An Unknown Malware Detection Using Execution Registry Access

An Unknown Malware Detection Using Execution Registry Access

Traditional antivirus software is using virus definition to identify malware infection. In addition, antivirus needs to update the new virus definitions to guarantee its detection accuracy. However, due to the number of malware variants and new types of them are increase, it is very difficult to det...

Full description

Saved in:
Bibliographic Details
Published in:2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC) Vol. 2; pp. 487 - 491
Main Authors: Kono, Kento, Phomkeona, Sanouphab, Okamura, Koji
Format: Conference Proceeding
Language:English
Japanese
Published: IEEE 01-07-2018
Subjects:
Computer security
Electronic mail
Feature extraction
Malicious software
Malware
malware detection
Microsoft Windows
registry access
URSNIF
virus infection
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Traditional antivirus software is using virus definition to identify malware infection. In addition, antivirus needs to update the new virus definitions to guarantee its detection accuracy. However, due to the number of malware variants and new types of them are increase, it is very difficult to detect and respond them all. Moreover, there will be a serious incident if an unknown malware that did not correspond to the data definition had installed and expanded the infection without any notification. Therefore, in this paper we proposed a method to detect malware infection focus on registry accesses and malware execution processes based on Windows OS host pc. By using URSNIF banking spyware in experiments, we calculated its high failure rate of registry accesses as well as checked on specific access to confirmed the detection result
ISBN:1538626675
9781538626672
ISSN:0730-3157
DOI:10.1109/COMPSAC.2018.10281