Abiola Abimbola
A framework to detect novel computer viruses via system calls.
Abimbola, Abiola; Munoz, Jose; Buchanan, William J
Authors
Contributors
M Merabti
Editor
R Pereira
Editor
O Abuelma'atti
Editor
Abstract
This paper describes a framework for detecting self-propagating email viruses based on deterministic system calls derived from associated email client’s dynamic link libraries (DLLs). Our research approach is based on the principle that a key objective of an email virus attack is to eventually overwhelm a mail server and clients with large volume of email traffic. A virus achieves this by propagating to other email addresses in the infected email client inbox, alongside activating its payload. In doing this, the virus executes certain malicious processes, resulting in the creation of abnormal system calls via related DLLs. Our research effort advances Stephen Forrester earlier contribution that proved normal and abnormal system calls from a email client in a Unix platform could be differentiated, by describing a framework on how to monitor and detect abnormal system calls in real-time from an email application.
Citation
Abimbola, A., Munoz, J., & Buchanan, W. J. (2006). A framework to detect novel computer viruses via system calls. In M. Merabti, R. Pereira, & O. Abuelma'atti (Eds.), 7th Annual PG Symposium on The Convergence of Telecommunications, Networking and Broadcasting (308-313)
| Conference Name | 7th Annual PG Symposium on The Convergence of Telecommunications, Networking and Broadcasting |
|---|---|
| Publication Date | 2006 |
| Deposit Date | Dec 21, 2010 |
| Publicly Available Date | Dec 21, 2010 |
| Peer Reviewed | Peer Reviewed |
| Pages | 308-313 |
| Book Title | 7th Annual PG Symposium on The Convergence of Telecommunications, Networking and Broadcasting |
| ISBN | 1-9025-6013-9 |
| Keywords | Self-propagating email viruses; determinastic system calls; dynamic link libraries; malicious processes; abnormal system calls; real-time; |
| Public URL | http://researchrepository.napier.ac.uk/id/eprint/3976 |
Files
AFrameworkToDetect.pdf
(317 Kb)
PDF
You might also like
Enhancing intrusion detection via an active target host.
(2006)
Conference Proceeding
NetHost-Sensor: Investigating the capture of end-to-end encrypted intrusive data
(2006)
Journal Article
Investigating false positive reduction in HTTP via procedure analysis.
(2006)
Conference Proceeding
NetHost-sensor: Monitoring a target host's application via system calls
(2006)
Journal Article
Analysis and detection of cruising computer viruses.
(2004)
Conference Proceeding
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search