win32 API system calls and Kernel mode system services. The research results showed SR-replication capable of distinguishing between file infecting viruses and benign processes with little or no false positives and false negatives.
Identifier
FI08081536
Recommended Citation
Morales, Jose Andre, "A Behavior Based Approach to Virus Detection" (2008). FIU Electronic Theses and Dissertations. 41.
https://digitalcommons.fiu.edu/etd/41
Rights Statement
In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).