Abstract
As more vulnerabilities are being discovered every year[17], malware constantly evolves forcing improvements and updates of security and malware detection mechanisms. Malware is used directly on the attacked systems, thus anti-virus solutions tend to neutralize malware by not letting it launch or even being stored in the system. However, if malware is launched it is important to stop it as soon as the maliciousness of a new process has been detected. Following the results from[8] in this paper we show, that it is possible to detect running malware before it becomes malicious. We propose a novel malware detection approach that is capable of detecting Windows malware on the earliest stage of execution. The accuracy of more than 99% has been achieved by finding distinctive low-level behavior patterns generated before malware reaches it’s entry point. We also study the ability of our approach to detect malware after it reaches it’s entry point and to distinguish between benign executables and 10 malware families.
Author supplied keywords
Cite
CITATION STYLE
Banin, S., & Dyrkolbotn, G. O. (2020). Detection of running malware before it becomes malicious. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 12231 LNCS, pp. 57–73). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-58208-1_4
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
