Virus Detection Method based on Behavior Resource Tree
نویسندگان
چکیده
Due to the disadvantages of signature-based computer virus detection techniques, behavior-based detection methods have developed rapidly in recent years. However, current popular behavior-based detection methods only take API call sequences as program behavior features and the difference between API calls in the detection is not taken into consideration. This paper divides virus behaviors into separate function modules by introducing DLLs into detection. APIs in different modules have different importance. DLLs and APIs are both considered program calling resources. Based on the calling relationships between DLLs and APIs, program calling resources can be pictured as a tree named program behavior resource tree. Important block structures are selected from the tree as program behavior features. Finally, a virus detection model based on behavior the resource tree is proposed and verified by experiment which provides a helpful reference to virus detection. Keywords—Computer Virus, Behavior-Based Detection, Dynamic Link Library, Behavior Resource Tree
منابع مشابه
Combining Multiple Host-Based Detectors Using Decision Tree
As the information technology grows interests in the intrusion detection system (IDS), which detects unauthorized usage, misuse by a local user and modification of important data, have been raised. In the field of anomaly-based IDS several artificial intelligence techniques are used to model normal behavior. However, there is no perfect detection method so that most of IDSs can detect the limit...
متن کاملPlagiarism checker for Persian (PCP) texts using hash-based tree representative fingerprinting
With due respect to the authors’ rights, plagiarism detection, is one of the critical problems in the field of text-mining that many researchers are interested in. This issue is considered as a serious one in high academic institutions. There exist language-free tools which do not yield any reliable results since the special features of every language are ignored in them. Considering the paucit...
متن کاملDetection of the Chinese Genotype of Infectious Bronchitis Virus (QX-type) in Iran
Case Report: Recently a 20-day-old layer flock with mortality has been submitted to the PCR Lab. Infectious Bronchitis Virus (IBV) has been detected in the clinical samples. Results: A phylogenetic tree based on a partial S1 gene sequence showed Iranian IBV variant located in LX4-type cluster. This cluster include all QXIBV-type detected in China and European countries. The highest sequence hom...
متن کاملLoop-Mediated Isothermal Amplification (LAMP) for the Rapid Diagnosis of Herpes Simplex Virus Type 1 (HSV-1)
Background and Aims: considering difficulties in usual laboratory methods in detection of viral infections, improved DNA-based diagnostic techniques are more reliable. Loop mediated isothermal amplification method (LAMP) is a nucleic acid amplification method that amplifies DNA using six primers which has been developed to diagnose viruses as a rapid and high efficiency test. In this study, the...
متن کاملUsing Boehmite Nanoparticles as an Undercoat, and Riboflavin as a Redox Probe for Immunosensor Designing: Ultrasensitive Detection of Hepatitis C Virus Core Antigen
In this study a label-free electrochemical Immunosensor for ultrasensitive detection of Hepatitis C virus core antigen in serum samples was fabricated by using a simple approach. In this method a low-cost and sensitive immunosensor was fabricated based on a boehmite nanoparticles (BNPs) modified glassy carbon. The BNPs provide a specific platform with increased surface area which is capable of ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- JIPS
دوره 7 شماره
صفحات -
تاریخ انتشار 2011