Abstract
|
Article Information:
Efficient Malware Detection and Tracer Design for Operating System
A. Edwin Robert and M. Hemalatha
Corresponding Author: M. Hemalatha
Submitted: November 27,2012
Accepted: January 11, 2013
Published: July 25, 2013 |
Abstract:
|
Modern computer systems are built on a foundation of software components from a variety of vendors. While critical applications may undergo extensive testing and evaluation procedures, the heterogeneity of software sources threatens the integrity of the execution environment for these trusted programs. For instance, if an attacker can combine an application exploit with privilege escalation vulnerability, the Operating System (OS) can become corrupted. The importance of ensuring application integrity has been studied in prior study; proposed solutions immediately terminate the application once corruption is detected. Mandatory Access Control (MAC) in a commercial operating system to tackle malware problem is a grand challenge but also a promising approach. The firmest barriers to apply MAC to defeat malware programs are the incompatible and unusable problems in existing MAC systems. The major aim of our study is to address these issues and to analyse 2,600 malware samples and component one by one and two types of MAC enforced operating systems and then design a novel Efficient Malware Detection and Tracer design (EMDT) using Hidden Markov model, which incorporates intrusion detection and tracing in a commercial operating system which leverages efficient coding and authentication schemes with our proposed approach conceptually consists of three actions: detecting, tracing and restricting suspected intruders .The novelty of the proposed study is that it leverages light-weight intrusion detection and tracing techniques to automate security label configuration that is widely acknowledged as a tough issue when applying a MAC system in practice. The other is that, rather than restricting information flow as a traditional MAC does, it traces intruders and restricts only their critical malware behaviours, where intruders represent processes and executables that are potential agents of a remote attacker. Our prototyping and experiments on Windows operating system show that Tracer can effectively defeat all malware samples tested via blocking malware behaviours while not causing a significant compatibility problem
Key words: Detection, intrusion, malware, tracing, vulnerability, ,
|
Abstract
|
PDF
|
HTML |
|
Cite this Reference:
A. Edwin Robert and M. Hemalatha, . Efficient Malware Detection and Tracer Design for Operating System. Research Journal of Applied Sciences, Engineering and Technology, (11): 2052-2060.
|
|
|
|
|
ISSN (Online): 2040-7467
ISSN (Print): 2040-7459 |
|
Information |
|
|
|
Sales & Services |
|
|
|