Le Charlier et al., 1995 - Google Patents
Dynamic detection and classification of computer viruses using general behaviour patternsLe Charlier et al., 1995
View PDF- Document ID
- 3358361703725824213
- Author
- Le Charlier B
- Mounji A
- Swimmer M
- Center V
- Publication year
- Publication venue
- International Virus Bulletin Conference
External Links
Snippet
The number of les that need processing by the virus labs is growing nearly exponentially. Even though only a small proportion of these les contain new viruses, each le requires examination. The normal method for dealing with these les in the virus labs is still brute force …
- 241000700605 Viruses 0 title abstract description 172
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/455—Emulation; Software simulation, i.e. virtualisation or emulation of application or operating system execution engines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/46—Multiprogramming arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformations of program code
- G06F8/41—Compilation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Le Charlier et al. | Dynamic detection and classification of computer viruses using general behaviour patterns | |
| Sekar et al. | On preventing intrusions by process behavior monitoring | |
| US8732824B2 (en) | Method and system for monitoring integrity of running computer system | |
| Carmony et al. | Extract Me If You Can: Abusing PDF Parsers in Malware Detectors. | |
| Chow et al. | Understanding data lifetime via whole system simulation | |
| Moser et al. | Exploring multiple execution paths for malware analysis | |
| US8924782B2 (en) | Systems, methods, and media for recovering an application from a fault or attack | |
| CN101373502B (en) | Automatic analysis system of virus behavior based on Win32 platform | |
| JP4950902B2 (en) | Pre-emptive computer malware protection with dynamic translation | |
| US7069583B2 (en) | Detection of polymorphic virus code using dataflow analysis | |
| JPH10501354A (en) | Computer virus trap device | |
| Sekar et al. | eaudit: A fast, scalable and deployable audit data collection system | |
| Duan et al. | TEEFuzzer: A fuzzing framework for trusted execution environments with heuristic seed mutation | |
| Yin et al. | Automatic malware analysis: an emulator based approach | |
| Michael et al. | Software decoys: Intrusion detection and countermeasures | |
| Peisert | A model of forensic analysis using goal-oriented logging | |
| US7350235B2 (en) | Detection of decryption to identify encrypted virus | |
| Waly et al. | A complete framework for kernel trace analysis | |
| Jacob et al. | Malware as interaction machines: a new framework for behavior modelling | |
| Kerchen et al. | Static analysis virus detection tools for unix systems | |
| Baiardi et al. | Transparent process monitoring in a virtual environment | |
| Inoue | Anomaly detection in dynamic execution environments | |
| Giffin | Model-based intrusion detection system design and evaluation | |
| Saïdi | Guarded models for intrusion detection | |
| Bruschi et al. | A tool for pro-active defense against the buffer overrun attack |